How to add realm-admin to an User using keycloak rest-api

Question

When I add a role to an user, I search that client-role by name and then I get this role representation and add to the user. But I couldn't find out how to search the "realm-admin" role and how to add that to the user with rest api.

That's the url I'm using to search my client-role (GET):

https://{my-keycloak-url}/auth/admin/realms/{realm-name}/clients/{id}/roles/{role-name}

And that's the url I'm using to add this role to the user (PUT):

https://{my-keycloak-url}/auth/admin/realms/{realm-name}/users/{user-id}/role-mappings/clients/{client-id}

What's the equivalent to this "realm-admin"?

Answer 1

You can assign the realm-admin role to user by this API

POST https://{my-keycloak-url}/auth/admin/realms/{realm-name}/users/{user-id}/role-mappings/clients/{realm-management-id}

with this body payload

[
    {
        "id":{realm-admin-id},
        "name":"realm-admin",
        "description":"${role_realm-admin}",
        "composite":true,
        "clientRole":true,
        "containerId":{realm-management-id}
    }
]

Get master token

This is demo by Postman

OR curl command

curl --location --request POST 'http://localhost:8180/auth/admin/realms/my-realm/users/1b058869-a65d-4648-b4e2-4f5bf7430ea6/role-mappings/clients/33f00bff-d735-4402-88bc-51ea055d15c1' \
--header 'Authorization: Bearer $token' \
--header 'Content-Type: application/json' \
--data-raw '[
    {
        "id":"c8a60657-9545-4ab3-9913-0186fdb93213",
        "name":"realm-admin",
        "description":"${role_realm-admin}",
        "composite":true,
        "clientRole":true,
        "containerId":"33f00bff-d735-4402-88bc-51ea055d15c1"
    }
]'

GET {user-id} by user list API

GET {realm-management-id} by client list API

GET {realm-admin-id} by client role list API