Reputation: 1002
Keyclaok API: won't assign realm role to the created user
I'm trying to create a new user and assign it an 'internal' realm-role via Keycloak API. The realm-role is already created as you can see, the user is being created but it doesn't assign the realm role to that user. What am I doing wrong? Should I assign the role via a second keycloak API request? Then what's the point of providing 'realmRoles' body param in the first place?
POST admin/realms/{realm}/users
{
firstName: 'John',
lastName: 'Doe',
email: '[email protected]',
username: john.doe,
realmRoles: ['internal']
}
Upvotes: 0
Views: 711
Answers (1)
Reputation: 529
You must assign it in a seperate step. First get the role-Mapping
GET admin/realms/{realm}/users/{userId}/role-mappings/realm/available?first=0&max=11
Then pick the Mapping and assign it
POST admin/realms/{realm}/users/{userId}/role-mappings/realm
[
{"id":"4d485565-dd2c-41e0-8739-951c962f0cfd",
"name":"offline_access",
"description":"${role_offline-access}",
"composite":false,
"clientRole":false,
"containerId":"{realm}"}
]
The user ID can be obtained as result from the create request
BTW if you run the developer tools of your browser and perform the actions "by hand" you should be able to figure out the requests in the network-tab.
Upvotes: 0
Related Questions
- Get user list in my keycloak (18.0) realm with client roles
- How to search keycloak users by employeeNumber or by custom attributes?
- Keycloak API get each role for a specific user
- Keycloak - Manage realm with user from different realm
- Unable to assign realm Role to a newly created Keycloak User via Admin REST API
- Getting 403 error with {"error":"unknown_error"} message while creating keycloak user
- How to delete Keycloak realm via REST API
- Keycloak Admin API - Custom user id when creating user and assigning multiple users to a role
- Newly added admin of realm can't login to the realm in Keycloak
- Assign role to user Keycloak Admin Client