[keycloak-user] Check to see if user exists with Admin REST API

Benjamin Hansmann [alphaApps] b.hansmann at alphaapps.de
Fri May 8 05:44:29 EDT 2015 

On Fri, 2015-05-08 at 01:21 -0400, Stian Thorgersen wrote:
> 
> ----- Original Message -----
> > From: "Benjamin Hansmann [alphaApps]" <b.hansmann at alphaapps.de>
> > To: "keycloak-user" <keycloak-user at lists.jboss.org>
> > Sent: Thursday, 7 May, 2015 8:51:15 PM
> > Subject: [keycloak-user] Check to see if user exists with Admin REST API
> > 
> > I hope this is my last question to this list :-)
> 
> That sounds very sinister, please don't go ;)
> 
> > 
> > I want to check if a user exists with given username/or email address
> > from within an Android App while the user is typing.
> > 
> > Hence I want to provide a REST endpoint to let the app check. I am using
> > the Admin REST API for backchannel requests to keycloak from within my
> > servlet.
> > 
> > /admin/realms/{my-realm}/users/{username} (or the get(username)
> > equivalent of admin-client) does not work for checking if the email
> > address is already in use.
> > 
> > /admin/realms/{my-realm}/users?search={username} works for email, but
> > it's greedy. I think "%" is added at beginning and end of the query
> > parameters before the database request, so that search hits are quasi
> > guaranteed. E.g. if someone has a registered Email Address of
> > john.smith at example.com and someone tries to register with
> > smith at example.com or smith at example.com.br it is shown as already in use.
> > 
> > Any ideas? How is this solved in the web frontend? Maybe the Admin REST
> > API endpoint should support username and email as path params when those
> > two can be used to login?
> 
> I wouldn't hit Keycloak with these queries, especially not if you're expecting your app to have many users. I'd write an event listener provider and use that to write usernames and emails that are in use to your application database and query that instead.
> 

Thanks Stian. If I do that, maybe I should write an User Federation
Provider upfront and store the users in my db. Do you think this is a
better option than creating users via admin rest API?

I still wouldn't have a feature to trigger verification emails, right? I
am doing it with a dirty workaround to login the user with apache
httpclient once to trigger it now.

> > 
> > Best Regards
> > Benjamin
> > 
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >

More information about the keycloak-user mailing list