Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Keycloak - using admin API to add client role to user

Tags:

http-status-code-404

api

admin

keycloak

I'm triyng to use keycloak AdminAPI (https://www.keycloak.org/docs-api/3.0/rest-api/index.html#_users_resource) to create user and assign client roles. I'm receiving correct token, and user is created but assigning roles return 404

I'm using Postman to connect with API:

/auth/realms/{realmName}/protocol/openid-connect/token
Content-Type application/x-www-form-urlencoded <-with parameters ofc
/auth/admin/realms/{realmName}/users

Content-Type application/json
Authorization Bearer {TOKEN}
Body:

{
   "username": "name",
   "enabled": true,
   "emailVerified": false,
   "firstName": "first",
   "lastName": "last",
   "credentials": [
       {
           "type": "password",
           "value": "newPas1*",
           "temporary": false
       }
   ]
}

Above works for me, but the next one don't

/auth/admin/realms/{realmName}/users/xxxxxx-xxxx-xxxx-xxxx-xxxxxxxx/role-mappings/clients/realm-management

Content-Type application/json
Authorization Bearer {TOKEN}
Body:

{
   "roles": [
       {
           "id": "0830ff39-43ea-48bb-af8f-696bc420c1ce",
           "name": "create-client",
           "description": "${role_create-client}",
           "composite": false,
           "clientRole": true,
           "containerId": "344e7c81-e7a2-4a43-b013-57d7ed198eee"
       }
   ]
}

where 'xxxxxx-xxxx-xxxx-xxxx-xxxxxxxx' is userID returned during creation and create-client role exists

I need a way to add client role via Http request. I saw there are some keycloack implementation for java but I'm using .NET CORE so there will be the target implementation but I need to have working request first as you may gues

like image 242
Orzel94 Avatar asked May 22 '19 10:05

Orzel94

People also ask

What is client role in Keycloak?

Keycloak roles are defined in a dedicated namespace so that all users with the same roles have identical permissions in that namespace. In other words, realm-level roles are a global namespace for a given realm, while client roles are namespaces intended for specific applications.

1 Answers

You have to pass client UUID to the role-mappings REST method, not the ID that you specify when creating a client in admin UI. Use GET /admin/realms/{realm}/clients?clientId=realm-management REST method to find out the client UUID.

UPDATE

In Keycloak 6.0.1 to add a role it is required to pass role name and id.

Example:

POST /auth/admin/realms/{realm}/users/{user}/role-mappings/clients/{client}

[
  {
    "id": "0830ff39-43ea-48bb-af8f-696bc420c1ce",
    "name": "create-client"
  }
]
like image 152
Vadim Ashikhman Avatar answered Sep 27 '22 16:09

Vadim Ashikhman
Sign in to Comment

Related questions

Caching calls to an external API in a rails app
"Error: String types not allowed (at 'configChanges' with value 'keyboard|keyboardHidden| orien"... in AndroidManifest.xml
How to check whether MFA is enabled for root account in AWS using boto?
Functionalities structuring in API design
Where to find my Yahoo Application id?
How to make a third party api call in Vapor 3?
Error in ggmap, "must be an array" and "HTTP 400 bad request"
C++ OpenGL application as a web service
Interacting with RESTful API's via Javascript?
Button click in sendmessage API
Is there a method in Ruby that does the opposite of find?
Create firewall rule to open port per application programmatically in c#
UPS Rates API - how to get service description
Twitter4j authentication credentials are missing
MarkerWithLabel stopped working correctly
Freeze rows and set styles with Google spreadsheet API
Error 406 Not Acceptable JSON
youtube.subscriptions.list (api v3) - nextPageToken isn't available
Rest API plugin wordpress disable default routes
Postman "Self-signed SSL certificates are being blocked"

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!