If I understand your question correctly and your trying to reset or change a user's
password within your own service, you can do this now.
Example:
Keycloak kc = Keycloak.getInstance( KEYCLOAK_URL, REALM, USER, PASS,
"admin-cli");
List<UserRepresentation> users = kc.realm("MYREALM").users().search(login,
null, null, null, 0, 12);
UserRepresentation userCheck = users.get(0);
String userID = userCheck.getId();
UserResource userResource = kc.realm("MYREALM").users().get(userID);
CredentialRepresentation credential = new CredentialRepresentation();
credential.setType(CredentialRepresentation.PASSWORD);
credential.setValue(someMethod.generatePassword());
credential.setTemporary(false);
logger.info("Updating user");
userResource.update(userCheck); // if you changed any other values on the user
userResource.resetPassword(credential); // resets the password
We use this approach to allow the user to update settings via our own service layer and
change the appropriate credentials in Keycloak within our own service layer.
-----Original Message-----
From: "abhishek raghav" <abhi.raghav007(a)gmail.com>
Sent: Friday, October 21, 2016 9:10am
To: stian(a)redhat.com
Cc: "keycloak-user" <keycloak-user(a)lists.jboss.org>
Subject: Re: [keycloak-user] Not able to set credentials for a user while creating a user
through my own Rest API
Hey
Thanks for explaining how the user credential are setting.
I guess the problem which I facing can be solved by using KEYCLOAK- 1835
*https://issues.jboss.org/browse/KEYCLOAK-1835
<
https://issues.jboss.org/browse/KEYCLOAK-1835>*
When can we expect this to be released..?
And if it is not going to be released in the future, what should be the
strategy to activate the user where they can set there password.
Keycloak send a link to update the password to the user at the time of user
creation. Now this link have very small life time. Now I cant expect my
users to respond that quickly. (Say 5 minutes) So by then they click on it,
it gets expired.
This isn't a problem with self registration. Just when administrator is
creating account for the user.
Please suggest any strategy to come-over this scenario or whats the
standard way IDM does to activate the user account / Provision the users
first time.
Cheers
Abhishek
On Fri, Oct 21, 2016 at 10:19 AM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
We'll never expose user credentials over the rest endpoints. We
don't even
know them as they are hashed.
Instead of sending a temporary password you should send the user a reset
password link. That's a special code that let's the user set the password.
On 20 October 2016 at 21:55, abhishek raghav <abhi.raghav007(a)gmail.com>
wrote:
> I am able to set the user credentials by calling a different endpoint as
> suggested by you. but still when I am inspecting the returned
> UserRepresentation Object, credentials are coming as null.
>
> I am actually trying to create a email template theme, where I am sending
> the temporary created user password to the user to his registered email.
> So
> I am able to introduce username like this :
>
> ${msg("executeActionsBodyHtml",link, linkExpiration, realmName,
> user.getUsername())}
>
> But when I am trying to do same for
> credentials, user.getCredentials().get(0).getValue() I am getting a Null
> pointer as credentials were not set in the user.
>
> I know its kind of absurd.
>
> Please suggest. What I am doing wrong.
>
> Cheers
> Abhishek
>
>
>
>
>
>
>
> On Thu, Oct 20, 2016 at 9:11 PM, Marek Posolda <mposolda(a)redhat.com>
> wrote:
>
> > Yes, but we have separate endpoint for manage (reset) user password and
> > other credentials.
> >
> > See for example admin console and check with some plugin (like FF
> firebug
> > for example) what REST endpoints are called when you reset password for
> > some user.
> >
> > Marek
> >
> >
> > On 20/10/16 17:02, abhishek raghav wrote:
> >
> >> Hey
> >>
> >> I am writing to create user by calling keycloak rest APIs through my
> own
> >> REST api's. I am able to set all other properties of a user and create
> a
> >> user, but when i try assigning the credentials , I get stuck.
> >>
> >> First of all Is it possible to do it externally create such scenario..?
> >>
> >> If yes, how can i do that.
> >>
> >>
> >> Cheers
> >> Abhishek
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user(a)lists.jboss.org
> >>
https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>
> >
> >
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user