[keycloak-user] Check to see if user exists with Admin REST API
Stian Thorgersen
stian at redhat.com
Fri May 8 07:20:39 EDT 2015
----- Original Message -----
> From: "Benjamin Hansmann [alphaApps]" <b.hansmann at alphaapps.de>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: "keycloak-user" <keycloak-user at lists.jboss.org>
> Sent: Friday, 8 May, 2015 11:44:29 AM
> Subject: Re: [keycloak-user] Check to see if user exists with Admin REST API
>
> On Fri, 2015-05-08 at 01:21 -0400, Stian Thorgersen wrote:
> >
> > ----- Original Message -----
> > > From: "Benjamin Hansmann [alphaApps]" <b.hansmann at alphaapps.de>
> > > To: "keycloak-user" <keycloak-user at lists.jboss.org>
> > > Sent: Thursday, 7 May, 2015 8:51:15 PM
> > > Subject: [keycloak-user] Check to see if user exists with Admin REST API
> > >
> > > I hope this is my last question to this list :-)
> >
> > That sounds very sinister, please don't go ;)
> >
> > >
> > > I want to check if a user exists with given username/or email address
> > > from within an Android App while the user is typing.
> > >
> > > Hence I want to provide a REST endpoint to let the app check. I am using
> > > the Admin REST API for backchannel requests to keycloak from within my
> > > servlet.
> > >
> > > /admin/realms/{my-realm}/users/{username} (or the get(username)
> > > equivalent of admin-client) does not work for checking if the email
> > > address is already in use.
> > >
> > > /admin/realms/{my-realm}/users?search={username} works for email, but
> > > it's greedy. I think "%" is added at beginning and end of the query
> > > parameters before the database request, so that search hits are quasi
> > > guaranteed. E.g. if someone has a registered Email Address of
> > > john.smith at example.com and someone tries to register with
> > > smith at example.com or smith at example.com.br it is shown as already in use.
> > >
> > > Any ideas? How is this solved in the web frontend? Maybe the Admin REST
> > > API endpoint should support username and email as path params when those
> > > two can be used to login?
> >
> > I wouldn't hit Keycloak with these queries, especially not if you're
> > expecting your app to have many users. I'd write an event listener
> > provider and use that to write usernames and emails that are in use to
> > your application database and query that instead.
> >
>
> Thanks Stian. If I do that, maybe I should write an User Federation
> Provider upfront and store the users in my db. Do you think this is a
> better option than creating users via admin rest API?
I'd go for the event listener approach personally as it's much simpler if all you want is a list of usernames and emails, but you can also do the same through the user federation spi.
>
> I still wouldn't have a feature to trigger verification emails, right? I
> am doing it with a dirty workaround to login the user with apache
> httpclient once to trigger it now.
Dunno what you mean about verification emails, those are sent when user first logins if realm requires it.
>
> > >
> > > Best Regards
> > > Benjamin
> > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
>
>
>
More information about the keycloak-user
mailing list