Reputation: 567
Create a Realm, Clients and Users under it via keycloak admin API
I am trying to create a complete Realm with client (public and private) and users. I am able to create realm with the token got from another realm. i.e., I am able to call the API {{base_path}}/admin/realms and create API with another realm client token (with realm creation permission client).
But with the same token that used to create realm i am not able to call client creation API {{base_path}}/admin/realms/{{realm_name}}/clients or user creation API {{base_path}}/admin/realms/{{realm_name}}/users.
Any idea how to achieve this? Or am I missing anything?
Upvotes: 0
Views: 241
Answers (1)
Reputation: 400
I need to know what error code you're getting exactly but usually it's because of insufficient permissions. In order to check what you can do with your JWT, you can decode your JWT here. For example, this is a decoded JWT:
{
"exp": 1726550959,
"iat": 1726550239,
"jti": "814bad70-2db3-46fb-a535-46a0bb526f60",
"iss": "http://192.168.0.11:18080/auth/realms/camunda-platform",
"aud": [
"realm-management",
"tasklist-api",
"zeebe-api",
"operate-api",
"web-modeler-api",
"admin-cli",
"optimize-api",
"web-modeler-public-api",
"camunda-identity-resource-server",
"broker",
"account"
],
"sub": "b27ac7e2-05f9-485b-a184-da50f0759bd0",
"typ": "Bearer",
"azp": "react-app",
"acr": "1",
"allowed-origins": [
"192.168.0.8/*"
],
"realm_access": {
"roles": [
"Tasklist",
"realm-admin",
"Default user role",
"offline_access",
"Operate",
"uma_authorization",
"Identity",
"Optimize",
"Zeebe",
"Web Modeler"
]
},
...
As you can see, you can identify whether or not your token is expired or has access to the resources you need. For instance, check the aud (audience) section above.
But before that, I'd check the request with a token from the master realm. If it worked, you can make sure the endpoint and headers are correct. Then, you can go to the admin console and enable the necessary roles and give required permissions to your client.
Upvotes: 0
Related Questions
- Keycloak Admin API: Unable to create a realm
- Create user via API in KeyCloak without admin-cli?
- Grant a Keycloak client service account permissions to create realm users without using the broad manage-users role
- Keycloak API not actually searching users for realm
- How to get client secret in keycloak with admin user in different realm using python-keycloak
- How to delete Keycloak realm via REST API
- Create Keycloak client via REST API
- Access Keycloak REST Admin API using a service account (client credential grant)