Get all users for a given client with consent - keycloak-user - Jboss List Archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Get all users for a given client with consent

Reverse Proxy issue

Keycloak on Kubernetes - HTTPS...

Henning Waack

Monday, 25 June 2018 Mon, 25 Jun '18

6:35 a.m.

Hi. Is it possible to get a list of all users who have given their consent for a specific client? I am working with KC 4.0 (and Spring Boot 2.0). Thanks & greetings Henning

Reply

Show replies by date

Henning Waack

Friday, 29 June Fri, 29 Jun

1:29 a.m.

Hey guys, any input on this? Appreciate it! :) Thanks Henning 2018-06-25 13:35 GMT+02:00 Henning Waack <henning.waack(a)codecentric.de>:

Hi. Is it possible to get a list of all users who have given their consent for a specific client? I am working with KC 4.0 (and Spring Boot 2.0). Thanks & greetings Henning

-- ----------- Henning Waack | IT Consultant codecentric AG | Hochstraße 11 <https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli... | <https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli... <https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli... Solingen <https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli... |Deutschland <https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli... tel: +49 (0)151 108 515 29 www.codecentric.de | blog.codecentric.de | www.meettheexperts.de Sitz der Gesellschaft: Solingen | HRB 25917 | Amtsgericht Wuppertal Vorstand: Michael Hochgürtel . Ulrich Kühn . Rainer Vehns Aufsichtsrat: Patric Fedlmeier (Vorsitzender) . Klaus Jäger . Jürgen Schütz Diese E-Mail einschließlich evtl. beigefügter Dateien enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail und evtl. beigefügter Dateien umgehend. Das unerlaubte Kopieren, Nutzen oder Öffnen evtl. beigefügter Dateien sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.

Reply

Dmitry Telegin

Saturday, 30 June Sat, 30 Jun

5:30 a.m.

Hi Henning, sorry for late response, I assume that by "getting a list of all users with consent for a specific client" you mean exposing this list over REST API (correct me if I'm wrong). For this, you will need to implement a custom REST endpoint using Realm Resource SPI [1] that will execute a single JPA query: select consent from UserConsentEntity consent where consent.clientId = :clientId then convert the results to a list of UserConsentRepresentation's and return it. If you want to see the list in the admin GUI, you'll also have to implement a GUI theme. Please remember that by default custom REST resources are public, so you'll need to implement proper access control. Examples that might be helpful here:- examples/providers/rest: a minimal example of custom REST resource;- examples/providers/domain-extension: an advanced example that (among other) demonstrates interacting with the JPA layer; unfortunately, it is not maintained, and the authorization code is broken at the moment [2];- BeerCloak [3]: a more complete and complex example that is maintained and working. Currently, authorization is implemented in a pre-3.2.0 way (but should still work in 4.0.0). I'm going to port it to post-3.2.0 soon (that means, fine-grained permissions), so stay tuned;- examples/themes - if you're looking to extending the GUI. See also:org.keycloak.models.jpa.entities.UserConsentEntityorg.keycloak.rep resentations.idm.UserConsentRepresentationorg.keycloak.services.resourc es.admin.UserResource::getConsents()org.keycloak.models.jpa.JpaUserProv ider::getConsents() Cheers, Dmitry Telegin CTO, Acutus s.r.o. Keycloak Consulting and Training Pod lipami street 339/52, 130 00 Prague 3, Czech Republic + 42 (022) 888-30-71 E-mail: info@acutus.pro [1] https://www.keycloak.org/docs/latest/server_development/index.html# _extensions_rest[2] https://issues.jboss.org/browse/KEYCLOAK-5927[3] https://github.com/dteleguin/beercloak

Hey guys, any input on this? Appreciate it! :) Thanks Henning 2018-06-25 13:35 GMT+02:00 Henning Waack <henning.waack(a)codecentric.d e>: > Hi. > > Is it possible to get a list of all users who have given their > consent for > a specific client? I am working with KC 4.0 (and Spring Boot 2.0). > > Thanks & greetings > > Henning >

Reply

Henning Waack

Monday, 2 July Mon, 2 Jul

1:14 a.m.

Thanks Dimitry, this is exactly what I am looking for! Will give it a try and report my findings! Thanks especially for the list of examples and the sample SQL Query! Greetings Henning 2018-06-30 12:30 GMT+02:00 Dmitry Telegin <dt(a)acutus.pro>:

Hi Henning, sorry for late response, I assume that by "getting a list of all users with consent for a specific client" you mean exposing this list over REST API (correct me if I'm wrong). For this, you will need to implement a custom REST endpoint using Realm Resource SPI [1] that will execute a single JPA query: select consent from UserConsentEntity consent where consent.clientId = :clientId then convert the results to a list of UserConsentRepresentation's and return it. If you want to see the list in the admin GUI, you'll also have to implement a GUI theme. Please remember that by default custom REST resources are public, so you'll need to implement proper access control. Examples that might be helpful here: - examples/providers/rest: a minimal example of custom REST resource; - examples/providers/domain-extension: an advanced example that (among other) demonstrates interacting with the JPA layer; unfortunately, it is not maintained, and the authorization code is broken at the moment [2]; - BeerCloak [3]: a more complete and complex example that is maintained and working. Currently, authorization is implemented in a pre-3.2.0 way (but should still work in 4.0.0). I'm going to port it to post-3.2.0 soon (that means, fine-grained permissions), so stay tuned; - examples/themes - if you're looking to extending the GUI. See also: org.keycloak.models.jpa.entities.UserConsentEntity org.keycloak.representations.idm.UserConsentRepresentation org.keycloak.services.resources.admin.UserResource::getConsents() org.keycloak.models.jpa.JpaUserProvider::getConsents() Cheers, Dmitry Telegin CTO, Acutus s.r.o. Keycloak Consulting and Training Pod lipami street 339/52, 130 00 Prague 3, Czech Republic <https://maps.google.com/?q=Pod+lipami+street+339/52,+130+00+Prague+3,+Cze... + 42 (022) 888-30-71 E-mail: <info(a)acutus.pro> <info@acutus.pro>info(a)acutus.pro [1] https://www.keycloak.org/docs/latest/server_development/ index.html#_extensions_rest [2] https://issues.jboss.org/browse/KEYCLOAK-5927 [3] https://github.com/dteleguin/beercloak Hey guys, any input on this? Appreciate it! :) Thanks Henning 2018-06-25 13:35 GMT+02:00 Henning Waack <henning.waack(a)codecentric.de>: Hi. Is it possible to get a list of all users who have given their consent for a specific client? I am working with KC 4.0 (and Spring Boot 2.0). Thanks & greetings Henning

-- ----------- Henning Waack | IT Consultant codecentric AG | Hochstraße 11 <https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli... | <https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli... <https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli... Solingen <https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli... |Deutschland <https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli... tel: +49 (0)151 108 515 29 www.codecentric.de | blog.codecentric.de | www.meettheexperts.de Sitz der Gesellschaft: Solingen | HRB 25917 | Amtsgericht Wuppertal Vorstand: Michael Hochgürtel . Ulrich Kühn . Rainer Vehns Aufsichtsrat: Patric Fedlmeier (Vorsitzender) . Klaus Jäger . Jürgen Schütz Diese E-Mail einschließlich evtl. beigefügter Dateien enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail und evtl. beigefügter Dateien umgehend. Das unerlaubte Kopieren, Nutzen oder Öffnen evtl. beigefügter Dateien sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.

Reply

Dmitry Telegin

3:55 a.m.

Henning, you're welcome, In fact, if you need only users (not consents) returned from the query, you could use JPQL projection as follows: select consent.user from UserConsentEntity consent where consent.clientId = :clientId Cheers, Dmitry On Mon, 2018-07-02 at 08:14 +0200, Henning Waack wrote:

Thanks Dimitry, this is exactly what I am looking for! Will give it a try and report my findings! Thanks especially for the list of examples and the sample SQL Query! Greetings Henning 2018-06-30 12:30 GMT+02:00 Dmitry Telegin <dt(a)acutus.pro>: > Hi Henning, sorry for late response, > > I assume that by "getting a list of all users with consent for a > specific client" you mean exposing this list over REST API (correct > me if I'm wrong). > > For this, you will need to implement a custom REST endpoint using > Realm Resource SPI [1] that will execute a single JPA query: > > select consent from UserConsentEntity consent where > consent.clientId = :clientId > > then convert the results to a list of UserConsentRepresentation's > and return it. If you want to see the list in the admin GUI, you'll > also have to implement a GUI theme. > > Please remember that by default custom REST resources are public, > so you'll need to implement proper access control. Examples that > might be helpful here: > - examples/providers/rest: a minimal example of custom REST > resource; > - examples/providers/domain-extension: an advanced example that > (among other) demonstrates interacting with the JPA layer; > unfortunately, it is not maintained, and the authorization code is > broken at the moment [2]; > - BeerCloak [3]: a more complete and complex example that is > maintained and working. Currently, authorization is implemented in > a pre-3.2.0 way (but should still work in 4.0.0). I'm going to port > it to post-3.2.0 soon (that means, fine-grained permissions), so > stay tuned; > - examples/themes - if you're looking to extending the GUI. > > See also: > org.keycloak.models.jpa.entities.UserConsentEntity > org.keycloak.representations.idm.UserConsentRepresentation > org.keycloak.services.resources.admin.UserResource::getConsents() > org.keycloak.models.jpa.JpaUserProvider::getConsents() > > Cheers, > Dmitry Telegin > CTO, Acutus s.r.o. > Keycloak Consulting and Training > > Pod lipami street 339/52, 130 00 Prague 3, Czech Republic > + 42 (022) 888-30-71 > E-mail: info@acutus.pro > > [1] > https://www.keycloak.org/docs/latest/server_development/index.html# > _extensions_rest > [2] https://issues.jboss.org/browse/KEYCLOAK-5927 > [3] https://github.com/dteleguin/beercloak > > > Hey guys, any input on this? Appreciate it! :) > > > > Thanks > > > > Henning > > > > 2018-06-25 13:35 GMT+02:00 Henning Waack > > <henning.waack(a)codecentric.de>: > > > > > Hi. > > > > > > Is it possible to get a list of all users who have given their > > > consent for > > > a specific client? I am working with KC 4.0 (and Spring Boot > > > 2.0). > > > > > > Thanks & greetings > > > > > > Henning > > > > > > > > >

Reply

2364

days inactive

2371

days old

keycloak-user@lists.jboss.org

Manage subscription

4 comments

2 participants

tags (0)

participants (2)

Dmitry Telegin
Henning Waack