Menu
I know that there is admin APIs to get the list of users which returns the user representation array.
GET /admin/realms/{realm}/groups/{id}/members
returns
https://www.keycloak.org/docs-api/2.5/rest-api/index.html#_userrepresentation
but is there a way to get users by custom attribute ?
398
Keycloak is a third-party authorization server that manages users of our web or mobile applications. It offers some default attributes, such as first name, last name, and email to be stored for any given user.
Add custom attribute Before we start, you must be logged in as an admin in keycloak. In the left menu bar click on Users , choose a user, in our case (johndoe) and the click Attributes tab. Enter a key and value and click the Add button on the right side. Now click the Save button.
Adding in request a custom header containing our custom claims json - base64 encoded. Implement a protocol mapper, which configuration of the name of the custom header and type (Json) The mapper read the custom header value, decode the value and the json value to the access token.
This is enabled out of the box from Keycloak version 15.1.0
Using GET /{realm}/users API, parameter q is introduced: A query to search for custom attributes, in the format 'key1:value2 key2:value2'
curl 'http://{{keycloak_url}}/auth/admin/realms/{{realm}}/users?q=phone:123456789'
You can also combine several attributes within this parameter using space ' ' delimiter
curl 'http://{{keycloak_url}}/auth/admin/realms/{{realm}}/users?q=phone:123456789 country:USA'
Docs: https://www.keycloak.org/docs-api/15.1/rest-api/index.html#_users_resource
53
This is not possible by default, but Keycloak offers the possibility to extend its functionalities via a system of Service Provider Interfaces which is very easy to implement.
Here is an example of new route that allows to search by custom attributes :
public class SearchByAttributeResourceProvider implements RealmResourceProvider {
private KeycloakSession session;
public SearchByAttributeResourceProvider(KeycloakSession session) {
this.session = session;
}
@Override
public Object getResource() {
return this;
}
@GET
@Path("search-by-stuff/{stuffValue}")
@Produces({MediaType.APPLICATION_JSON})
public List<UserRepresentation> getUsersByStuff(@PathParam("stuffValue") String stuffValue) {
return session
.users()
.searchForUserByUserAttribute("stuff", stuffValue, session.getContext().getRealm())
.stream()
.map(userModel -> ModelToRepresentation.toRepresentation(session, session.getContext().getRealm(), userModel))
.collect(toList());
}
@Override
public void close() {
}
}
You'll find more details here : https://www.keycloak.org/docs/latest/server_development/index.html#_extensions_rest
32
With latest version of keycloak (18.01), we have api in
@GET
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
List<UserRepresentation> searchByAttributes(@QueryParam("q") String searchQuery);
The query param is of format 'key:value' . Using this we can get list of all users by custom attributes
2
Current Keycloak API version is 4.8 and there is API: Get users Returns a list of users, filtered according to query parameters
GET /{realm}/users
See doc: https://www.keycloak.org/docs-api/4.8/rest-api/index.html#_users_resource
Only this "search" is available from the API. If you need search by user attributes, then you need to implement it in your own code.
1
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
