Reputation: 4038
How to Create User with REST Post Request in KeyCloak?
Hi I try to create or get users from KeyCloak with an API Request.
My Keycloak Client Configuration is as follows:
Client Protocol: openid-connect
Access Type: confidential
Direct Access Grants Enabled: ON
Service Accounts Enabled: ON
In "MyRealm" -> "Cients" -> "Service Account Roles" in "Client Roles" I added "view-users" and "manage-users"
After retrieving an Access Token with "client-id", "client-secret", "username", "password" and "grant-type" : "password" which works fine, I try the following REST API Call:
GET http://localhost:8180/auth/admin/realms/MyRealm/users
-Header "Authorization" "Bearer " + {accesstoken}"
but I only get {"error":"unknown_error"} back
Same while trying to create a user with
POST http://localhost:8180/auth/admin/realms/MyRealm/users
-Header "Authorization" "Bearer " + {accesstoken}"
"Content-Type" "application/json"
-Body {"username":"mid",
"email":"[email protected]",
"firstName":"mi",
"lastName":"di",
"enabled":"true"
}
Do I need to change any specific configurations in Keycloak to get or create Users?
Upvotes: 1
Views: 6335
Answers (1)
Reputation: 4309
You are getting above error because your user does not have proper role to query or manage users. You have only added roles to your client using Service Account Roles. 
Please check if you have roles mentioned in above screenshot added to your users. If you have above roles correctly configured,then your out look something like this
[
{
"id": "2d274b22-4cd7-4711-ae0d-529615309b57",
"createdTimestamp": 1632647518630,
"username": "user1",
"enabled": true,
"totp": false,
"emailVerified": false,
"firstName": "fname1",
"lastName": "lname1",
"email": "user1@localhost",
"attributes": {
"picture": [
"https://avatars.githubusercontent.com/u/90400807?s=96&v=4"
],
"myattribute": [
"myvalue"
]
},
"disableableCredentialTypes": [],
"requiredActions": [],
"notBefore": 0,
"access": {
"manageGroupMembership": true,
"view": true,
"mapRoles": true,
"impersonate": false,
"manage": true
}
},
{
"id": "9d1ed9d9-73e3-4315-bea3-7132d7557c40",
"createdTimestamp": 1632977937850,
"username": "user2",
"enabled": true,
"totp": false,
"emailVerified": false,
"firstName": "firstName2",
"lastName": "lastName",
"email": "user2@localhost",
"disableableCredentialTypes": [],
"requiredActions": [
"UPDATE_PROFILE"
],
"notBefore": 0,
"access": {
"manageGroupMembership": true,
"view": true,
"mapRoles": true,
"impersonate": false,
"manage": true
}
}
]
Upvotes: 4
Related Questions
- how to get the list of users from keycloak by using httppost/rest-api
- How can I create a user with a password in Keycloak using the REST API?
- Problem in assigning roles to user while creating it with Post HTTP request
- Create user on Keycloack from curl command
- Failing to create user with password via Keycloak Rest API
- Keycloak API to create users returns a 403 Forbidden
- Keycloak API createUser Java
- Not able to create user using keycloak api
- How to add new user in keyclaok using postman?
- How to self register user with keycloak rest api