[keycloak-user] Rest api - missing group info and non-individual attributes in the response
Marek Posolda
mposolda at redhat.com
Mon Jun 19 02:57:47 EDT 2017
On 18/06/17 13:02, Dirk Franssen wrote:
> Hi all,
>
> I have defined several groups in Keycloak 3.0.0.Final with some users and
> via the java library I make rest calls to retrieve the list of users via
> realmResource.users().search(), but the response does not contain the
> groups info (UserRepresentation.getGroups() is null)?
There is separate REST endpoint for it. You can try to explore our admin
console and see what HTTP requests it is sending when you display group
memberships of user (admin console is just angular application backed by
admin REST API).
>
> So I added a client mapper of type Group Membership with claim name
> myGroups (add to ID token, access token and userinfo). After a login into
> the application I do have an otherClaims of myGroups with the groupnames
> the user belongs to. But the rest call response does not contain the info (
> UserRepresentation.getAttributes() is null)
>
> Also the group attributes (with a new mapper) do not appear in the response
> of the rest call. It seems that only individual user attributes are
> returned in the rest call response? Is this by design?
Yes. However once user authenticate, you will see all his attributes in
the token as expected, including the attributes inherited through group
mapping.
Maybe our admin console and admin REST API could be a bit clever and
optionally display also attributes inherited through groups. Feel free
to create JIRA. However not sure about priority of this...
Marek
>
> I know there is the possibility to extend the rest api via a custom
> provider, but this seem cumbersome to just know to which group the user
> belongs to...
>
> Currently I query for each group the members separately via
> realmResource.groups().group(groupid).members(). This is kind of ok as
> there are currently only 4 groups.
>
> Kind regards,
> Dirk Franssen
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list