[keycloak-user] Defining a new user password through REST API
Marek Posolda
mposolda at redhat.com
Thu Jul 3 03:19:50 EDT 2014
Hi Rodrigo,
it's not supported to setup password of user through this endpoint. It
just supports setup stuff like firstName, lastName, email,
requiredActions etc. To setup password of user, you may need to:
- Use the endpoint to setup temporary password of user (It will
automatically add requiredAction for UPDATE_PASSWORD
- Then use the endpoint for update user and send the empty array of
requiredActions in it. This will ensure that UPDATE_PASSWORD required
action will be deleted and user won't need to update password again.
btv. The easy approach to figure out the endpoints and how they work
might be to use admin console and do some actions in UI (reset password
of user, then remove requiredAction etc) and then check (for example
with some tool like FireBug for Firefox) what are the underlying REST
endpoint requests sent from admin console UI.
Marek
On 2.7.2014 21:24, Rodrigo Sasaki wrote:
> I am trying to create a new user via the REST API, and I'm sending
> this POST
>
> *POST /admin/realms/myrealm/users*
>
> *Headers:*
> Authorization: Bearer (generated token, this part is OK)
> Content-Type: application/json
>
> *Body:*
> {
> "username": "rodrigo.sasaki",
> "enabled": true,
> "totp": false,
> "emailVerified": false,
> "firstName": "Rodrigo",
> "lastName": "Sasaki",
> "email": "rodrigo.sasaki at email.com.br
> <mailto:rodrigo.sasaki at email.com.br>",
> "credentials": [
> {
> "type": "password",
> "value": "myPassword"
> }
> ]
> }
>
> The user is created normally, but the password doesn't work, when I
> try to login it claims I have invalid credentials.
>
> I noticed there is a *device* attribute in /CredentialRepresentation/,
> should I have filled that with some specific value? Could this be the
> source of the problem?
>
>
> On Wed, Jul 2, 2014 at 10:00 AM, Marek Posolda <mposolda at redhat.com
> <mailto:mposolda at redhat.com>> wrote:
>
> Hi,
>
> actually you can do it with this endpoint:
> http://docs.jboss.org/keycloak/docs/1.0-beta-3/rest-api/admin/realms/%7Brealm%7D/users/%7Busername%7D/#PUT
> . You need to pass whole user representation of particular user in
> the request body of this PUT request. See admin console (page for
> updating users) for more details.
>
> Marek
>
>
>
> On 1.7.2014 16:27, Rodrigo Sasaki wrote:
>> How would I remove the update password required action via the
>> REST API?
>>
>>
>> On Tue, Jul 1, 2014 at 5:20 AM, Stian Thorgersen
>> <stian at redhat.com <mailto:stian at redhat.com>> wrote:
>>
>> You can actually already do this if you want, both through
>> endpoints and the admin console. You just need to set a
>> temporary password and afterwards remove the update password
>> required action. As Marek says though it doesn't really make
>> sense to do so.
>>
>> ----- Original Message -----
>> > From: "Marek Posolda" <mposolda at redhat.com
>> <mailto:mposolda at redhat.com>>
>> > To: "Rodrigo Sasaki" <rodrigopsasaki at gmail.com
>> <mailto:rodrigopsasaki at gmail.com>>,
>> keycloak-user at lists.jboss.org
>> <mailto:keycloak-user at lists.jboss.org>
>> > Sent: Tuesday, 1 July, 2014 8:07:36 AM
>> > Subject: Re: [keycloak-user] Defining a new user password
>> through REST API
>> >
>> > Hi,
>> >
>> > Is it good practice to define password for users this way?
>> I assume that
>> > usually just user himself should have access to his
>> plain-text password and
>> > be able to login with it?
>> >
>> > If you really need this, there is just endpoint
>> >
>> http://docs.jboss.org/keycloak/docs/1.0-beta-3/rest-api/admin/realms/%7Brealm%7D/users/%7Busername%7D/reset-password/index.html
>> > for reset password, which is also used by admin console,
>> but user needs to
>> > choose new password when login for the first time after
>> reset. So I assume
>> > that this is the possibility you are already aware of.
>> >
>> > But note that after this reset, you know user's temporary
>> password, so you
>> > can login with this temporary password and update password
>> as user himself.
>> > Then user doesn't need to do anything, you just need to say
>> him his
>> > password.
>> >
>> > Another possibility is to create new REST endpoint by
>> yourself, which will
>> > use model API to do exactly what you want. For example see this
>> >
>> https://github.com/keycloak/keycloak/tree/master/testsuite/tools
>> which is
>> > REST application for adding big number of new users. You
>> can maybe use
>> > something similar.
>> >
>> > Marek
>> >
>> >
>> > On 1.7.2014 00:01, Rodrigo Sasaki wrote:
>> >
>> >
>> >
>> > Hello again!
>> >
>> > Is there a way for me to define a password for a user
>> through the REST API
>> > without him having to define a new one on the next login?
>> >
>> > The only method I found to be close to what I want was the
>> one that resets
>> > the password, but I would like to redefine it without the
>> user having
>> > anything to do with it.
>> >
>> > Is it possible?
>> >
>> > --
>> > Rodrigo Sasaki
>> >
>> >
>> > _______________________________________________
>> > keycloak-user mailing list keycloak-user at lists.jboss.org
>> <mailto:keycloak-user at lists.jboss.org>
>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >
>> >
>> > _______________________________________________
>> > keycloak-user mailing list
>> > keycloak-user at lists.jboss.org
>> <mailto:keycloak-user at lists.jboss.org>
>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>>
>> --
>> Rodrigo Sasaki
>
>
>
>
> --
> Rodrigo Sasaki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140703/0cd5a883/attachment-0001.html
More information about the keycloak-user
mailing list