[keycloak-user] Get all users for a given client with consent
Henning Waack
henning.waack at codecentric.de
Mon Jul 2 02:14:25 EDT 2018
Thanks Dimitry, this is exactly what I am looking for! Will give it a try
and report my findings! Thanks especially for the list of examples and the
sample SQL Query!
Greetings
Henning
2018-06-30 12:30 GMT+02:00 Dmitry Telegin <dt at acutus.pro>:
> Hi Henning, sorry for late response,
>
> I assume that by "getting a list of all users with consent for a specific
> client" you mean exposing this list over REST API (correct me if I'm wrong).
>
> For this, you will need to implement a custom REST endpoint using Realm
> Resource SPI [1] that will execute a single JPA query:
>
> select consent from UserConsentEntity consent where consent.clientId = :clientId
>
>
> then convert the results to a list of UserConsentRepresentation's and
> return it. If you want to see the list in the admin GUI, you'll also have
> to implement a GUI theme.
>
> Please remember that by default custom REST resources are public, so
> you'll need to implement proper access control. Examples that might be
> helpful here:
> - examples/providers/rest: a minimal example of custom REST resource;
> - examples/providers/domain-extension: an advanced example that (among
> other) demonstrates interacting with the JPA layer; unfortunately, it is
> not maintained, and the authorization code is broken at the moment [2];
> - BeerCloak [3]: a more complete and complex example that is maintained
> and working. Currently, authorization is implemented in a pre-3.2.0 way
> (but should still work in 4.0.0). I'm going to port it to post-3.2.0 soon
> (that means, fine-grained permissions), so stay tuned;
> - examples/themes - if you're looking to extending the GUI.
>
> See also:
> org.keycloak.models.jpa.entities.UserConsentEntity
> org.keycloak.representations.idm.UserConsentRepresentation
> org.keycloak.services.resources.admin.UserResource::getConsents()
> org.keycloak.models.jpa.JpaUserProvider::getConsents()
>
> Cheers,
> Dmitry Telegin
> CTO, Acutus s.r.o.
> Keycloak Consulting and Training
>
> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> <https://maps.google.com/?q=Pod+lipami+street+339/52,+130+00+Prague+3,+Czech+Republic&entry=gmail&source=g>
> + 42 (022) 888-30-71
> E-mail: <info at acutus.pro> <info at acutus.pro>info at acutus.pro
>
> [1] https://www.keycloak.org/docs/latest/server_development/
> index.html#_extensions_rest
> [2] https://issues.jboss.org/browse/KEYCLOAK-5927
> [3] https://github.com/dteleguin/beercloak
>
> Hey guys, any input on this? Appreciate it! :)
>
> Thanks
>
> Henning
>
> 2018-06-25 13:35 GMT+02:00 Henning Waack <henning.waack at codecentric.de>:
>
> Hi.
>
> Is it possible to get a list of all users who have given their consent for
> a specific client? I am working with KC 4.0 (and Spring Boot 2.0).
>
> Thanks & greetings
>
> Henning
>
>
>
>
>
--
-----------
Henning Waack | IT Consultant
codecentric AG | Hochstraße 11
<https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Solingen+%C2%A0%7CDeutschland&entry=gmail&source=g>
|
<https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Solingen+%C2%A0%7CDeutschland&entry=gmail&source=g>
<https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Solingen+%C2%A0%7CDeutschland&entry=gmail&source=g>42697
Solingen
<https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Solingen+%C2%A0%7CDeutschland&entry=gmail&source=g>
|Deutschland
<https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Solingen+%C2%A0%7CDeutschland&entry=gmail&source=g>
tel: +49 (0)151 108 515 29
www.codecentric.de | blog.codecentric.de | www.meettheexperts.de
Sitz der Gesellschaft: Solingen | HRB 25917 | Amtsgericht Wuppertal
Vorstand: Michael Hochgürtel . Ulrich Kühn . Rainer Vehns
Aufsichtsrat: Patric Fedlmeier (Vorsitzender) . Klaus Jäger . Jürgen Schütz
Diese E-Mail einschließlich evtl. beigefügter Dateien enthält vertrauliche
und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige
Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie
bitte sofort den Absender und löschen Sie diese E-Mail und evtl.
beigefügter Dateien umgehend. Das unerlaubte Kopieren, Nutzen oder Öffnen
evtl. beigefügter Dateien sowie die unbefugte Weitergabe dieser E-Mail ist
nicht gestattet.
More information about the keycloak-user
mailing list