[keycloak-user] assign client roles to a user using keycloak rest API

Tue Feb 5 05:53:24 EST 2019

Hi, I think you're looking for this, it's not very easy to find in the
docs. Search for the string below:

POST /{realm}/users/{id}/role-mappings/clients/{client}

The body would need to look something like this:

[
    {
        "id": "5da312c5-1c65-4306-affb-6e2132dfb052",
        "name": "admin",
        "composite": true,
        "clientRole": true,
        "containerId": "32296d33-f288-4762-b723-77218f1feb7d"
    }
]

The containerId is the same as the {client} in the endpoint. I'm not sure
it is required.

On Tue, 5 Feb 2019 at 09:50, Dimitris Charlaftis <dharlaftis at ekt.gr> wrote:

> Ηello,
>
> thank you for the reply.
>
> In [2], in the call
>
> POST /{realm}/groups/{id}/role-mappings/clients/{client}
> there is no reference to the username, so The API cannot understand which
> user we are referring to.
>
> I want to assign a client role to a specific user, but it seems that this
> call you sent me refers to adding roles per client application.
>
> Please, can you help?
> Regards,
> Dimitris
>
> On 2/5/2019 1:27 AM, Dmitry Telegin wrote:
> > Hello Dimitris,
> >
> > You should use another call to a role-mappers endpoint, see [1] and [2].
> >
> > [1]
> https://www.keycloak.org/docs-api/4.8/rest-api/index.html#_role_mapper_resource
> > [2]
> https://www.keycloak.org/docs-api/4.8/rest-api/index.html#_client_role_mappings_resource
> >
> > Cheers,
> > Dmitry Telegin
> > CTO, Acutus s.r.o.
> > Keycloak Consulting and Training
> >
> > Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> > +42 (022) 888-30-71
> > E-mail: info at acutus.pro
> >
> > On Mon, 2019-02-04 at 11:39 +0200, Dimitris Charlaftis wrote:
> >> Hello,
> >>
> >> I want to assign a client role to a specfic user using keycloak rest
> API.
> >>
> >>   From the documentaion, i tried this:
> >>
> >> I have a realm called internal_applications and a client under this
> >> realm called test_app. In this client (test_app), I have manually
> >> created some client roles, i.e. administrator.
> >>
> >>
> >> Then, I hit the server with postman
> >>
> >> HTTP POST http://
> <keycloak-server-url>/auth/admin/realms/<realm-name>/users
> >>
> >> BODY:
> >>
> >> {
> >>> "username": "jim at ka.gr <http://ka.gr/>",
> >> "firstName": "Jim",
> >> "lastName": "Sanders",
> >>> "email": "jim at ka.gr <http://ka.gr/>",
> >> "clientRoles": {
> >> "test_app": ["administrator"]
> >> }
> >>
> >> }
> >>
> >>> This http call adds the user jim at ka.gr to keycloak, but DOES NOT
> ASSIGN
> >> the already existing client role administrator to him.
> >>
> >> How can I do this?
> >>
> >> Please, help...
> >>
> >> Dimitris
> >>
> >>
> --
> _____________________________
>
> Dimitris Charlaftis
> Software Engineer
>
> National Documentation Center
> email: dharlaftis at ekt.gr
> _____________________________
>
>
>
> ---
> This email has been checked for viruses by AVG.
> https://www.avg.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-- 

Regards,
Geoffrey Cleaves