Forked from thomasdarimont/KeycloakAdminClientExample.java
Created
May 9, 2023 22:47
-
-
Save ambroisehdn/4c5f8b54d1effae06b8938deb2cd1768 to your computer and use it in GitHub Desktop.
Using Keycloak Admin Client to create user with roles (Realm and Client level)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package demo.plain; | |
import org.keycloak.OAuth2Constants; | |
import org.keycloak.admin.client.CreatedResponseUtil; | |
import org.keycloak.admin.client.Keycloak; | |
import org.keycloak.admin.client.KeycloakBuilder; | |
import org.keycloak.admin.client.resource.RealmResource; | |
import org.keycloak.admin.client.resource.UserResource; | |
import org.keycloak.admin.client.resource.UsersResource; | |
import org.keycloak.representations.idm.ClientRepresentation; | |
import org.keycloak.representations.idm.CredentialRepresentation; | |
import org.keycloak.representations.idm.RoleRepresentation; | |
import org.keycloak.representations.idm.UserRepresentation; | |
import javax.ws.rs.core.Response; | |
import java.util.Arrays; | |
import java.util.Collections; | |
public class KeycloakAdminClientExample { | |
public static void main(String[] args) { | |
String serverUrl = "http://sso.tdlabs.local:8899/u/auth"; | |
String realm = "acme"; | |
// idm-client needs to allow "Direct Access Grants: Resource Owner Password Credentials Grant" | |
String clientId = "idm-client"; | |
String clientSecret = "0d61686d-57fc-4048-b052-4ce74978c468"; | |
// // Client "idm-client" needs service-account with at least "manage-users, view-clients, view-realm, view-users" roles for "realm-management" | |
// Keycloak keycloak = KeycloakBuilder.builder() // | |
// .serverUrl(serverUrl) // | |
// .realm(realm) // | |
// .grantType(OAuth2Constants.CLIENT_CREDENTIALS) // | |
// .clientId(clientId) // | |
// .clientSecret(clientSecret).build(); | |
// User "idm-admin" needs at least "manage-users, view-clients, view-realm, view-users" roles for "realm-management" | |
Keycloak keycloak = KeycloakBuilder.builder() // | |
.serverUrl(serverUrl) // | |
.realm(realm) // | |
.grantType(OAuth2Constants.PASSWORD) // | |
.clientId(clientId) // | |
.clientSecret(clientSecret) // | |
.username("idm-admin") // | |
.password("admin") // | |
.build(); | |
// Define user | |
UserRepresentation user = new UserRepresentation(); | |
user.setEnabled(true); | |
user.setUsername("tester1"); | |
user.setFirstName("First"); | |
user.setLastName("Last"); | |
user.setEmail("[email protected]"); | |
user.setAttributes(Collections.singletonMap("origin", Arrays.asList("demo"))); | |
// Get realm | |
RealmResource realmResource = keycloak.realm(realm); | |
UsersResource usersRessource = realmResource.users(); | |
// Create user (requires manage-users role) | |
Response response = usersRessource.create(user); | |
System.out.printf("Repsonse: %s %s%n", response.getStatus(), response.getStatusInfo()); | |
System.out.println(response.getLocation()); | |
String userId = CreatedResponseUtil.getCreatedId(response); | |
System.out.printf("User created with userId: %s%n", userId); | |
// Define password credential | |
CredentialRepresentation passwordCred = new CredentialRepresentation(); | |
passwordCred.setTemporary(false); | |
passwordCred.setType(CredentialRepresentation.PASSWORD); | |
passwordCred.setValue("test"); | |
UserResource userResource = usersRessource.get(userId); | |
// Set password credential | |
userResource.resetPassword(passwordCred); | |
// // Get realm role "tester" (requires view-realm role) | |
RoleRepresentation testerRealmRole = realmResource.roles()// | |
.get("tester").toRepresentation(); | |
// | |
// // Assign realm role tester to user | |
userResource.roles().realmLevel() // | |
.add(Arrays.asList(testerRealmRole)); | |
// | |
// // Get client | |
ClientRepresentation app1Client = realmResource.clients() // | |
.findByClientId("app-frontend-springboot").get(0); | |
// | |
// // Get client level role (requires view-clients role) | |
RoleRepresentation userClientRole = realmResource.clients().get(app1Client.getId()) // | |
.roles().get("user").toRepresentation(); | |
// | |
// // Assign client level role to user | |
userResource.roles() // | |
.clientLevel(app1Client.getId()).add(Arrays.asList(userClientRole)); | |
// Send password reset E-Mail | |
// VERIFY_EMAIL, UPDATE_PROFILE, CONFIGURE_TOTP, UPDATE_PASSWORD, TERMS_AND_CONDITIONS | |
// usersRessource.get(userId).executeActionsEmail(Arrays.asList("UPDATE_PASSWORD")); | |
// Delete User | |
// userResource.remove(); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<project xmlns="http://maven.apache.org/POM/4.0.0" | |
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | |
<modelVersion>4.0.0</modelVersion> | |
<groupId>com.github.thomasdarimont.keycloak</groupId> | |
<artifactId>keycloak-admin-client-example</artifactId> | |
<version>1.0.0.0-SNAPSHOT</version> | |
<properties> | |
<keycloak.version>8.0.2</keycloak.version> | |
<resteasy.version>3.9.1.Final</resteasy.version> | |
</properties> | |
<dependencies> | |
<dependency> | |
<artifactId>keycloak-admin-client</artifactId> | |
<groupId>org.keycloak</groupId> | |
<version>${keycloak.version}</version> | |
</dependency> | |
<dependency> | |
<groupId>org.jboss.resteasy</groupId> | |
<artifactId>resteasy-client</artifactId> | |
<version>${resteasy.version}</version> | |
</dependency> | |
<dependency> | |
<groupId>org.jboss.resteasy</groupId> | |
<artifactId>resteasy-jackson2-provider</artifactId> | |
<version>${resteasy.version}</version> | |
</dependency> | |
</dependencies> | |
</project> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment