<div dir="ltr">I am trying to create a new user via the REST API, and I'm sending this POST<div><br></div><div><b>POST /admin/realms/myrealm/users</b></div><div><br></div><div><b>Headers:</b></div><div>Authorization: Bearer (generated token, this part is OK)</div>
<div>Content-Type: application/json</div><div><br></div><div><b>Body:</b></div><div><div><font face="courier new, monospace">{</font></div><div><font face="courier new, monospace"> "username": "rodrigo.sasaki",</font></div>
<div><font face="courier new, monospace"> "enabled": true,</font></div><div><font face="courier new, monospace"> "totp": false,</font></div><div><font face="courier new, monospace"> "emailVerified": false,</font></div>
<div><font face="courier new, monospace"> "firstName": "Rodrigo",</font></div><div><font face="courier new, monospace"> "lastName": "Sasaki",</font></div><div><font face="courier new, monospace"> "email": "<a href="mailto:rodrigo.sasaki@email.com.br">rodrigo.sasaki@email.com.br</a>",</font></div>
<div><font face="courier new, monospace"> "credentials": [</font></div><div><font face="courier new, monospace"> {</font></div><div><font face="courier new, monospace"> "type": "password",</font></div>
<div><font face="courier new, monospace"> "value": "myPassword"</font></div><div><font face="courier new, monospace"> }</font></div><div><font face="courier new, monospace"> ]</font></div>
<div><font face="courier new, monospace">}</font></div></div><div><font face="courier new, monospace"><br></font></div><div>The user is created normally, but the password doesn't work, when I try to login it claims I have invalid credentials.<font face="courier new, monospace"><br>
</font></div><div><br></div><div>I noticed there is a <b>device</b> attribute in <i>CredentialRepresentation</i>, should I have filled that with some specific value? Could this be the source of the problem?</div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Wed, Jul 2, 2014 at 10:00 AM, Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hi,<br>
<br>
actually you can do it with this endpoint:
<a href="http://docs.jboss.org/keycloak/docs/1.0-beta-3/rest-api/admin/realms/%7Brealm%7D/users/%7Busername%7D/#PUT" target="_blank">http://docs.jboss.org/keycloak/docs/1.0-beta-3/rest-api/admin/realms/%7Brealm%7D/users/%7Busername%7D/#PUT</a>
. You need to pass whole user representation of particular user in
the request body of this PUT request. See admin console (page for
updating users) for more details.<span class="HOEnZb"><font color="#888888"><br>
<br>
Marek</font></span><div><div class="h5"><br>
<br>
<br>
On 1.7.2014 16:27, Rodrigo Sasaki wrote:<br>
</div></div></div><div><div class="h5">
<blockquote type="cite">
<div dir="ltr">How would I remove the update password required
action via the REST API?</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, Jul 1, 2014 at 5:20 AM, Stian
Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">You can
actually already do this if you want, both through endpoints
and the admin console. You just need to set a temporary
password and afterwards remove the update password required
action. As Marek says though it doesn't really make sense to
do so.<br>
<div>
<div><br>
----- Original Message -----<br>
> From: "Marek Posolda" <<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>><br>
> To: "Rodrigo Sasaki" <<a href="mailto:rodrigopsasaki@gmail.com" target="_blank">rodrigopsasaki@gmail.com</a>>,
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
> Sent: Tuesday, 1 July, 2014 8:07:36 AM<br>
> Subject: Re: [keycloak-user] Defining a new user
password through REST API<br>
><br>
> Hi,<br>
><br>
> Is it good practice to define password for users
this way? I assume that<br>
> usually just user himself should have access to his
plain-text password and<br>
> be able to login with it?<br>
><br>
> If you really need this, there is just endpoint<br>
> <a href="http://docs.jboss.org/keycloak/docs/1.0-beta-3/rest-api/admin/realms/%7Brealm%7D/users/%7Busername%7D/reset-password/index.html" target="_blank">http://docs.jboss.org/keycloak/docs/1.0-beta-3/rest-api/admin/realms/%7Brealm%7D/users/%7Busername%7D/reset-password/index.html</a><br>
> for reset password, which is also used by admin
console, but user needs to<br>
> choose new password when login for the first time
after reset. So I assume<br>
> that this is the possibility you are already aware
of.<br>
><br>
> But note that after this reset, you know user's
temporary password, so you<br>
> can login with this temporary password and update
password as user himself.<br>
> Then user doesn't need to do anything, you just
need to say him his<br>
> password.<br>
><br>
> Another possibility is to create new REST endpoint
by yourself, which will<br>
> use model API to do exactly what you want. For
example see this<br>
> <a href="https://github.com/keycloak/keycloak/tree/master/testsuite/tools" target="_blank">https://github.com/keycloak/keycloak/tree/master/testsuite/tools</a>
which is<br>
> REST application for adding big number of new
users. You can maybe use<br>
> something similar.<br>
><br>
> Marek<br>
><br>
><br>
> On 1.7.2014 00:01, Rodrigo Sasaki wrote:<br>
><br>
><br>
><br>
> Hello again!<br>
><br>
> Is there a way for me to define a password for a
user through the REST API<br>
> without him having to define a new one on the next
login?<br>
><br>
> The only method I found to be close to what I want
was the one that resets<br>
> the password, but I would like to redefine it
without the user having<br>
> anything to do with it.<br>
><br>
> Is it possible?<br>
><br>
> --<br>
> Rodrigo Sasaki<br>
><br>
><br>
> _______________________________________________<br>
> keycloak-user mailing list <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
><br>
> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr"><font face="Times New Roman">Rodrigo Sasaki</font></div>
</div>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><font face="Times New Roman">Rodrigo Sasaki</font><div></div></div>
</div>