[keycloak-user] Multiple calls required to create a user

Bill Burke bburke at redhat.com
Tue Aug 9 09:16:52 EDT 2016 

You can send PRs to admin docs if you want.  admin REST API is here:

https://github.com/keycloak/server_development_guide



On 8/9/16 9:14 AM, Tom Pearson wrote:
> Okay, understood. Would be great if the admin docs could be updated to 
> reflect the implementation although I appreciate you probably have 
> more important matter to attend to.
>
> 2016-08-09 14:31 GMT+02:00 Bill Burke <bburke at redhat.com 
> <mailto:bburke at redhat.com>>:
>
>
>
>     On 8/9/16 5:56 AM, Tom Pearson wrote:
>>     Hi,
>>
>>     I'm creating a new user through the admin API. In order to do
>>     this I have to make 3 separate calls (createUser
>>     <http://www.keycloak.org/docs/rest-api/index.html#_create_a_new_user>,
>>     resetPassword
>>     <http://www.keycloak.org/docs/rest-api/index.html#_set_up_a_temporary_password_for_the_user>
>>     and addRealmLevelRoles
>>     <http://www.keycloak.org/docs/rest-api/index.html#_add_realm_level_role_mappings_to_the_user_2>)
>>     as the credentials and realm roles in the UserRepresentation
>>     <http://www.keycloak.org/docs/rest-api/index.html#_userrepresentation> are
>>     ignored. I then have to make another call to
>>     getEffectiveRealmLevelRoles
>>     <http://www.keycloak.org/docs/rest-api/index.html#_get_effective_realm_level_role_mappings_2> as
>>     the getUser
>>     <http://www.keycloak.org/docs/rest-api/index.html#_get_represenation_of_the_user> method
>>     doesn't return the roles. If I were to require the client level
>>     roles this would be 6 calls to create and return the user.
>>
>>     Is there a reason as to why this is the case?
>>
>     The reason is simply that the admin API was written for the admin
>     console.  We've never had time to refactor it.  Too many other
>     things on the queue.
>
>>     As an aside, in the docs the reset password method is called "Set
>>     up a temporary password for the user" but in my experience the
>>     password is never temporary regardless of the value of the
>>     temporary flag.
>>
>>     Kind regards,
>>     Tom
>>
>>
>>     _______________________________________________
>>     keycloak-user mailing list
>>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>>     <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>     _______________________________________________ keycloak-user
>     mailing list keycloak-user at lists.jboss.org
>     <mailto:keycloak-user at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>     <https://lists.jboss.org/mailman/listinfo/keycloak-user> 
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160809/a92edcd7/attachment.html

More information about the keycloak-user mailing list