Re: [keycloak-user] How to access realms/{realm}/users/{user} with Application

Tuesday, 4 March 2014

On 3/4/2014 2:15 PM, Dean Peterson wrote:
...
 Hello,

 I am trying to find the best way to access the UsersResource.java Rest
 services outside the keycloak admin application to get a user's
 information.  How do I make a request using just the client's credentials?

You just want basic information right?  name, email, etc.?  Next release 
(March 13th) we'll have OpenID Connect support.  SkeletonKeysession 
(renamed to KeycloakSecurityContext) will have a reference to an IDToken 
which can be populated with various user information (claims).  Allowed 
claims are specified per application/oauth client.

You can build and use this right now.  View the 
preconfigured/customer-portal examples to see how its being done right

If you don't want to build/run from master you can do a POST to 
/auth/rest/realms/keycloak-admin/tokens/grants/access

URL form encoded parameters of:

username=admin	
password=admin-password

This will return an access token which you can use to invoke on the 
admin REST API.  *NOTE* we're chaning this particular REST API next 
release too :(

...
 I currently use something like this but I get a 401 because I am
using a
 user's oauth token and they only have user privileges:
 SkeletonKeySession session = (SkeletonKeySession) request
                  .getAttribute(SkeletonKeySession.class.getName());
          ResteasyClient client = new ResteasyClientBuilder()
                  .trustStore(session.getMetadata().getTruststore())
                  .hostnameVerification(

 ResteasyClientBuilder.HostnameVerificationPolicy.ANY)
                  .build();

          String username = request.getRemoteUser();

          Profile profile = null;

          try {

              Response response = client

 .target("http://server:8080/auth/rest/admin/realms/myrealm/users/")
                      .path(username)
                      .request()
                      .header(HttpHeaders.AUTHORIZATION,
                              "Bearer " + session.getTokenString()).get();

              // Get the existing entry if there is one. Otherwise, just
 return
              // the regular
              // entity retrieved from the remote system.
              try {
                  profile = profileRepository
                          .findByRegistrationId(member.getId());

              } catch (NoResultException e) {
                  // ignore
              }

          } finally {
              client.close();
          }

 Is there a way for the application to make a request directly as an
 admin without giving the user admin privileges?

 _______________________________________________
 keycloak-user mailing list
 keycloak-user(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-user

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [keycloak-user] How to access realms/{realm}/users/{user} with Application