-
-
Save luciddreamz/83a888eedd9274b4045a3ab8af064faa to your computer and use it in GitHub Desktop.
Keycloak Admin API Rest Example: Get User
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # requires https://stedolan.github.io/jq/download/ | |
| # config | |
| KEYCLOAK_URL=http://localhost:8080/auth | |
| KEYCLOAK_REALM=realm | |
| KEYCLOAK_CLIENT_ID=clientId | |
| KEYCLOAK_CLIENT_SECRET=clientSecret | |
| USER_ID=userId | |
| export TKN=$(curl -X POST "${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/token" \ | |
| -H "Content-Type: application/x-www-form-urlencoded" \ | |
| -d "username=${KEYCLOAK_CLIENT_ID}" \ | |
| -d "password=${KEYCLOAK_CLIENT_SECRET}" \ | |
| -d 'grant_type=password' \ | |
| -d 'client_id=admin-cli' | jq -r '.access_token') | |
| curl -X GET "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${$USER_ID}" \ | |
| -H "Accept: application/json" \ | |
| -H "Authorization: Bearer $TKN" | jq . |
Untested! :)
Don't worry it works.
Is there any way to list all realm & client roles using Java?
For example:
@GetMapping("/roles")
public ResponseEntity<List<RoleRepresentation>> getRoles() {
Keycloak keycloak = getKeycloakInstance();
ClientRepresentation clientRepresentation = keycloak.realm(keycloakRealm).clients().findByClientId(keycloakClient).get(0);
List<RoleRepresentation> roles = keycloak.realm(keycloakRealm).clients().get(clientRepresentation.getId()).roles().list();
return ResponseEntity.ok(roles);
}
Above code is to list all client roles. I want to list realm roles.
Thanks
If anyone like me will try this script on newer Keycloak and it does not work, see: https://stackoverflow.com/questions/70577004/keycloak-could-not-find-resource-for-full-path
Thank you!
It's worked for me
On keycloak 21.0.1 the following works for me:
#!/bin/bash
# requires https://stedolan.github.io/jq/download/
# config
KEYCLOAK_URL=http://localhost:8080 # NOTE: no /auth
KEYCLOAK_REALM=realm
KEYCLOAK_CLIENT_ID=clientId
KEYCLOAK_CLIENT_SECRET=clientSecret
USER_ID=userId
export TKN=$(curl -X POST "${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=${KEYCLOAK_CLIENT_ID}" \
-d "client_secret=${KEYCLOAK_CLIENT_SECRET}" \
-d 'grant_type=client_credentials' | jq -r '.access_token')
curl -X GET "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${USER_ID}" \
-H "Accept: application/json" \
-H "Authorization: Bearer $TKN" | jq .In the client config:
Client authentication: On
Direct access grants: On
Service account roles: On
Under "Service Account Roles" assign the manage-users role.
Raw HTTP format:
POST http://localhost:8080/realms/YOUR_REALM/protocol/openid-connect/token
Content-Type: application/x-www-form-urlencoded
grant_type=password&client_id=admin-cli&username=YOUR_USER&password=YOUR_PASSWORDExample using defaults:
POST http://localhost:8080/realms/master/protocol/openid-connect/token
Content-Type: application/x-www-form-urlencoded
grant_type=password&client_id=admin-cli&username=admin&password=admin
Just as hint:
We had issues with passwords which contains non ASCII characters.
We were able to fix this by replacing:
-d "password=${KEYCLOAK_CLIENT_SECRET}" \with
--data-urlencode "password=${KEYCLOAK_CLIENT_SECRET}" \
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@jijiechen Thanks man, you gave me a clue about my problem.