[keycloak-user] How to access realms/{realm}/users/{user} with Application

Bill Burke bburke at redhat.com
Thu Mar 6 08:52:47 EST 2014


Or build from master or wait until next Thursday and you can get these 
identity attributes in the token.

On 3/6/2014 6:31 AM, Stian Thorgersen wrote:
> You don't need to add keycloak-services to your application. It doesn't actually return AccountService object, AccountService is JAX-RS sub-resource that handles all requests to 'account'. Assuming that you've looked at the source, have a peak inside AccountService.accountPage that's what actually handles the request.
>
> The 406 is caused by missing Accept header. Try adding:
>
> .header(HttpHeaders.ACCEPT, "application/json")
>
> Cheers,
> Stian
>
> ----- Original Message -----
>> From: "Dean Peterson" <peterson.dean at gmail.com>
>> To: "Stian Thorgersen" <stian at redhat.com>
>> Cc: keycloak-user at lists.jboss.org
>> Sent: Wednesday, 5 March, 2014 8:28:53 PM
>> Subject: Re: [keycloak-user] How to access realms/{realm}/users/{user} with Application
>>
>> Thank you.  I tried what you said.  I am able access that REST service on
>> the Keycloak server but it returns an AccountService object.  Actually, I
>> get a 406 error response on my end.  I think it is because I did not have
>> the keycloak-services dependency in my application's pom.  However, when I
>> add it and I try to start the server, I get the error: Could not find
>> constructor for class: org.keycloak.services.resources.RealmsResource.
>>   Should I make my own local version of AccountService and not add
>> keycloak-services to my application?  What is the best approach?  Any ideas
>> why I might be getting a 406 error?
>>
>> SkeletonKeySession session = (SkeletonKeySession) request
>>                  .getAttribute(SkeletonKeySession.class.getName());
>>          ResteasyClient client = new ResteasyClientBuilder()
>>                  .trustStore(session.getMetadata().getTruststore())
>>                  .hostnameVerification(
>>
>> ResteasyClientBuilder.HostnameVerificationPolicy.ANY)
>>                  .build();
>>
>>          String username = request.getRemoteUser();
>>
>>          Profile profile = null;
>>
>>          try {
>>
>>              Response response = client
>>                      .target("
>> http://server:8080/auth/rest/realms/myrealm/account")
>>                      .request()
>>                      .header(HttpHeaders.AUTHORIZATION,
>>                              "Bearer " + session.getTokenString()).get();
>>
>> .
>> .
>> .
>>
>>
>>
>> On Wed, Mar 5, 2014 at 3:09 AM, Stian Thorgersen <stian at redhat.com> wrote:
>>
>>> There's also a Keycloak specific mechanism for accessing the account of
>>> the user associated with the token.
>>>
>>> To do this open the scope mappings for your app/client, and select
>>> 'account' in the application roles, select 'view-profile' and click the
>>> right-arrow. This will allow your app/client to view the profile of the
>>> current user.
>>>
>>> Then you can make a request (with bearer token) to:
>>>
>>> /auth/rest/realms/myrealm/account
>>>
>>> In the future we'll add support to do all account specific things through
>>> these REST endpoints to support all operations provided by the account
>>> management application.
>>>
>>> ----- Original Message -----
>>>> From: "Dean Peterson" <peterson.dean at gmail.com>
>>>> To: keycloak-user at lists.jboss.org
>>>> Sent: Tuesday, 4 March, 2014 7:15:31 PM
>>>> Subject: [keycloak-user] How to access realms/{realm}/users/{user} with
>>>        Application
>>>>
>>>> Hello,
>>>>
>>>> I am trying to find the best way to access the UsersResource.java Rest
>>>> services outside the keycloak admin application to get a user's
>>> information.
>>>> How do I make a request using just the client's credentials?
>>>>
>>>> I currently use something like this but I get a 401 because I am using a
>>>> user's oauth token and they only have user privileges:
>>>> SkeletonKeySession session = (SkeletonKeySession) request
>>>> .getAttribute(SkeletonKeySession.class.getName());
>>>> ResteasyClient client = new ResteasyClientBuilder()
>>>> .trustStore(session.getMetadata().getTruststore())
>>>> .hostnameVerification(
>>>> ResteasyClientBuilder.HostnameVerificationPolicy.ANY)
>>>> .build();
>>>>
>>>> String username = request.getRemoteUser();
>>>>
>>>> Profile profile = null;
>>>>
>>>> try {
>>>>
>>>> Response response = client
>>>> .target(" http://server:8080/auth/rest/admin/realms/myrealm/users/ ")
>>>> .path(username)
>>>> .request()
>>>> .header(HttpHeaders.AUTHORIZATION,
>>>> "Bearer " + session.getTokenString()).get();
>>>>
>>>> // Get the existing entry if there is one. Otherwise, just return
>>>> // the regular
>>>> // entity retrieved from the remote system.
>>>> try {
>>>> profile = profileRepository
>>>> .findByRegistrationId(member.getId());
>>>>
>>>> } catch (NoResultException e) {
>>>> // ignore
>>>> }
>>>>
>>>> } finally {
>>>> client.close();
>>>> }
>>>>
>>>> Is there a way for the application to make a request directly as an admin
>>>> without giving the user admin privileges?
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-user mailing list