[keycloak-user] Multiple calls required to create a user

Bill Burke bburke at redhat.com
Tue Aug 9 11:48:53 EDT 2016 

Review is assigned to Stian and he's on vacation...You know those 
Europeans and their weeks long vacations ;-p


On 8/9/16 11:36 AM, Paulo Pires wrote:
> +1
>
> Regarding PRs, while I'm all in for it [1] the truth is that it seems 
> there's no bandwidth to actually review them.
>
> Cheers,
> Pires
>
> 1 - https://github.com/keycloak/keycloak/pull/3056
>
> On Tue, Aug 9, 2016 at 4:28 PM, Thomas Darimont 
> <thomas.darimont at googlemail.com 
> <mailto:thomas.darimont at googlemail.com>> wrote:
>
>     Hello Tom,
>
>     I was also bitten by this a bit... I created [0] and already
>     issued a PR [1] that allows
>     creating a user with initial realm / client roles with a single
>     request.
>
>     Cheers,
>     Thomas
>
>     [0] https://issues.jboss.org/browse/KEYCLOAK-3410
>     <https://issues.jboss.org/browse/KEYCLOAK-3410>
>     [1] https://github.com/keycloak/keycloak/pull/3120
>     <https://github.com/keycloak/keycloak/pull/3120>
>
>     2016-08-09 15:20 GMT+02:00 Tom Pearson <tpearson at bkool.com
>     <mailto:tpearson at bkool.com>>:
>
>         Ok cheers, will do when I get a sec
>
>         2016-08-09 15:16 GMT+02:00 Bill Burke <bburke at redhat.com
>         <mailto:bburke at redhat.com>>:
>
>             You can send PRs to admin docs if you want.  admin REST
>             API is here:
>
>             https://github.com/keycloak/server_development_guide
>             <https://github.com/keycloak/server_development_guide>
>
>
>
>             On 8/9/16 9:14 AM, Tom Pearson wrote:
>>             Okay, understood. Would be great if the admin docs could
>>             be updated to reflect the implementation although I
>>             appreciate you probably have more important matter to
>>             attend to.
>>
>>             2016-08-09 14:31 GMT+02:00 Bill Burke <bburke at redhat.com
>>             <mailto:bburke at redhat.com>>:
>>
>>
>>
>>                 On 8/9/16 5:56 AM, Tom Pearson wrote:
>>>                 Hi,
>>>
>>>                 I'm creating a new user through the admin API. In
>>>                 order to do this I have to make 3 separate calls
>>>                 (createUser
>>>                 <http://www.keycloak.org/docs/rest-api/index.html#_create_a_new_user>,
>>>                 resetPassword
>>>                 <http://www.keycloak.org/docs/rest-api/index.html#_set_up_a_temporary_password_for_the_user> and
>>>                 addRealmLevelRoles
>>>                 <http://www.keycloak.org/docs/rest-api/index.html#_add_realm_level_role_mappings_to_the_user_2>)
>>>                 as the credentials and realm roles in the
>>>                 UserRepresentation
>>>                 <http://www.keycloak.org/docs/rest-api/index.html#_userrepresentation> are
>>>                 ignored. I then have to make another call to
>>>                 getEffectiveRealmLevelRoles
>>>                 <http://www.keycloak.org/docs/rest-api/index.html#_get_effective_realm_level_role_mappings_2> as
>>>                 the getUser
>>>                 <http://www.keycloak.org/docs/rest-api/index.html#_get_represenation_of_the_user> method
>>>                 doesn't return the roles. If I were to require the
>>>                 client level roles this would be 6 calls to create
>>>                 and return the user.
>>>
>>>                 Is there a reason as to why this is the case?
>>>
>>                 The reason is simply that the admin API was written
>>                 for the admin console.  We've never had time to
>>                 refactor it.  Too many other things on the queue.
>>
>>>                 As an aside, in the docs the reset password method
>>>                 is called "Set up a temporary password for the user"
>>>                 but in my experience the password is never temporary
>>>                 regardless of the value of the temporary flag.
>>>
>>>                 Kind regards,
>>>                 Tom
>>>
>>>
>>>                 _______________________________________________
>>>                 keycloak-user mailing list
>>>                 keycloak-user at lists.jboss.org
>>>                 <mailto:keycloak-user at lists.jboss.org>
>>>                 https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>                 <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>>                 _______________________________________________
>>                 keycloak-user mailing list
>>                 keycloak-user at lists.jboss.org
>>                 <mailto:keycloak-user at lists.jboss.org>
>>                 https://lists.jboss.org/mailman/listinfo/keycloak-user
>>                 <https://lists.jboss.org/mailman/listinfo/keycloak-user> 
>>
>         _______________________________________________ keycloak-user
>         mailing list keycloak-user at lists.jboss.org
>         <mailto:keycloak-user at lists.jboss.org>
>         https://lists.jboss.org/mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/mailman/listinfo/keycloak-user> 
>
>     _______________________________________________ keycloak-user
>     mailing list keycloak-user at lists.jboss.org
>     <mailto:keycloak-user at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>     <https://lists.jboss.org/mailman/listinfo/keycloak-user> 
>
> -- 
>
> *Paulo Pires*
>
> senior infrastructure engineer | littleBits 
> <http://www.google.com/url?q=http%3A%2F%2Flittlebits.cc%2F&sa=D&sntz=1&usg=AFrqEzdmD1TfneYzn_vRGBO0a4wHpG-Ivg>
>
> *T* (917) 464-4577unleash your inner inventor. 
> <https://youtu.be/fMg5QPQQOOI>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160809/95890e41/attachment-0001.html

More information about the keycloak-user mailing list