Add support for creating user with credentials in admin endpoints - keycloak-dev - Jboss List Archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Add support for creating user with credentials in admin endpoints

Re: [keycloak-dev] UMA 2.0

Group Based Policy

Stian Thorgersen

Friday, 9 June 2017 Fri, 9 Jun '17

4:49 a.m.

Currently the admin endpoints ignores credentials when creating the user and a second post is needed to add credentials. I don't see any reason why it has to be this way and we should be able to change it? We already have a PR for it https://issues.jboss.org/browse/KEYCLOAK-5026.

Reply

Show replies by date

Sebastien Blanc

Friday, 9 June Fri, 9 Jun

12:55 p.m.

+1 That will solve 80% of the admin REST related questions on the mailing list Le ven. 9 juin 2017 à 19:06, Stian Thorgersen <sthorger(a)redhat.com> a écrit :

Currently the admin endpoints ignores credentials when creating the user and a second post is needed to add credentials. I don't see any reason why it has to be this way and we should be able to change it? We already have a PR for it https://issues.jboss.org/browse/KEYCLOAK-5026. _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev

Reply

John D. Ament

8:33 p.m.

We had a similar need internally, to be able to create FederatedIdentityLinks for a user upon creation (assuming the IDP exists already). We were able to work around it with an event listener, but I'm wondering if more cases should be handled in create user? On Fri, Jun 9, 2017 at 9:31 PM Sebastien Blanc <sblanc(a)redhat.com> wrote:

+1 That will solve 80% of the admin REST related questions on the mailing list Le ven. 9 juin 2017 à 19:06, Stian Thorgersen <sthorger(a)redhat.com> a écrit : > Currently the admin endpoints ignores credentials when creating the user > and a second post is needed to add credentials. > > I don't see any reason why it has to be this way and we should be able to > change it? > > We already have a PR for it https://issues.jboss.org/browse/KEYCLOAK-5026. > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev > _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev

Reply

Bill Burke

3:28 p.m.

credentials is somethign that is supposed to be set by the user. On 6/9/17 5:49 AM, Stian Thorgersen wrote:

Currently the admin endpoints ignores credentials when creating the user and a second post is needed to add credentials. I don't see any reason why it has to be this way and we should be able to change it? We already have a PR for it https://issues.jboss.org/browse/KEYCLOAK-5026. _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev

Reply

Stian Thorgersen

Monday, 12 June Mon, 12 Jun

2:05 a.m.

Not always. What about for instance the case when folks are importing a bunch of users and have a dB filled with hashed passwords. On 10 Jun 2017 6:09 am, "Bill Burke" <bburke(a)redhat.com> wrote:

credentials is somethign that is supposed to be set by the user. On 6/9/17 5:49 AM, Stian Thorgersen wrote: > Currently the admin endpoints ignores credentials when creating the user > and a second post is needed to add credentials. > > I don't see any reason why it has to be this way and we should be able to > change it? > > We already have a PR for it https://issues.jboss.org/ browse/KEYCLOAK-5026. > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev

Reply

Bill Burke

6:50 a.m.

don't we already support this via import? On 6/12/17 3:05 AM, Stian Thorgersen wrote:

Not always. What about for instance the case when folks are importing a bunch of users and have a dB filled with hashed passwords. On 10 Jun 2017 6:09 am, "Bill Burke" <bburke(a)redhat.com <mailto:bburke@redhat.com>> wrote: credentials is somethign that is supposed to be set by the user. On 6/9/17 5:49 AM, Stian Thorgersen wrote: > Currently the admin endpoints ignores credentials when creating the user > and a second post is needed to add credentials. > > I don't see any reason why it has to be this way and we should be able to > change it? > > We already have a PR for it https://issues.jboss.org/browse/KEYCLOAK-5026 <https://issues.jboss.org/browse/KEYCLOAK-5026>;. > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/keycloak-dev <https://lists.jboss.org/mailman/listinfo/keycloak-dev> _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-dev <https://lists.jboss.org/mailman/listinfo/keycloak-dev>

Reply

Stian Thorgersen

Thursday, 15 June Thu, 15 Jun

5:51 a.m.

We do, either through import at startup for a new realm or partial import at runtime. However, those are bulk operations to import a bunch of stuff at the same time. We already let the admin set the credentials as well as role-mappings, but it has to be done with several calls. I can see a few valid uses cases to be able to add users: * Some sort of scripted migration of users, where you want to import one user at a time and you have access to the hashed password * An external user provisioning system and/or user self-registration service On 12 June 2017 at 13:50, Bill Burke <bburke(a)redhat.com> wrote:

don't we already support this via import? On 6/12/17 3:05 AM, Stian Thorgersen wrote: Not always. What about for instance the case when folks are importing a bunch of users and have a dB filled with hashed passwords. On 10 Jun 2017 6:09 am, "Bill Burke" <bburke(a)redhat.com> wrote: > credentials is somethign that is supposed to be set by the user. > > > On 6/9/17 5:49 AM, Stian Thorgersen wrote: > > Currently the admin endpoints ignores credentials when creating the user > > and a second post is needed to add credentials. > > > > I don't see any reason why it has to be this way and we should be able > to > > change it? > > > > We already have a PR for it https://issues.jboss.org/brows > e/KEYCLOAK-5026. > > _______________________________________________ > > keycloak-dev mailing list > > keycloak-dev(a)lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-dev > > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev >

Reply

2752

days inactive

2758

days old

keycloak-dev@lists.jboss.org

Manage subscription

6 comments

4 participants

tags (0)

participants (4)

Bill Burke
John D. Ament
Sebastien Blanc
Stian Thorgersen