<div dir="ltr">Thank you. I tried what you said. I am able access that REST service on the Keycloak server but it returns an AccountService object. Actually, I get a 406 error response on my end. I think it is because I did not have the keycloak-services dependency in my application's pom. However, when I add it and I try to start the server, I get the error: Could not find constructor for class: org.keycloak.services.resources.RealmsResource. Should I make my own local version of AccountService and not add keycloak-services to my application? What is the best approach? Any ideas why I might be getting a 406 error? <div>
<br></div><div><div>SkeletonKeySession session = (SkeletonKeySession) request</div><div> .getAttribute(SkeletonKeySession.class.getName());</div><div> ResteasyClient client = new ResteasyClientBuilder()</div>
<div> .trustStore(session.getMetadata().getTruststore())</div><div> .hostnameVerification(</div><div> ResteasyClientBuilder.HostnameVerificationPolicy.ANY)</div><div> .build();</div>
<div><br></div><div> String username = request.getRemoteUser();</div><div><br></div><div> Profile profile = null;</div><div><br></div><div> try {</div><div> </div><div> Response response = client</div>
<div> .target("<a href="http://server:8080/auth/rest/realms/myrealm/account">http://server:8080/auth/rest/realms/myrealm/account</a>")</div><div> .request()</div><div> .header(HttpHeaders.AUTHORIZATION,</div>
<div> "Bearer " + session.getTokenString()).get();</div></div><div><br></div><div>.</div><div>.</div><div>.</div><div> </div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Wed, Mar 5, 2014 at 3:09 AM, Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
There's also a Keycloak specific mechanism for accessing the account of the user associated with the token.<br>
<br>
To do this open the scope mappings for your app/client, and select 'account' in the application roles, select 'view-profile' and click the right-arrow. This will allow your app/client to view the profile of the current user.<br>
<br>
Then you can make a request (with bearer token) to:<br>
<br>
/auth/rest/realms/myrealm/account<br>
<br>
In the future we'll add support to do all account specific things through these REST endpoints to support all operations provided by the account management application.<br>
<div><div class="h5"><br>
----- Original Message -----<br>
> From: "Dean Peterson" <<a href="mailto:peterson.dean@gmail.com">peterson.dean@gmail.com</a>><br>
> To: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> Sent: Tuesday, 4 March, 2014 7:15:31 PM<br>
> Subject: [keycloak-user] How to access realms/{realm}/users/{user} with Application<br>
><br>
> Hello,<br>
><br>
> I am trying to find the best way to access the UsersResource.java Rest<br>
> services outside the keycloak admin application to get a user's information.<br>
> How do I make a request using just the client's credentials?<br>
><br>
> I currently use something like this but I get a 401 because I am using a<br>
> user's oauth token and they only have user privileges:<br>
> SkeletonKeySession session = (SkeletonKeySession) request<br>
> .getAttribute(SkeletonKeySession.class.getName());<br>
> ResteasyClient client = new ResteasyClientBuilder()<br>
> .trustStore(session.getMetadata().getTruststore())<br>
> .hostnameVerification(<br>
> ResteasyClientBuilder.HostnameVerificationPolicy.ANY)<br>
> .build();<br>
><br>
> String username = request.getRemoteUser();<br>
><br>
> Profile profile = null;<br>
><br>
> try {<br>
><br>
> Response response = client<br>
> .target(" <a href="http://server:8080/auth/rest/admin/realms/myrealm/users/" target="_blank">http://server:8080/auth/rest/admin/realms/myrealm/users/</a> ")<br>
> .path(username)<br>
> .request()<br>
> .header(HttpHeaders.AUTHORIZATION,<br>
> "Bearer " + session.getTokenString()).get();<br>
><br>
> // Get the existing entry if there is one. Otherwise, just return<br>
> // the regular<br>
> // entity retrieved from the remote system.<br>
> try {<br>
> profile = profileRepository<br>
> .findByRegistrationId(member.getId());<br>
><br>
> } catch (NoResultException e) {<br>
> // ignore<br>
> }<br>
><br>
> } finally {<br>
> client.close();<br>
> }<br>
><br>
> Is there a way for the application to make a request directly as an admin<br>
> without giving the user admin privileges?<br>
><br>
</div></div>> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote></div><br></div>