bug confirmation needed: IDENTITY_PROVIDER_FIRST_LOGIN event is never triggered / saved

[Zakaria A.]

Hello everyone, 

I would like to capture the IDENTITY_PROVIDER_FIRST_LOGIN event when it happens. For this purpose, I created a custom EventListenerProvider (and registered the factory as well). The event provider for now does nothing but printing the events triggered. 

for demo purposes, I configued google as idp, and tried logging in. It seems like only the REGISTER, LOGIN, and CODE_TO_TOKEN are captured by the listener. According to the keycloak codebase, the IDENTITY_PROVIDER_FIRST_LOGIN is triggered here: https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java#L760

even if this piece of code is called ( I checked by attaching the bebugger), the event it is still not sent to the Listener. I tried also storing login events, same thing. Only the REGISTER, LOGIN, and CODE_TO_TOKEN are stored in the database.

Do you confirm this is bug ? is IDENTITY_PROVIDER_FIRST_LOGIN being overridden by the LOGIN event somewehere ? 

[Zakaria A.]

Hello everyone, 

I am resurrecting this thread, since it seems like that some members of the community have also noticed that IDENTITY_PROVIDER_FIRST_LOGIN is not triggered.

It seems like the cause is simple: the event.success() is never called actually. 

This can also be tested using event auditing. 

I opened an issue with more details: https://github.com/keycloak/keycloak/issues/15098

the fix is a one liner: https://github.com/keycloak/keycloak/pull/15100

I guess it would not hurt having this event saved/triggered, unless there is some design decision behind. 

[Zakaria A.]

Hi all,

Can anybody please tell us why is IDENTITY_PROVIDER_FIRST_LOGIN should not be triggered or is it just oversight ? 

Cheers, 

Zakaria