private async Task <User> UpdateUserInfo(KeycloakUser keycloakUser, User jellyfinUser)
        {
            jellyfinUser.SetPermission(PermissionKind.IsDisabled, true);
            jellyfinUser.SetPermission(PermissionKind.IsAdministrator, false);
            jellyfinUser.SetPermission(PermissionKind.EnableContentDownloading, false);
            foreach (string permission in keycloakUser.Permissions)
            {
                switch (permission)
                {
                case "administrator":
                    jellyfinUser.SetPermission(PermissionKind.IsAdministrator, true);
                    break;

                case "allowed_access":
                    jellyfinUser.SetPermission(PermissionKind.IsDisabled, false);
                    break;
                }
            }
            await _userManager.UpdateUserAsync(jellyfinUser).ConfigureAwait(false);

            return(jellyfinUser);
        }
        public async Task <ProviderAuthenticationResult> Authenticate(string username, string password)
        {
            _userManager ??= _applicationHost.Resolve <IUserManager>();
            string totp = null;

            if (Enable2FA)
            {
                var match = Regex.Match(password, TwoFactorPattern);
                if (match.Success)
                {
                    password = match.Groups[1].Value;
                    totp     = match.Groups[2].Value;
                }
            }
            User user = null;

            try
            {
                user = _userManager.GetUserByName(username);
            }
            catch (Exception e)
            {
                _logger.LogWarning("User Manager could not find a user for Keycloak User, this may not be fatal", e);
            }

            KeycloakUser keycloakUser = await GetKeycloakUser(username, password, totp);

            if (keycloakUser == null)
            {
                throw new AuthenticationException("Error completing Keycloak login. Invalid username or password.");
            }

            if (user == null)
            {
                if (CreateUser)
                {
                    _logger.LogInformation($"Creating user {username}");
                    user = await _userManager.CreateUserAsync(username).ConfigureAwait(false);

                    user.AuthenticationProviderId = GetType().FullName;
                    await UpdateUserInfo(keycloakUser, user);
                }
                else
                {
                    _logger.LogError("Keycloak User not configured for Jellyfin: {username}", username);
                    throw new AuthenticationException(
                              $"Automatic User Creation is disabled and there is no Jellyfin user for authorized Uid: {username}");
                }
            }
            else
            {
                await UpdateUserInfo(keycloakUser, user);
            }
            if (user.HasPermission(PermissionKind.IsDisabled))
            {
                // If the user no longer has permission to access revoke all sessions for this user
                _logger.LogInformation($"{username} is disabled, revoking all sessions");
                var sessionHandler = _applicationHost.Resolve <ISessionManager>();
                sessionHandler.RevokeUserTokens(user.Id, null);
            }
            return(new ProviderAuthenticationResult {
                Username = username
            });
        }