[keycloak-user] Get all users for a given client with consent

Dmitry Telegin dt at acutus.pro
Mon Jul 2 04:55:13 EDT 2018


Henning, you're welcome,

In fact, if you need only users (not consents) returned from the query,
you could use JPQL projection as follows:

select consent.user from UserConsentEntity consent where
consent.clientId = :clientId

Cheers,
Dmitry

On Mon, 2018-07-02 at 08:14 +0200, Henning Waack wrote:
> Thanks Dimitry, this is exactly what I am looking for! Will give it a
> try and report my findings! Thanks especially for the list of
> examples and the sample SQL Query!
> 
> Greetings
> 
> Henning
> 
> 2018-06-30 12:30 GMT+02:00 Dmitry Telegin <dt at acutus.pro>:
> > Hi Henning, sorry for late response,
> > 
> > I assume that by "getting a list of all users with consent for a
> > specific client" you mean exposing this list over REST API (correct
> > me if I'm wrong).
> > 
> > For this, you will need to implement a custom REST endpoint using
> > Realm Resource SPI [1] that will execute a single JPA query:
> > 
> > select consent from UserConsentEntity consent where
> > consent.clientId = :clientId
> > 
> > then convert the results to a list of UserConsentRepresentation's
> > and return it. If you want to see the list in the admin GUI, you'll
> > also have to implement a GUI theme.
> > 
> > Please remember that by default custom REST resources are public,
> > so you'll need to implement proper access control. Examples that
> > might be helpful here:
> > - examples/providers/rest: a minimal example of custom REST
> > resource;
> > - examples/providers/domain-extension: an advanced example that
> > (among other) demonstrates interacting with the JPA layer;
> > unfortunately, it is not maintained, and the authorization code is
> > broken at the moment [2];
> > - BeerCloak [3]: a more complete and complex example that is
> > maintained and working. Currently, authorization is implemented in
> > a pre-3.2.0 way (but should still work in 4.0.0). I'm going to port
> > it to post-3.2.0 soon (that means, fine-grained permissions), so
> > stay tuned;
> > - examples/themes - if you're looking to extending the GUI.
> > 
> > See also:
> > org.keycloak.models.jpa.entities.UserConsentEntity
> > org.keycloak.representations.idm.UserConsentRepresentation
> > org.keycloak.services.resources.admin.UserResource::getConsents()
> > org.keycloak.models.jpa.JpaUserProvider::getConsents()
> > 
> > Cheers,
> > Dmitry Telegin
> > CTO, Acutus s.r.o.
> > Keycloak Consulting and Training
> > 
> > Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> > + 42 (022) 888-30-71
> > E-mail: info at acutus.pro
> > 
> > [1]
> > https://www.keycloak.org/docs/latest/server_development/index.html#
> > _extensions_rest
> > [2] https://issues.jboss.org/browse/KEYCLOAK-5927
> > [3] https://github.com/dteleguin/beercloak
> > 
> > > Hey guys, any input on this? Appreciate it! :)
> > > 
> > > Thanks
> > > 
> > > Henning
> > > 
> > > 2018-06-25 13:35 GMT+02:00 Henning Waack
> > > <henning.waack at codecentric.de>:
> > > 
> > > > Hi.
> > > > 
> > > > Is it possible to get a list of all users who have given their
> > > > consent for
> > > > a specific client? I am working with KC 4.0 (and Spring Boot
> > > > 2.0).
> > > > 
> > > > Thanks & greetings
> > > > 
> > > > Henning
> > > > 
> > > 
> > > 
> > > 
> 
> 
> 


More information about the keycloak-user mailing list