[keycloak-user] Multiple calls required to create a user
Bill Burke
bburke at redhat.com
Tue Aug 9 08:31:38 EDT 2016
On 8/9/16 5:56 AM, Tom Pearson wrote:
> Hi,
>
> I'm creating a new user through the admin API. In order to do this I
> have to make 3 separate calls (createUser
> <http://www.keycloak.org/docs/rest-api/index.html#_create_a_new_user>,
> resetPassword
> <http://www.keycloak.org/docs/rest-api/index.html#_set_up_a_temporary_password_for_the_user> and
> addRealmLevelRoles
> <http://www.keycloak.org/docs/rest-api/index.html#_add_realm_level_role_mappings_to_the_user_2>)
> as the credentials and realm roles in the UserRepresentation
> <http://www.keycloak.org/docs/rest-api/index.html#_userrepresentation> are
> ignored. I then have to make another call to
> getEffectiveRealmLevelRoles
> <http://www.keycloak.org/docs/rest-api/index.html#_get_effective_realm_level_role_mappings_2> as
> the getUser
> <http://www.keycloak.org/docs/rest-api/index.html#_get_represenation_of_the_user> method
> doesn't return the roles. If I were to require the client level roles
> this would be 6 calls to create and return the user.
>
> Is there a reason as to why this is the case?
>
The reason is simply that the admin API was written for the admin
console. We've never had time to refactor it. Too many other things on
the queue.
> As an aside, in the docs the reset password method is called "Set up a
> temporary password for the user" but in my experience the password is
> never temporary regardless of the value of the temporary flag.
>
> Kind regards,
> Tom
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160809/10a1c6bf/attachment.html
More information about the keycloak-user
mailing list