8:51 p.m.
I hope this is my last question to this list :-)
I want to check if a user exists with given username/or email address
from within an Android App while the user is typing.
Hence I want to provide a REST endpoint to let the app check. I am using
the Admin REST API for backchannel requests to keycloak from within my
servlet.
/admin/realms/{my-realm}/users/{username} (or the get(username)
equivalent of admin-client) does not work for checking if the email
address is already in use.
/admin/realms/{my-realm}/users?search={username} works for email, but
it's greedy. I think "%" is added at beginning and end of the query
parameters before the database request, so that search hits are quasi
guaranteed. E.g. if someone has a registered Email Address of
john.smith(a)example.com and someone tries to register with
smith(a)example.com or smith(a)example.com.br it is shown as already in use.
Any ideas? How is this solved in the web frontend? Maybe the Admin REST
API endpoint should support username and email as path params when those
two can be used to login?
Best Regards
Benjamin
7:21 a.m.
----- Original Message -----
From: "Benjamin Hansmann [alphaApps]"
<b.hansmann(a)alphaapps.de>
To: "keycloak-user" <keycloak-user(a)lists.jboss.org>
Sent: Thursday, 7 May, 2015 8:51:15 PM
Subject: [keycloak-user] Check to see if user exists with Admin REST API
I hope this is my last question to this list :-)
That sounds very sinister, please don't go ;)
I want to check if a user exists with given username/or email address
from within an Android App while the user is typing.
Hence I want to provide a REST endpoint to let the app check. I am using
the Admin REST API for backchannel requests to keycloak from within my
servlet.
/admin/realms/{my-realm}/users/{username} (or the get(username)
equivalent of admin-client) does not work for checking if the email
address is already in use.
/admin/realms/{my-realm}/users?search={username} works for email, but
it's greedy. I think "%" is added at beginning and end of the query
parameters before the database request, so that search hits are quasi
guaranteed. E.g. if someone has a registered Email Address of
john.smith(a)example.com and someone tries to register with
smith(a)example.com or smith(a)example.com.br it is shown as already in use.
Any ideas? How is this solved in the web frontend? Maybe the Admin REST
API endpoint should support username and email as path params when those
two can be used to login?
I wouldn't hit Keycloak with these queries, especially not if you're expecting
your app to have many users. I'd write an event listener provider and use that to
write usernames and emails that are in use to your application database and query that
instead.
Best Regards
Benjamin
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
11:44 a.m.
On Fri, 2015-05-08 at 01:21 -0400, Stian Thorgersen wrote:
----- Original Message -----
> From: "Benjamin Hansmann [alphaApps]" <b.hansmann(a)alphaapps.de>
> To: "keycloak-user" <keycloak-user(a)lists.jboss.org>
> Sent: Thursday, 7 May, 2015 8:51:15 PM
> Subject: [keycloak-user] Check to see if user exists with Admin REST API
>
> I hope this is my last question to this list :-)
That sounds very sinister, please don't go ;)
>
> I want to check if a user exists with given username/or email address
> from within an Android App while the user is typing.
>
> Hence I want to provide a REST endpoint to let the app check. I am using
> the Admin REST API for backchannel requests to keycloak from within my
> servlet.
>
> /admin/realms/{my-realm}/users/{username} (or the get(username)
> equivalent of admin-client) does not work for checking if the email
> address is already in use.
>
> /admin/realms/{my-realm}/users?search={username} works for email, but
> it's greedy. I think "%" is added at beginning and end of the query
> parameters before the database request, so that search hits are quasi
> guaranteed. E.g. if someone has a registered Email Address of
> john.smith(a)example.com and someone tries to register with
> smith(a)example.com or smith(a)example.com.br it is shown as already in use.
>
> Any ideas? How is this solved in the web frontend? Maybe the Admin REST
> API endpoint should support username and email as path params when those
> two can be used to login?
I wouldn't hit Keycloak with these queries, especially not if you're expecting
your app to have many users. I'd write an event listener provider and use that to
write usernames and emails that are in use to your application database and query that
instead.
Thanks Stian. If I do that, maybe I should write an User Federation
Provider upfront and store the users in my db. Do you think this is a
better option than creating users via admin rest API?
I still wouldn't have a feature to trigger verification emails, right? I
am doing it with a dirty workaround to login the user with apache
httpclient once to trigger it now.
>
> Best Regards
> Benjamin
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
1:20 p.m.
----- Original Message -----
From: "Benjamin Hansmann [alphaApps]"
<b.hansmann(a)alphaapps.de>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: "keycloak-user" <keycloak-user(a)lists.jboss.org>
Sent: Friday, 8 May, 2015 11:44:29 AM
Subject: Re: [keycloak-user] Check to see if user exists with Admin REST API
On Fri, 2015-05-08 at 01:21 -0400, Stian Thorgersen wrote:
>
> ----- Original Message -----
> > From: "Benjamin Hansmann [alphaApps]"
<b.hansmann(a)alphaapps.de>
> > To: "keycloak-user" <keycloak-user(a)lists.jboss.org>
> > Sent: Thursday, 7 May, 2015 8:51:15 PM
> > Subject: [keycloak-user] Check to see if user exists with Admin REST API
> >
> > I hope this is my last question to this list :-)
>
> That sounds very sinister, please don't go ;)
>
> >
> > I want to check if a user exists with given username/or email address
> > from within an Android App while the user is typing.
> >
> > Hence I want to provide a REST endpoint to let the app check. I am using
> > the Admin REST API for backchannel requests to keycloak from within my
> > servlet.
> >
> > /admin/realms/{my-realm}/users/{username} (or the get(username)
> > equivalent of admin-client) does not work for checking if the email
> > address is already in use.
> >
> > /admin/realms/{my-realm}/users?search={username} works for email, but
> > it's greedy. I think "%" is added at beginning and end of the
query
> > parameters before the database request, so that search hits are quasi
> > guaranteed. E.g. if someone has a registered Email Address of
> > john.smith(a)example.com and someone tries to register with
> > smith(a)example.com or smith(a)example.com.br it is shown as already in use.
> >
> > Any ideas? How is this solved in the web frontend? Maybe the Admin REST
> > API endpoint should support username and email as path params when those
> > two can be used to login?
>
> I wouldn't hit Keycloak with these queries, especially not if you're
> expecting your app to have many users. I'd write an event listener
> provider and use that to write usernames and emails that are in use to
> your application database and query that instead.
>
Thanks Stian. If I do that, maybe I should write an User Federation
Provider upfront and store the users in my db. Do you think this is a
better option than creating users via admin rest API?
I'd go for the event listener approach personally as it's much simpler if all you
want is a list of usernames and emails, but you can also do the same through the user
federation spi.
I still wouldn't have a feature to trigger verification emails, right? I
am doing it with a dirty workaround to login the user with apache
httpclient once to trigger it now.
Dunno what you mean about verification emails, those are sent when user first logins if
realm requires it.
> >
> > Best Regards
> > Benjamin
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
3528
days inactive
3529
days old
3 comments
2 participants
participants (2)
-
Benjamin Hansmann [alphaApps] -
Stian Thorgersen