[keycloak-user] Multiple calls required to create a user

Tom Pearson tpearson at bkool.com
Tue Aug 9 09:20:00 EDT 2016 

Ok cheers, will do when I get a sec

2016-08-09 15:16 GMT+02:00 Bill Burke <bburke at redhat.com>:

> You can send PRs to admin docs if you want.  admin REST API is here:
>
> https://github.com/keycloak/server_development_guide
>
>
>
> On 8/9/16 9:14 AM, Tom Pearson wrote:
>
> Okay, understood. Would be great if the admin docs could be updated to
> reflect the implementation although I appreciate you probably have more
> important matter to attend to.
>
> 2016-08-09 14:31 GMT+02:00 Bill Burke <bburke at redhat.com>:
>
>>
>>
>> On 8/9/16 5:56 AM, Tom Pearson wrote:
>>
>> Hi,
>>
>> I'm creating a new user through the admin API. In order to do this I have
>> to make 3 separate calls (createUser
>> <http://www.keycloak.org/docs/rest-api/index.html#_create_a_new_user>,
>> resetPassword
>> <http://www.keycloak.org/docs/rest-api/index.html#_set_up_a_temporary_password_for_the_user>
>>  and addRealmLevelRoles
>> <http://www.keycloak.org/docs/rest-api/index.html#_add_realm_level_role_mappings_to_the_user_2>)
>> as the credentials and realm roles in the UserRepresentation
>> <http://www.keycloak.org/docs/rest-api/index.html#_userrepresentation> are
>> ignored. I then have to make another call to getEffectiveRealmLevelRoles
>> <http://www.keycloak.org/docs/rest-api/index.html#_get_effective_realm_level_role_mappings_2> as
>> the getUser
>> <http://www.keycloak.org/docs/rest-api/index.html#_get_represenation_of_the_user> method
>> doesn't return the roles. If I were to require the client level roles this
>> would be 6 calls to create and return the user.
>>
>> Is there a reason as to why this is the case?
>>
>> The reason is simply that the admin API was written for the admin
>> console.  We've never had time to refactor it.  Too many other things on
>> the queue.
>>
>> As an aside, in the docs the reset password method is called "Set up a
>> temporary password for the user" but in my experience the password is never
>> temporary regardless of the value of the temporary flag.
>>
>> Kind regards,
>> Tom
>>
>>
>> _______________________________________________
>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>> _______________________________________________ keycloak-user mailing
>> list keycloak-user at lists.jboss.org https://lists.jboss.org/mailma
>> n/listinfo/keycloak-user
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160809/351fe18b/attachment-0001.html

More information about the keycloak-user mailing list