Re: [keycloak-user] Get all users for a given client with consent

Hi Henning, sorry for late response, I assume that by "getting a list of all users with consent for a specific client" you mean exposing this list over REST API (correct me if I'm wrong). For this, you will need to implement a custom REST endpoint using Realm Resource SPI [1] that will execute a single JPA query: select consent from UserConsentEntity consent where consent.clientId = :clientId then convert the results to a list of UserConsentRepresentation's and return it. If you want to see the list in the admin GUI, you'll also have to implement a GUI theme. Please remember that by default custom REST resources are public, so you'll need to implement proper access control. Examples that might be helpful here:- examples/providers/rest: a minimal example of custom REST resource;- examples/providers/domain-extension: an advanced example that (among other) demonstrates interacting with the JPA layer; unfortunately, it is not maintained, and the authorization code is broken at the moment [2];- BeerCloak [3]: a more complete and complex example that is maintained and working. Currently, authorization is implemented in a pre-3.2.0 way (but should still work in 4.0.0). I'm going to port it to post-3.2.0 soon (that means, fine-grained permissions), so stay tuned;- examples/themes - if you're looking to extending the GUI. See also:org.keycloak.models.jpa.entities.UserConsentEntityorg.keycloak.rep resentations.idm.UserConsentRepresentationorg.keycloak.services.resourc es.admin.UserResource::getConsents()org.keycloak.models.jpa.JpaUserProv ider::getConsents() Cheers, Dmitry Telegin CTO, Acutus s.r.o. Keycloak Consulting and Training Pod lipami street 339/52, 130 00 Prague 3, Czech Republic + 42 (022) 888-30-71 E-mail: info@acutus.pro [1] https://www.keycloak.org/docs/latest/server_development/index.html# _extensions_rest[2] https://issues.jboss.org/browse/KEYCLOAK-5927[3] https://github.com/dteleguin/beercloak