Facing issue while creating user using Keycloak Java client

Question

This is below simple code I am trying to create Keycloak user in the master Realm. But I am getting Bad request in return and below warning in Keycloak:

10:27:58,256 WARN [org.keycloak.events] (default task-111) type=LOGIN_ERROR, realmId=master, clientId=security-admin-console, userId=null, ipAddress=127.0.0.1, error=not_allowed, auth_method=oauth_credentials, grant_type=password, client_auth_method=client-secret

Keycloak kc = Keycloak.getInstance("http://localhost:8080/auth", "master", "admin", "password","security-admin-console");
    CredentialRepresentation credential = new CredentialRepresentation();
    credential.setType(CredentialRepresentation.PASSWORD);
    credential.setValue(password);
    credential.setTemporary(false);
    UserRepresentation user = new UserRepresentation();
    user.setUsername(username);
    user.setFirstName("Test");
    user.setLastName("User");
    user.setEnabled(true);
    user.setCredentials(Arrays.asList(credential));
    kc.realm("master").users().create(user);

Answer 1

access_token is needed to use Keycloak REST API. So you need to check that Direct Access Grants Enabled: ON for the client you are using. It is enabled by default for the client admin-cli. But, looks like, it is disabled for the security-admin-console.

I think better to use admin-cli.

Also try to do the same using HTTP requests with Postman, for example. You will need:

1. Get access_token using admin credentials
2. Create a user using that token.

You can find a full example of working with Admin REST API here: https://github.com/v-ladynev/keycloak-nodejs-example

This example uses Node.js. But you can analyse the code to understand better how to use REST API.