I want get a permissions list of the user, but did't find the method in keycloak-nodejs-admin-client and the API in Keycloak Admin REST API.
Asked
Active
Viewed 1,494 times
1 Answers
2
User needs to assign the view-users role to user.
API
POST {Keycloak URL:PORT}/auth/admin/realms/{my-realm}/users/{user-ID}/role-mappings/clients/{realm-management-ID}
You can do it by Keycloak UI
After assign this role into user, she can get the user list
Demo by Postman
If user has no this role, he can't get the user list.
He get the HTTP 403 Forbidden response status
In the Keycloak Admin API section,
Add client-level roles to the user role mapping but it is not detail information.
You can see detail steps, how to assign token variable in Postman. first step in here. that link use master-token but I use user-token. It is test{my-realm}'s specific user's(user name is user) token for demo.
If you use the master admin token, can get any realm's user list.
Update with Keycloak v21.1.1
Run Keycloak by Docker
docker run --name mykeycloak -p 8080:8080 \
-e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin \
quay.io/keycloak/keycloak:21.1.1 \
start-dev
API
POST {Keycloak URL:PORT}/admin/realms/{my-realm}/users/{user-ID}/role-mappings/clients/{realm-management-ID}
UI
Get User Token BY Postman
Get User list
Bench Vue
- 5,257
- 2
- 10
- 14
-
Any idea for Keycloak 21 how this can be configured? – Peter Penzov May 19 '23 at 20:59
-
@PeterPenzov, I updated with Keycloak 2.1.1 – Bench Vue May 20 '23 at 00:40
-
Thanks, I tried the configuration but one thing is not clear: I created the configuration following the steps using `Client` but looks like your config is for User. What payload I need to send with Postman in order above configuration to work? – Peter Penzov May 20 '23 at 15:19
-
@PeterPenzov, I think you looking for [this](https://stackoverflow.com/questions/73721142/when-creating-a-new-user-set-realmroles-keycloak-admin-rest-api/73724620#73724620). – Bench Vue May 20 '23 at 23:19
-
Thanks, one more question do you know for user update what should be the proper payload for PUT request? – Peter Penzov May 21 '23 at 00:22
-
@PeterPenzov, you can update a user in [here](https://stackoverflow.com/questions/72488960/username-update-via-api-in-keycloak/72489590#72489590), don't forget to vote me for each answer. – Bench Vue May 21 '23 at 01:04
-
Can I ask one more question? I need to configure user login to use OTP password after submitting username and password: [link](https://stackoverflow.com/questions/76244039/send-verification-code-via-e-mail-after-keycloak-login) Is this possible using the Rest API? – Peter Penzov May 21 '23 at 21:54
-
@PeterPenzov, Thanks for your vote me. Sorry, I have no experience OTP password by API. – Bench Vue May 22 '23 at 02:08