[keycloak-user] Multiple calls required to create a user

Wed Aug 10 04:04:12 EDT 2016

Ah fantastic, thanks Thomas!

2016-08-09 17:28 GMT+02:00 Thomas Darimont <thomas.darimont at googlemail.com>:

> Hello Tom,
>
> I was also bitten by this a bit... I created [0] and already issued a PR
> [1] that allows
> creating a user with initial realm / client roles with a single request.
>
> Cheers,
> Thomas
>
> [0] https://issues.jboss.org/browse/KEYCLOAK-3410
> [1] https://github.com/keycloak/keycloak/pull/3120
>
> 2016-08-09 15:20 GMT+02:00 Tom Pearson <tpearson at bkool.com>:
>
>> Ok cheers, will do when I get a sec
>>
>> 2016-08-09 15:16 GMT+02:00 Bill Burke <bburke at redhat.com>:
>>
>>> You can send PRs to admin docs if you want.  admin REST API is here:
>>>
>>> https://github.com/keycloak/server_development_guide
>>>
>>>
>>>
>>> On 8/9/16 9:14 AM, Tom Pearson wrote:
>>>
>>> Okay, understood. Would be great if the admin docs could be updated to
>>> reflect the implementation although I appreciate you probably have more
>>> important matter to attend to.
>>>
>>> 2016-08-09 14:31 GMT+02:00 Bill Burke <bburke at redhat.com>:
>>>
>>>>
>>>>
>>>> On 8/9/16 5:56 AM, Tom Pearson wrote:
>>>>
>>>> Hi,
>>>>
>>>> I'm creating a new user through the admin API. In order to do this I
>>>> have to make 3 separate calls (createUser
>>>> <http://www.keycloak.org/docs/rest-api/index.html#_create_a_new_user>,
>>>> resetPassword
>>>> <http://www.keycloak.org/docs/rest-api/index.html#_set_up_a_temporary_password_for_the_user>
>>>>  and addRealmLevelRoles
>>>> <http://www.keycloak.org/docs/rest-api/index.html#_add_realm_level_role_mappings_to_the_user_2>)
>>>> as the credentials and realm roles in the UserRepresentation
>>>> <http://www.keycloak.org/docs/rest-api/index.html#_userrepresentation> are
>>>> ignored. I then have to make another call to
>>>> getEffectiveRealmLevelRoles
>>>> <http://www.keycloak.org/docs/rest-api/index.html#_get_effective_realm_level_role_mappings_2> as
>>>> the getUser
>>>> <http://www.keycloak.org/docs/rest-api/index.html#_get_represenation_of_the_user> method
>>>> doesn't return the roles. If I were to require the client level roles this
>>>> would be 6 calls to create and return the user.
>>>>
>>>> Is there a reason as to why this is the case?
>>>>
>>>> The reason is simply that the admin API was written for the admin
>>>> console.  We've never had time to refactor it.  Too many other things on
>>>> the queue.
>>>>
>>>> As an aside, in the docs the reset password method is called "Set up a
>>>> temporary password for the user" but in my experience the password is never
>>>> temporary regardless of the value of the temporary flag.
>>>>
>>>> Kind regards,
>>>> Tom
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>> _______________________________________________ keycloak-user mailing
>>>> list keycloak-user at lists.jboss.org https://lists.jboss.org/mailma
>>>> n/listinfo/keycloak-user
>>>
>>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160810/d71bc84e/attachment.html 