[keycloak-user] Cannot update the user realmRoles using the Admin API

[Alfonso Alba García]

Hi again!

I answer my own question here just in case somebody else runs into the 
same issue. I managed to add the "subscriptor" role using the one of the 
RoleMappipngs endpoints [1] of the Admin API instead of the users endpoint:

curl --X POST -H"Content-type: application/json"
-H "Authorization: Bearer ${access_token}"
-d '[{"id":"62cd0bf0-63f5-4b03-8c24-84e19dccef3b","name":"user"}]' 
https://mykeycloakserver/auth/admin/realms/demo-rails-app/users/80XXXX/role-mappings/realm

Regards,

Alfonso

----
[1] https://www.keycloak.org/docs-api/6.0/rest-api/#_addrealmrolemappings

Alfonso Alba García wrote:
> Hi,
>
> I'm using the keycloak Admin API to create a new user with the
> "subscriptor" role from my application.
>
> I've found issue KEYCLOAK-6080 [1] in Jira which says that you first
> have to create the user and then set the roles. That's what I'm trying
> to do.
>
> 1- First, get a token for the Admin API using the admin user from the
> master realm:
>
> curl -d "client_id=admin-cli" \
> -d "MYUSERNAME" \
> -d "MYPASSWORD" \
> -d "grant_type=password" \
>
> "https://mykeycloakserver/auth/realms/master/protocol/openid-connect/token"
>
> 2- set shell variable "access_token" with the provided access_token
>
> 3- Change the user firstName and realmRoles of the "demo-rails-app" realm
> curl -X PUT \
> -H"Content-Type: application/json" \
> -H "Authorization: Bearer ${access_token}"
> -d '{"realmRoles":["subscriptor"], "firstName":"NEW FIRST NAME"}'\
> https://mykeycloakserver/auth/admin/realms/demo-rails-app/users/80ef4038-...
>
>
> The firstName of the user field is properly updated, however the user
> realm roles are not modified. Am I doing something wrong?. I've tried to
> pass a string instead of an array or use the role ID instead of the role
> name but neither of them worked.
>
> Regards,
>
> Alfonso
>
> ------
> 1 - https://issues.jboss.org/browse/KEYCLOAK-6080