Henning, you're welcome,
In fact, if you need only users (not consents) returned from the query,
you could use JPQL projection as follows:
select consent.user from UserConsentEntity consent where
consent.clientId = :clientId
Cheers,
Dmitry
On Mon, 2018-07-02 at 08:14 +0200, Henning Waack wrote:
Thanks Dimitry, this is exactly what I am looking for! Will give it
a
try and report my findings! Thanks especially for the list of
examples and the sample SQL Query!
Greetings
Henning
2018-06-30 12:30 GMT+02:00 Dmitry Telegin <dt(a)acutus.pro>:
> Hi Henning, sorry for late response,
>
> I assume that by "getting a list of all users with consent for a
> specific client" you mean exposing this list over REST API (correct
> me if I'm wrong).
>
> For this, you will need to implement a custom REST endpoint using
> Realm Resource SPI [1] that will execute a single JPA query:
>
> select consent from UserConsentEntity consent where
> consent.clientId = :clientId
>
> then convert the results to a list of UserConsentRepresentation's
> and return it. If you want to see the list in the admin GUI, you'll
> also have to implement a GUI theme.
>
> Please remember that by default custom REST resources are public,
> so you'll need to implement proper access control. Examples that
> might be helpful here:
> - examples/providers/rest: a minimal example of custom REST
> resource;
> - examples/providers/domain-extension: an advanced example that
> (among other) demonstrates interacting with the JPA layer;
> unfortunately, it is not maintained, and the authorization code is
> broken at the moment [2];
> - BeerCloak [3]: a more complete and complex example that is
> maintained and working. Currently, authorization is implemented in
> a pre-3.2.0 way (but should still work in 4.0.0). I'm going to port
> it to post-3.2.0 soon (that means, fine-grained permissions), so
> stay tuned;
> - examples/themes - if you're looking to extending the GUI.
>
> See also:
> org.keycloak.models.jpa.entities.UserConsentEntity
> org.keycloak.representations.idm.UserConsentRepresentation
> org.keycloak.services.resources.admin.UserResource::getConsents()
> org.keycloak.models.jpa.JpaUserProvider::getConsents()
>
> Cheers,
> Dmitry Telegin
> CTO, Acutus s.r.o.
> Keycloak Consulting and Training
>
> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> + 42 (022) 888-30-71
> E-mail: info@acutus.pro
>
> [1]
>
https://www.keycloak.org/docs/latest/server_development/index.html#
> _extensions_rest
> [2]
https://issues.jboss.org/browse/KEYCLOAK-5927
> [3]
https://github.com/dteleguin/beercloak
>
> > Hey guys, any input on this? Appreciate it! :)
> >
> > Thanks
> >
> > Henning
> >
> > 2018-06-25 13:35 GMT+02:00 Henning Waack
> > <henning.waack(a)codecentric.de>:
> >
> > > Hi.
> > >
> > > Is it possible to get a list of all users who have given their
> > > consent for
> > > a specific client? I am working with KC 4.0 (and Spring Boot
> > > 2.0).
> > >
> > > Thanks & greetings
> > >
> > > Henning
> > >
> >
> >
> >