Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Keycloak get user password

In my project, I need to get current user password from Rest API.

I searched keycloak 4.8.3 final documentation but I could not find it. With admin user I can change password without knowing the current password. But my logged in user can be admin or not. I found that keycloak does not give me permission to that because of security. Wrap up is there any way to active that settings or is there a way to get password with Rest API ? Thank you.

like image 299
Neo Avatar asked Sep 14 '25 12:09

Neo


1 Answers

Update: The /auth path was removed starting with Keycloak 17 Quarkus distribution. So you might need to remove the /auth from the endpoint calls presented on this answer.


Via the Rest API, one cannot get the password for obvious reasons. Ideally, in a secure setting, even if one is the admin one should not have access to the users' passwords.

From the comments you wrote:

I could use method like boolean isPasswordCorrect(username,password)

An approach is to create a client on your Realm as follows:

  • Go to your Realm;
  • Clients;
  • Create Client;
  • Set Access Type to public;
  • Set Direct Access Grants Enabled to ON;
  • Save;

Now request from the newly created client a token on behalf of the user that you want to check if the password is correct:

enter image description here

As you can see the endpoint is:

<KEYCLOAK_HOST>/auth/realms/<REALM_NAME/protocol/openid-connect/token

and the body is:

client_id : <The client ID of the newly create client>
username : <The username>
password : <The password to be tested>
grant_type : password

If the password is correct you will get back a token object, otherwise you will get the following response:

{
    "error": "invalid_grant",
    "error_description": "Invalid user credentials"
}
like image 73
dreamcrash Avatar answered Sep 17 '25 18:09

dreamcrash



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!