Hi, I think you're looking for this, it's not very easy to find in the
docs. Search for the string below:
POST /{realm}/users/{id}/role-mappings/clients/{client}
The body would need to look something like this:
[
{
"id": "5da312c5-1c65-4306-affb-6e2132dfb052",
"name": "admin",
"composite": true,
"clientRole": true,
"containerId": "32296d33-f288-4762-b723-77218f1feb7d"
}
]
The containerId is the same as the {client} in the endpoint. I'm not sure
it is required.
On Tue, 5 Feb 2019 at 09:50, Dimitris Charlaftis <dharlaftis(a)ekt.gr> wrote:
Ηello,
thank you for the reply.
In [2], in the call
POST /{realm}/groups/{id}/role-mappings/clients/{client}
there is no reference to the username, so The API cannot understand which
user we are referring to.
I want to assign a client role to a specific user, but it seems that this
call you sent me refers to adding roles per client application.
Please, can you help?
Regards,
Dimitris
On 2/5/2019 1:27 AM, Dmitry Telegin wrote:
> Hello Dimitris,
>
> You should use another call to a role-mappers endpoint, see [1] and [2].
>
> [1]
https://www.keycloak.org/docs-api/4.8/rest-api/index.html#_role_mapper_re...
> [2]
https://www.keycloak.org/docs-api/4.8/rest-api/index.html#_client_role_ma...
>
> Cheers,
> Dmitry Telegin
> CTO, Acutus s.r.o.
> Keycloak Consulting and Training
>
> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> +42 (022) 888-30-71
> E-mail: info(a)acutus.pro
>
> On Mon, 2019-02-04 at 11:39 +0200, Dimitris Charlaftis wrote:
>> Hello,
>>
>> I want to assign a client role to a specfic user using keycloak rest
API.
>>
>> From the documentaion, i tried this:
>>
>> I have a realm called internal_applications and a client under this
>> realm called test_app. In this client (test_app), I have manually
>> created some client roles, i.e. administrator.
>>
>>
>> Then, I hit the server with postman
>>
>> HTTP POST http://
<keycloak-server-url>/auth/admin/realms/<realm-name>/users
>>
>> BODY:
>>
>> {
>>> "username": "jim(a)ka.gr <
http://ka.gr/>",
>> "firstName": "Jim",
>> "lastName": "Sanders",
>>> "email": "jim(a)ka.gr <
http://ka.gr/>",
>> "clientRoles": {
>> "test_app": ["administrator"]
>> }
>>
>> }
>>
>>> This http call adds the user jim(a)ka.gr to keycloak, but DOES NOT
ASSIGN
>> the already existing client role administrator to him.
>>
>> How can I do this?
>>
>> Please, help...
>>
>> Dimitris
>>
>>
--
_____________________________
Dimitris Charlaftis
Software Engineer
National Documentation Center
email: dharlaftis(a)ekt.gr
_____________________________
---
This email has been checked for viruses by AVG.
https://www.avg.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user