Hello, I’m having some trouble with my UserStorageProvider and built-in keycloak caching. I can see the user being placed into cache . I can see the cached user being utilized in the IsValid() method during login. The user cache is not used on the second instantiation of the UserStorageProvider SPI when tokens are being created. I am assuming that the it is invalidated, but I can’t tell where/why. Another user, [pauloj] mentioned a solution when using a custom authenticator but I’m using the built in authenticator.
What ultimately lead me to finding what I did was printing stack traces where my SPIs getUserById was being called, so that I could see the calling chain. This let me find the role invalidation issue, and the other aspects of the user that were needed by my auth from in the TOKEN phase.
Additionally, I had upped the log level of the infinispan cache classes.
I hope these same things may help you see WHEN/IF your user is getting marked for invalidation and determine why