Reputation: 1724
How to get Keycloak user information via REST without admin role
I'm using keycloak as authorization server. The users send own username/password to MyWebApp and MyWebApp with grant_type: password get the token and then response token to the user. Now I want to my users be able to get their information, change their password and everything related to themselves RESTFUL. When I send a rest request to /{realm}/users/{id} to get user information, The keycloak get 403 error response. How can I get user information without admin access from keyclaok?
Note: I've seen this question, But I want to give the user edit profile too.
Upvotes: 6
Views: 25091
Answers (2)
Reputation: 2101
As far as i know in new versions of Keycloak, Account application (~/auth/realms/{realm}/account) will be implemented as REST backend so your users will be able to work with their profile data in RESTful way (check out keycloak blog).
If you can't wait too long for such feature, you could implement your own REST backend for user profile operations. It mean that you have to implement REST endpoint Service Provider, and integrate to that API your custom set of Keycloak Roles (Your also may to implement endpoint without checks for any roles, so only bearer authentication required). Check Keycloak development docs, also you could use Keycloak sources, especially org.keycloak.services.resources.admin package as implementation example.
PS. For viewing user info, consider using User Info OIDC endpoint (See Hlex answer). It also could be customized via OIDC mappers (Clients -> {client Id} -> Mappers tab)
Upvotes: 4
Reputation: 971
I think you are using Oauth with Grant type=password. If the token you mentioned is generate by Keycloak. You can request user information to Keycloak using /userinfo endpoint.
This is example of endpoint:
"http://localhost:8080/auth/realms/demo/protocol/openid-connect/userinfo"
This is how to send the parameters: https://connect2id.com/products/server/docs/api/userinfo
GET /userinfo HTTP/1.1
Host: c2id.com
Authorization: Bearer Gp7b5hiURKpWzEXgMJP38EnYimgxlBC1PpS2zGXUqe
Upvotes: 8
Related Questions
- How to get Keycloak users via REST without admin account
- Keycloak Get Users returns 403 forbidden
- Keycloak :REST API call to get access token of a user through admin username and password
- Keycloak API get each role for a specific user
- Keycloak get user password
- How to get the Roles and Attributes of a Keycloak User
- How to get users from Keycloak REST API - Keycloak API response 403
- How to get user clientroles via REST-API from keycloak?
- REST API details to fetch Keycloak user data
- Access Keycloak REST Admin API using a service account (client credential grant)