[keycloak-user] Get all users for a given client with consent

Dmitry Telegin dt at acutus.pro
Sat Jun 30 06:30:50 EDT 2018 

Hi Henning, sorry for late response,
I assume that by "getting a list of all users with consent for a
specific client" you mean exposing this list over REST API (correct me
if I'm wrong).
For this, you will need to implement a custom REST endpoint using Realm
Resource SPI [1] that will execute a single JPA query:
select consent from UserConsentEntity consent where consent.clientId =
:clientId
then convert the results to a list of UserConsentRepresentation's and
return it. If you want to see the list in the admin GUI, you'll also
have to implement a GUI theme.
Please remember that by default custom REST resources are public, so
you'll need to implement proper access control. Examples that might be
helpful here:- examples/providers/rest: a minimal example of custom
REST resource;- examples/providers/domain-extension: an advanced
example that (among other) demonstrates interacting with the JPA layer;
unfortunately, it is not maintained, and the authorization code is
broken at the moment [2];- BeerCloak [3]: a more complete and complex
example that is maintained and working. Currently, authorization is
implemented in a pre-3.2.0 way (but should still work in 4.0.0). I'm
going to port it to post-3.2.0 soon (that means, fine-grained
permissions), so stay tuned;- examples/themes - if you're looking to
extending the GUI.

See
also:org.keycloak.models.jpa.entities.UserConsentEntityorg.keycloak.rep
resentations.idm.UserConsentRepresentationorg.keycloak.services.resourc
es.admin.UserResource::getConsents()org.keycloak.models.jpa.JpaUserProv
ider::getConsents()
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+ 42 (022) 888-30-71
E-mail: info at acutus.pro

[1] https://www.keycloak.org/docs/latest/server_development/index.html#
_extensions_rest[2] https://issues.jboss.org/browse/KEYCLOAK-5927[3]
https://github.com/dteleguin/beercloak
> Hey guys, any input on this? Appreciate it! :)
> 
> Thanks
> 
> Henning
> 
> 2018-06-25 13:35 GMT+02:00 Henning Waack <henning.waack at codecentric.d
> e>:
> 
> > Hi.
> > 
> > Is it possible to get a list of all users who have given their
> > consent for
> > a specific client? I am working with KC 4.0 (and Spring Boot 2.0).
> > 
> > Thanks & greetings
> > 
> > Henning
> > 
> 
>

More information about the keycloak-user mailing list