Create user on Keycloack from curl command

Question

Currently I try to create a user from curl command via Keycloak's Admin REST API. I can authenticate myself as an admin, I have a good answer, but when I want to create a user, I have an error like: "404 - Not Found".

Here are my curl commands:

#!/bin/bash

echo "* Request for authorization"
RESULT=`curl --data "username=pierre&password=pierre&grant_type=password&client_id=admin-cli" http://localhost:8080/auth/realms/master/protocol/openid-connect/token`

echo "\n"
echo "* Recovery of the token"
TOKEN=`echo $RESULT | sed 's/.*access_token":"//g' | sed 's/".*//g'`

echo "\n"
echo "* Display token"
echo $TOKEN

echo "\n"
echo " * user creation\n"
curl   http://localhost:8080/apiv2/users -H "Authorization: bearer $TOKEN"   --data '{"firstName":"xyz","lastName":"xyz", "email":"demo2@gmail.com", "enabled":"true"}'

I used the official API documentation, located at this address: https://www.keycloak.org/docs-api/4.4/rest-api/index.html

I have this error:

my realm is good

How I can fix it? Thanks in advance.

have you tried via Postman. Is the same error received on postman also? — tryingToLearn, Sep 21 '18 at 11:27

Kilian · Accepted Answer · 2019-02-08T08:42:03.600

21

try this, I added the content type header and modify the url :

#!/bin/bash

echo "* Request for authorization"
RESULT=`curl --data "username=admin&password=Pa55w0rd&grant_type=password&client_id=admin-cli" http://localhost:8080/auth/realms/master/protocol/openid-connect/token`

echo "\n"
echo "* Recovery of the token"
TOKEN=`echo $RESULT | sed 's/.*access_token":"//g' | sed 's/".*//g'`

echo "\n"
echo "* Display token"
echo $TOKEN

echo "\n"
echo " * user creation\n"
curl -v http://localhost:8080/auth/admin/realms/apiv2/users -H "Content-Type: application/json" -H "Authorization: bearer $TOKEN"   --data '{"firstName":"xyz","lastName":"xyz", "email":"demo2@gmail.com", "enabled":"true"}'

edited Feb 08 '19 at 08:42

answered Jan 09 '19 at 12:57

Kilian

1,753
13
21

4

Note that i had to add the field "username" in order for this to work. Which is marked optional in the docs, but including it is the only difference between 200 ok and 500 "unknown error" version 7.1 – Drew Verlee Nov 18 '19 at 20:40
@Kilian would you know how to do this via the admin cli? – Saturnian Jun 13 '22 at 02:41
@Saturnian sorry I don't, I haven't work on keycloak since years, but you can check here maybe https://stackoverflow.com/questions/56743109/keycloak-create-admin-user-in-a-realm – Kilian Jun 21 '22 at 09:20
You can also use a POST request instead of GET. I like to use jq to extract values from JSON. Password is stored in a file. ```TOKEN="$(curl -s -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "username=admin&password=$(< ./secret/kc-admin-password.txt)&grant_type=password&client_id=admin-cli" http:/localhost:8080/auth/realms/master/protocol/openid-connect/token | jq -r ".access_token")"``` – Bruce Aug 23 '23 at 01:04

score 4 · Answer 2 · answered Sep 22 '18 at 19:02

According to Keycloak's documentation ( Server Admin > The Admin CLI > Basic operations and resource URIs ), the users endpoint should be:

http://localhost:8080/auth/admin/realms/apiv2/users

So please fix your last URL accordingly.

You can also find a full example on Keycloak's JIRA issue #5383. Note that it is adding the content-type header explicitly as well:

Content-Type: application/json

Create user on Keycloack from curl command

2 Answers2

Linked