Menu
How can I get user keycloak attributes (username, firstname, email...) based on user id? The user I'm using in the Keycloak session has already the role view-users assigned so I should be able to list at least all users, is there any Keycloak class that I can use?
What I'm trying to achieve here is to avoid to replicate the keycloak users database to another local database, but doesn't seem possible to access any other user info, besides the one in the current session...
497
You can use the Admin REST API. The detailed description of the relevant API is available here. Also you can use the JAVA wrapper API. Please find couple of examples below.
Example 1, REST:
Get an access token:
curl \
-d "client_id=admin-cli" \
-d "username=admin" \
-d "password=secret" \
-d "grant_type=password" \
"http://localhost:8080/auth/realms/master/protocol/openid-connect/token"
Get all users:
curl \
-H "Authorization: bearer eyJhbGciOiJSUzI...." \
"http://localhost:8080/auth/admin/realms/master/users"
Sample output:
[
{
"id":"349f67de-36e6-4552-ac54-e52085109616",
"username":"admin",
"enabled":true,
...
},
{
"id":"08afb701-fae5-40b4-8895-e387ba1902fb",
"username":"lbalev",
"enabled":true,
....
}
]
Get a user based by user id:
curl \
-H "Authorization: bearer eyJhbGciOiJSU...." \
"http://localhost:8080/auth/admin/realms/master/users/349f67de-36e6-4552-ac54-e52085109616"
Example 2, JAVA API:
Get a user based on user ID:
public class TestUserAccess {
private static final String SERVER_URL = "http://localhost:8080/auth";
private static final String REALM = "master";
private static final String USERNAME = "admin";
private static final String PASSWORD = "secret";
private static final String CLIENT_ID = "admin-cli";
public static void main(String[] args) {
Keycloak keycloak = KeycloakBuilder
.builder()
.serverUrl(SERVER_URL)
.realm(REALM)
.username(USERNAME)
.password(PASSWORD)
.clientId(CLIENT_ID)
.resteasyClient(new ResteasyClientBuilder().connectionPoolSize(10).build())
.build();
UsersResource usersResource = keycloak.realm(REALM).users();
UserResource userResource = usersResource.get("08afb701-fae5-40b4-8895-e387ba1902fb");
System.out.println(userResource.toRepresentation().getEmail());
}
}
The relevant dependencies for the example above are (please note that the versions might not be up-to-date):
dependencies {
compile group: 'org.keycloak', name: 'keycloak-admin-client', version: '3.3.0.CR2'
compile group: 'org.jboss.resteasy', name: 'resteasy-jaxrs', version: '3.1.4.Final'
compile group: 'org.jboss.resteasy', name: 'resteasy-client', version: '3.1.4.Final'
compile group: 'org.jboss.resteasy', name: 'resteasy-jackson2-provider', version: '3.1.4.Final'
}
The is simple method as well, because in above answer all the user info is getting fetched which is not the proper way because in case thousands of users it will be heavy call.
so just pass username as query parameter
GET: http://localhost:8080/auth/admin/realms/{real-name}/users?username=testUser
make sure you user admin access token for the call
32
Thanks @Nikhil Shinde for sharing the restapi endpoint.
Like he said the below will give look a like users.
GET: http://localhost:8080/auth/admin/realms/{real-name}/users?username=testUser
If you want exact username match, then try with exact=true
GET: http://localhost:8080/auth/admin/realms/{real-name}/users?username=testUser&exact=true
Source : https://www.keycloak.org/docs-api/15.0/rest-api/index.html#_users_resource
2
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
