Menu
Im tried to create new user with clients role. I have client roles: - Admin - Operator - Manager
And during creating user I want to assign user a client role
my curl:
curl -X POST -H 'Authorization: Bearer token' -H 'Content-Type: application/json' -i 'http://localhost.com/auth/admin/realms/realm/users' --data '{
"username": "[email protected]",
"enabled": true,
"firstName": "",
"lastName": "",
"email": "[email protected]",
"credentials": [
{
"type": "password",
"value": "qq",
"temporary": false
}
],
"clientRoles": {
"suppression": [
"Admin"
]
}
}'
User have created successfully, but role have not assigned. Also I want to do this in one request
916
Keycloak roles are defined in a dedicated namespace so that all users with the same roles have identical permissions in that namespace. In other words, realm-level roles are a global namespace for a given realm, while client roles are namespaces intended for specific applications.
Select a group from the Available Groups tree and hit the join button to add the user to a group.
This is not the correct way to assign roles to the user. It is a step by step process- Step 1 - Create a user in keycloak.
curl -X POST -H 'Authorization: Bearer token' -H 'Content-Type: application/json' -i 'http://localhost.com/auth/admin/realms/realm/users' --data '{.....
Step 2 - Then use a different API to map this user to a certain client-role.
POST /admin/realms/{realm}/users/{id}/role-mappings/clients/{client}
For the complete spec of this API, You can search for this API in Keycloak ADMIN API docs. Here's the link https://www.keycloak.org/docs-api/3.0/rest-api/index.html and search for "Add client-level roles to the user role mapping"
172
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
