[keycloak-user] Use RestAPI to add roles to groups

Tue Nov 7 09:43:23 EST 2017

Are you using some documentation / examples or are you just doing trial and
error to reverse engineer how to use REST API based on Admin REST
Documentation?

In practice it's easiest to just activate developer tools in your browser
and turn on request logging, then perform the desired operations in Admin
Console, and check what JSON was sent and received.

Another option is Admin CLI docs containing recipes which are easy to
translate into raw REST requests:
http://www.keycloak.org/docs/latest/server_admin/topics/admin-cli.html.

Additionally, there are Admin REST API tests in our testsuite:
https://github.com/keycloak/keycloak/tree/master/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin
They should cover most use-cases, but it may be a bit difficult to find
exactly the thing you're looking for.

Our REST API Documentation is rather messy and not very helpful for many
use cases. But since it's so easy to reverse engineer communication using
Admin Console with request tracing enabled in your browser, the priority
for improving REST API is pretty low ATM.

On Tue, Nov 7, 2017 at 12:58 PM, O'Callaghan, John <
john.ocallaghan at accenture.com> wrote:

>
> Hi all
>
> A similar question to before. Am trying to use the rest api to add
> existing access roles to an existing group.
> I have tried to use:
>
> PUT /auth/admin/realms/REALM_NAME/groups/GROUP_ID
> With data {'realmRoles': [LIST_OF_ROLES], 'id': gid}
>
> Am getting a 204 back from PUT but when I look in the webui I am not
> seeing the assigned roles table getting updated for the group.
>
> This is similar to a previous question I had (thanks again Marko for the
> response) and for fun I did try :
> PUT /auth/admin/realms/REALM_ID/groups/GROUP_ID/roles/ROLE_ID
> With data {'roleId': ROLE_ID, 'id': GROUP_ID, ‘realm’: REALM_NAME}
>
> But that gave a 404.
>
> Anyone else had this problem? Any help would be much appreciated!
> Thanks
> John
>
> ________________________________
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If you have
> received it in error, please notify the sender immediately and delete the
> original. Any other use of the e-mail by you is prohibited. Where allowed
> by local law, electronic communications with Accenture and its affiliates,
> including e-mail and instant messaging (including content), may be scanned
> by our systems for the purposes of information security and assessment of
> internal compliance with Accenture policy.
> ____________________________________________________________
> __________________________
>
> www.accenture.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user