[keycloak-user] Multiple calls required to create a user

Paulo Pires pires at littlebits.cc
Tue Aug 9 12:16:31 EDT 2016 

Oh, glad to hear Bill! Thanks for clarifying that.

Btw, I am European and just enjoyed 7 days and was still on-call. Am I a
bad European? :-D

Pires

On Tue, Aug 9, 2016 at 4:48 PM, Bill Burke <bburke at redhat.com> wrote:

> Review is assigned to Stian and he's on vacation...You know those
> Europeans and their weeks long vacations ;-p
>
> On 8/9/16 11:36 AM, Paulo Pires wrote:
>
> +1
>
> Regarding PRs, while I'm all in for it [1] the truth is that it seems
> there's no bandwidth to actually review them.
>
> Cheers,
> Pires
>
> 1 - https://github.com/keycloak/keycloak/pull/3056
>
> On Tue, Aug 9, 2016 at 4:28 PM, Thomas Darimont <
> thomas.darimont at googlemail.com> wrote:
>
>> Hello Tom,
>>
>> I was also bitten by this a bit... I created [0] and already issued a PR
>> [1] that allows
>> creating a user with initial realm / client roles with a single request.
>>
>> Cheers,
>> Thomas
>>
>> [0] https://issues.jboss.org/browse/KEYCLOAK-3410
>> [1] https://github.com/keycloak/keycloak/pull/3120
>>
>> 2016-08-09 15:20 GMT+02:00 Tom Pearson <tpearson at bkool.com>:
>>
>>> Ok cheers, will do when I get a sec
>>>
>>> 2016-08-09 15:16 GMT+02:00 Bill Burke <bburke at redhat.com>:
>>>
>>>> You can send PRs to admin docs if you want.  admin REST API is here:
>>>>
>>>> https://github.com/keycloak/server_development_guide
>>>>
>>>>
>>>>
>>>> On 8/9/16 9:14 AM, Tom Pearson wrote:
>>>>
>>>> Okay, understood. Would be great if the admin docs could be updated to
>>>> reflect the implementation although I appreciate you probably have more
>>>> important matter to attend to.
>>>>
>>>> 2016-08-09 14:31 GMT+02:00 Bill Burke <bburke at redhat.com>:
>>>>
>>>>>
>>>>>
>>>>> On 8/9/16 5:56 AM, Tom Pearson wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> I'm creating a new user through the admin API. In order to do this I
>>>>> have to make 3 separate calls (createUser
>>>>> <http://www.keycloak.org/docs/rest-api/index.html#_create_a_new_user>
>>>>> , resetPassword
>>>>> <http://www.keycloak.org/docs/rest-api/index.html#_set_up_a_temporary_password_for_the_user>
>>>>>  and addRealmLevelRoles
>>>>> <http://www.keycloak.org/docs/rest-api/index.html#_add_realm_level_role_mappings_to_the_user_2>)
>>>>> as the credentials and realm roles in the UserRepresentation
>>>>> <http://www.keycloak.org/docs/rest-api/index.html#_userrepresentation> are
>>>>> ignored. I then have to make another call to
>>>>> getEffectiveRealmLevelRoles
>>>>> <http://www.keycloak.org/docs/rest-api/index.html#_get_effective_realm_level_role_mappings_2> as
>>>>> the getUser
>>>>> <http://www.keycloak.org/docs/rest-api/index.html#_get_represenation_of_the_user> method
>>>>> doesn't return the roles. If I were to require the client level roles this
>>>>> would be 6 calls to create and return the user.
>>>>>
>>>>> Is there a reason as to why this is the case?
>>>>>
>>>>> The reason is simply that the admin API was written for the admin
>>>>> console.  We've never had time to refactor it.  Too many other things on
>>>>> the queue.
>>>>>
>>>>> As an aside, in the docs the reset password method is called "Set up a
>>>>> temporary password for the user" but in my experience the password is never
>>>>> temporary regardless of the value of the temporary flag.
>>>>>
>>>>> Kind regards,
>>>>> Tom
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>> _______________________________________________ keycloak-user mailing
>>>>> list keycloak-user at lists.jboss.org https://lists.jboss.org/mailma
>>>>> n/listinfo/keycloak-user
>>>>
>>>> _______________________________________________ keycloak-user mailing
>>> list keycloak-user at lists.jboss.org https://lists.jboss.org/mailma
>>> n/listinfo/keycloak-user
>>
>> _______________________________________________ keycloak-user mailing
>> list keycloak-user at lists.jboss.org https://lists.jboss.org/mailma
>> n/listinfo/keycloak-user
>
> --
>
> *Paulo Pires*
>
> senior infrastructure engineer | littleBits
> <http://www.google.com/url?q=http%3A%2F%2Flittlebits.cc%2F&sa=D&sntz=1&usg=AFrqEzdmD1TfneYzn_vRGBO0a4wHpG-Ivg>
>
> *T* (917) 464-4577 unleash your inner inventor.
> <https://youtu.be/fMg5QPQQOOI>
>
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>



-- 

*Paulo Pires*

senior infrastructure engineer | littleBits
<http://www.google.com/url?q=http%3A%2F%2Flittlebits.cc%2F&sa=D&sntz=1&usg=AFrqEzdmD1TfneYzn_vRGBO0a4wHpG-Ivg>

*T* (917) 464-4577
unleash your inner inventor. <https://youtu.be/fMg5QPQQOOI>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160809/20cc9b76/attachment.html

More information about the keycloak-user mailing list