Mr. Buch ๐Ÿ‡ฎ๐Ÿ‡ณ

@chint
1 Followers
3 Following
5 Posts
personalhttps://mrbu.ch
workhttps://binarybrew.in
gitlabhttps://gitlab.com/mr.buch
Show threadMr. Buch ๐Ÿ‡ฎ๐Ÿ‡ณ22h ago
@fubaroque thank you for the #mute
Show threadMr. Buch ๐Ÿ‡ฎ๐Ÿ‡ณ1d ago

@fubaroque Absolutely โ€” anonymity and privacy can be valid needs.

But disposable email domains are also heavily used for spam, fake signups, and automated abuse. The extension isnโ€™t making a moral judgment; it just gives admins the option to balance openness with operational reality. ๐Ÿ™‚

Mr. Buch ๐Ÿ‡ฎ๐Ÿ‡ณ1d ago

noticed a pattern in signup data โ€” users that registered and never came back. checked the emails: all throwaway domains. keycloak has no built-in setting for this, so I wrote an SPI extension.

Here's how it works:
https://mrbu.ch/articles/keycloak-block-disposable-email-extension/

#Keycloak #Java #opensource #seucrity #auth

Every Disposable Email Is A Hole In Your Funnel

Disposable emails flood your signups with accounts that never convert. A small Keycloak SPI extension that blocks them at registration โ€” no polling, no database changes, no custom themes.

Mr. Buch
Mr. Buch ๐Ÿ‡ฎ๐Ÿ‡ณ3d ago

just released v2 of the #keycloak #webhook #extension

some quality-of-life stuff:
- you can now control auto-login behavior on registration (or turn it off)
- registration errors now trigger webhooks so you don't miss failed signups
- removed unnecessary dependencies to cut down jar size
- added org membership and roles to the payload
- circuit breaker for extra resilience

https://mrbu.ch/articles/keycloak-webhook-extension/

#Keycloak #OpenSource #Java #DeveloperCommunity #WebhookIntegration #TechUpdate

Keycloak Knows. Why Doesn't The Rest Of Your Stack?

Keycloak fires events. Your backend doesn't know about them. A small Keycloak webhook extension that POSTs user events to your backend โ€” no polling, no database queries, no schema hacks.

Mr. Buch
Mr. Buch ๐Ÿ‡ฎ๐Ÿ‡ณMay 6

#PoW (proof-of-work) bot protection extension for #Keycloak. runs entirely within Keycloak. no third-party services. no extra installation.

#OpenSource #Privacy

https://mrbu.ch/articles/keycloak-pow-extension/

Protecting Keycloak Auth with Proof of Work

Rate limiting isn't enough. Here's how I built a Keycloak extension that uses Argon2id proof-of-work to make credential stuffing economically unviable.

Mr. Buch