Re: [keycloak-user] How to configure my client for use ADMIN REST API [DELETE]: https://keycloaksrv.fr/auth/admin/realms/myclient/users/'
I'm pretty sure this is similar to the problem I'm having, and I'm also pretty
sure that you need to either:
- add the assigned roles needed for the admin API call (eg, as Sebastien wrote) to the
service or user account;
AND ensure the token is issued for the admin clients (either "admin-cli" or
"security-admin-console" by default)
(ie, the "azp" claim is either "admin-cli" or
"security-admin-console")
OR
- if the token is NOT issued for the admin clients, the token needs a
"resource_access" claim which is a map containing the
"realm-management" key with a map value having a "roles" key which is
an array of role name strings. eg:
"resource_access": {
"realm-management": {
"roles": [ "manage-users" ]
}
}
Cheers,
Gary
On 7 May 2019, at 2:54 am, Sebastien Blanc <sblanc(a)redhat.com>
wrote:
Give your user the "manage-users" role , you can do that from the role
Mappings tab in the user screen and select in "client roles" =>
"realm-management" and there you should see the role "manage-users"
and
assign it.
On Mon, May 6, 2019 at 5:45 PM Christophe Lehingue <clehingue(a)gmail.com>
wrote:
> Hello, how to configure a client so that the user can use the user removal
> API?
>
> [DELETE]:
>
https://keycloaksrv.fr/auth/admin/realms/myclient/users/fdskgjdkdjkgjf-sd...
>
> Whenever I try to call this request REST => I get the following error
> message: "resulted in a 401/403 Unauthorized`"
>
> Can you help me ?
>
> Thank you
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Attachments:
- smime.p7s (application/pkcs7-signature — 3.4 KB)