Keycloak User Roles missing in REST API

rest roles keycloak user-roles
17,501

Solution 1

You are not getting roles in the user details because the REST API is strictly resource based and roles are separate objects that are just associated to a user. The following REST URLs can be used to get a user's roles
Getting the associated realm roles:
GET /auth/admin/realms/{realm}/users/{user-uuid}/role-mappings/realm
Getting the associated role of a specific client:
GET /auth/admin/realms/{realm}/users/{user-uuid}/role-mappings/clients/{client-uuid}

Solution 2

I have also tried to get this information in the scope of one call since based on the Keycloak API documentation we can do it. But no results. I have also tried to use different Mappers for the client using which we can add some information to the token data, user info, and so on. But Looks like we can not get that information using the GET /auth/admin/realms/{realm}/users endpoint. it's not working also for the GET /auth/admin/realms/{realm}/users/{userId} endpoint.

In my case, I need to get the users list, with pagination and search option, and I need information about the client roles which are assigned to the user, and groups on which the user is in.

Due to that, I need to make a lot of API calls. I need to get users list, then for each user, I need to get users groups, and client roles by additional API calls, and then combine that information. Also, make an API call to get users to count. BUT, It's not really to have more than 20 API calls to get needed information for 10 users.

So, what I did.

As an alternative way, I have connected my Nest.js application to the Keycloak database directly and did what I need by one SQL query using TypeORM. I have created the models, with relations and did it so easily.

In my case, I have used USER_ENTITY, USER_ROLE_MAPPING, KEYCLOAK_ROLE, USER_GROUP_MEMBERSHIP, KEYCLOAK_GROUP tables.

Its works were good. The only thing is that maybe, in future Keycloak versions, can add some changes in the DB structure... In that case, changes should be investigated and the Keycloak version should be updated after changes in the models.

If you are doing something like my solution, be sure that you are not changing anything in the Keycloak database. Or, if you want to do inserting or removing operations without using Keycloak API, be sure that you have all information about the Keycloak database structure. There are actually about 93 tables.

Share:
17,501

Related videos on Youtube

troger19
Author by

troger19

Updated on July 31, 2021

Comments

  • troger19
    troger19 over 2 years

    I would like to ask, if somebody knows, why there are no roles within the user details in REST ADMIN API request. I saw some posts dealing with this topic, but there were either no clear answer or they propose to use keycloak-admin-client, but that seems not very convenient. Maybe I need to map the roles in Admin console or use claims? Roles are one of the most important user attribute so whats the reason they are not retrieved as other user attributes?Any suggestion? Thanks

    GET /auth/admin/realms/{realm}/users 

{
  "id": "efa7e6c0-139f-44d8-baa8-10822ed2a9c1",
  "createdTimestamp": 1516707328588,
  "username": "testuser",
  "enabled": true,
  "totp": false,
  "emailVerified": false,
  "firstName": "Test",
  "lastName": "User",
  "email": "[email protected]",
  "attributes": {"xxx": ["123456"]},
  "disableableCredentialTypes": ["password"],
  "requiredActions": []
}
  • Dreamer
    Dreamer about 5 years
    I am also having same question, I need roles, groups associated with User. To Get That I Using : keycloak.org/docs-api/3.0/rest-api/index.html#_users_resourc‌​e URI: GET /admin/realms/{realm}/users/{id} According the documentation provided on above link, it should provide user details including roles, groups also.
  • michealAtmi
    michealAtmi almost 4 years
    Since roles and groups are missing from response, it causes major efficiency problems as there sometimes must be about 20 request to search users by name, roles and groups
  • Süleyman Sümertaş
    Süleyman Sümertaş over 2 years
    Even I have mapped roles for a user GET /auth/admin/realms/{realm}/users/{user-uuid}/role-mappings/r‌​ealm returns empty result.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

keycloak CORS filter spring boot
The method 'firstWhere' isn't defined for the type 'Object' in flutter
Display nested json array in ListView
Updating Value From API in a constructor flutter
Flutter upload file through rest api endpoint
How to access COWIN APIs?
Flutter Dev Tools - show request payload
In Flutter how I can fetch data inside a JASON with API and GetX
Flutter: DateTime as argument in retrofit method; DateTime ISO 8061 serialization; Retrofit date iso8061 formatting
How to have same backend for Flutter mobile app as of nodeJS website?