[keycloak-user] Not able to set credentials for a user while creating a user through my own Rest API

keith.hudson at hudzinga.com keith.hudson at hudzinga.com
Fri Oct 21 09:36:39 EDT 2016 

If I understand your question correctly and your trying to reset or change a user's password within your own service, you can do this now.

Example:

Keycloak kc = Keycloak.getInstance( KEYCLOAK_URL, REALM, USER, PASS,  "admin-cli");

List<UserRepresentation> users = kc.realm("MYREALM").users().search(login, null, null, null, 0, 12);

UserRepresentation userCheck = users.get(0);
String userID = userCheck.getId();
UserResource userResource = kc.realm("MYREALM").users().get(userID);

CredentialRepresentation credential = new CredentialRepresentation();
credential.setType(CredentialRepresentation.PASSWORD);
credential.setValue(someMethod.generatePassword());
credential.setTemporary(false);
			
logger.info("Updating user");
userResource.update(userCheck); // if you changed any other values on the user
userResource.resetPassword(credential); // resets the password
			

We use this approach to allow the user to update settings via our own service layer and change the appropriate credentials in Keycloak within our own service layer.

-----Original Message-----
From: "abhishek raghav" <abhi.raghav007 at gmail.com>
Sent: Friday, October 21, 2016 9:10am
To: stian at redhat.com
Cc: "keycloak-user" <keycloak-user at lists.jboss.org>
Subject: Re: [keycloak-user] Not able to set credentials for a user while creating a user through my own Rest API

Hey

Thanks for explaining how the user credential are setting.
I guess the problem which I facing can be solved by using KEYCLOAK- 1835

*https://issues.jboss.org/browse/KEYCLOAK-1835
<https://issues.jboss.org/browse/KEYCLOAK-1835>*

When can we expect this to be released..?

And if it is not going to be released in the future, what should be the
strategy to activate the user where they can set there password.

Keycloak send a link to update the password to the user at the time of user
creation. Now this link have very small life time. Now I cant expect my
users to respond that quickly. (Say 5 minutes) So by then they click on it,
it gets expired.

This isn't a problem with self registration. Just when administrator is
creating account for the user.

Please suggest any strategy to come-over this scenario or whats the
standard way IDM does to activate the user account / Provision the users
first time.

Cheers
Abhishek





On Fri, Oct 21, 2016 at 10:19 AM, Stian Thorgersen <sthorger at redhat.com>
wrote:

> We'll never expose user credentials over the rest endpoints. We don't even
> know them as they are hashed.
>
> Instead of sending a temporary password you should send the user a reset
> password link. That's a special code that let's the user set the password.
>
> On 20 October 2016 at 21:55, abhishek raghav <abhi.raghav007 at gmail.com>
> wrote:
>
>> I am able to set the user credentials by calling a different endpoint as
>> suggested by you. but still when I am inspecting the returned
>> UserRepresentation Object, credentials are coming as null.
>>
>> I am actually trying to create a email template theme, where I am sending
>> the temporary created user password to the user to his registered email.
>> So
>> I am able to introduce username like this :
>>
>> ${msg("executeActionsBodyHtml",link, linkExpiration, realmName,
>> user.getUsername())}
>>
>> But when I am trying to do same for
>> credentials, user.getCredentials().get(0).getValue() I am getting a Null
>> pointer as credentials were not set in the user.
>>
>> I know its kind of absurd.
>>
>> Please suggest. What  I am doing wrong.
>>
>> Cheers
>> Abhishek
>>
>>
>>
>>
>>
>>
>>
>> On Thu, Oct 20, 2016 at 9:11 PM, Marek Posolda <mposolda at redhat.com>
>> wrote:
>>
>> > Yes, but we have separate endpoint for manage (reset) user password and
>> > other credentials.
>> >
>> > See for example admin console and check with some plugin (like FF
>> firebug
>> > for example) what REST endpoints are called when you reset password for
>> > some user.
>> >
>> > Marek
>> >
>> >
>> > On 20/10/16 17:02, abhishek raghav wrote:
>> >
>> >> Hey
>> >>
>> >> I am writing to create user by calling keycloak rest APIs through my
>> own
>> >> REST api's. I am able to set all other properties of a user and create
>> a
>> >> user,  but when i try assigning the credentials , I get stuck.
>> >>
>> >> First of all Is it possible to do it externally create such scenario..?
>> >>
>> >> If yes, how can i do that.
>> >>
>> >>
>> >> Cheers
>> >>   Abhishek
>> >> _______________________________________________
>> >> keycloak-user mailing list
>> >> keycloak-user at lists.jboss.org
>> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >>
>> >
>> >
>> >
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list