There's also a Keycloak specific mechanism for accessing the account of the user
associated with the token.
To do this open the scope mappings for your app/client, and select 'account' in
the application roles, select 'view-profile' and click the right-arrow. This will
allow your app/client to view the profile of the current user.
Then you can make a request (with bearer token) to:
/auth/rest/realms/myrealm/account
In the future we'll add support to do all account specific things through these REST
endpoints to support all operations provided by the account management application.
----- Original Message -----
From: "Dean Peterson" <peterson.dean(a)gmail.com>
To: keycloak-user(a)lists.jboss.org
Sent: Tuesday, 4 March, 2014 7:15:31 PM
Subject: [keycloak-user] How to access realms/{realm}/users/{user} with Application
Hello,
I am trying to find the best way to access the UsersResource.java Rest
services outside the keycloak admin application to get a user's information.
How do I make a request using just the client's credentials?
I currently use something like this but I get a 401 because I am using a
user's oauth token and they only have user privileges:
SkeletonKeySession session = (SkeletonKeySession) request
.getAttribute(SkeletonKeySession.class.getName());
ResteasyClient client = new ResteasyClientBuilder()
.trustStore(session.getMetadata().getTruststore())
.hostnameVerification(
ResteasyClientBuilder.HostnameVerificationPolicy.ANY)
.build();
String username = request.getRemoteUser();
Profile profile = null;
try {
Response response = client
.target("
http://server:8080/auth/rest/admin/realms/myrealm/users/ ")
.path(username)
.request()
.header(HttpHeaders.AUTHORIZATION,
"Bearer " + session.getTokenString()).get();
// Get the existing entry if there is one. Otherwise, just return
// the regular
// entity retrieved from the remote system.
try {
profile = profileRepository
.findByRegistrationId(member.getId());
} catch (NoResultException e) {
// ignore
}
} finally {
client.close();
}
Is there a way for the application to make a request directly as an admin
without giving the user admin privileges?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user