-
-
Save luciddreamz/83a888eedd9274b4045a3ab8af064faa to your computer and use it in GitHub Desktop.
Keycloak Admin API Rest Example: Get User
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # requires https://stedolan.github.io/jq/download/ | |
| # config | |
| KEYCLOAK_URL=http://localhost:8080/auth | |
| KEYCLOAK_REALM=realm | |
| KEYCLOAK_CLIENT_ID=clientId | |
| KEYCLOAK_CLIENT_SECRET=clientSecret | |
| USER_ID=userId | |
| export TKN=$(curl -X POST "${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/token" \ | |
| -H "Content-Type: application/x-www-form-urlencoded" \ | |
| -d "username=${KEYCLOAK_CLIENT_ID}" \ | |
| -d "password=${KEYCLOAK_CLIENT_SECRET}" \ | |
| -d 'grant_type=password' \ | |
| -d 'client_id=admin-cli' | jq -r '.access_token') | |
| curl -X GET "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${$USER_ID}" \ | |
| -H "Accept: application/json" \ | |
| -H "Authorization: Bearer $TKN" | jq . |
On keycloak 21.0.1 the following works for me:
#!/bin/bash
# requires https://stedolan.github.io/jq/download/
# config
KEYCLOAK_URL=http://localhost:8080 # NOTE: no /auth
KEYCLOAK_REALM=realm
KEYCLOAK_CLIENT_ID=clientId
KEYCLOAK_CLIENT_SECRET=clientSecret
USER_ID=userId
export TKN=$(curl -X POST "${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=${KEYCLOAK_CLIENT_ID}" \
-d "client_secret=${KEYCLOAK_CLIENT_SECRET}" \
-d 'grant_type=client_credentials' | jq -r '.access_token')
curl -X GET "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${USER_ID}" \
-H "Accept: application/json" \
-H "Authorization: Bearer $TKN" | jq .In the client config:
Client authentication: On
Direct access grants: On
Service account roles: On
Under "Service Account Roles" assign the manage-users role.
Raw HTTP format:
POST http://localhost:8080/realms/YOUR_REALM/protocol/openid-connect/token
Content-Type: application/x-www-form-urlencoded
grant_type=password&client_id=admin-cli&username=YOUR_USER&password=YOUR_PASSWORDExample using defaults:
POST http://localhost:8080/realms/master/protocol/openid-connect/token
Content-Type: application/x-www-form-urlencoded
grant_type=password&client_id=admin-cli&username=admin&password=admin
Just as hint:
We had issues with passwords which contains non ASCII characters.
We were able to fix this by replacing:
-d "password=${KEYCLOAK_CLIENT_SECRET}" \with
--data-urlencode "password=${KEYCLOAK_CLIENT_SECRET}" \
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thank you!
It's worked for me