[keycloak-user] Best practice for getting roles for all users
Niko Köbler
niko at n-k.de
Sat Mar 16 11:30:40 EDT 2019
Hi Ben,
I don't know any built-in possibility to achieve this with Keycloak.
Depending on the amount of roles, you could do "reverse" lookup and query all roles for their users. Then you have to re-sort the results to get all roles for each user.
Second option could be to write a custom REST endpoint with a custom database query for exactly these informations.
Would be more efficient than multiple queries over the API, but is prone to database changes (although they might be unlikely, imo). So you would have to track changes.
Cheers,
- Niko
> Am 11.03.2019 um 16:32 schrieb Benjamin Huskic <benjamin.huskic at thequalitygate.com>:
>
> Hello everybody,
>
> I need to query a list of all users with their roles in our application. I would like to avoid calling for every user (~10000) the GET /auth/admin/realms/{realm}/users/{user-uuid}/role-mappings/realm. The GET /auth/admin/realms/{realm}/users unfortunately does not provide the roles. I have read the API documentation and tried to find out any recommendation on the web, but I didn't find any. The only thing I found was a feature request which might help to lower the calls: https://issues.jboss.org/browse/KEYCLOAK-2035 but it seems that this feature was not implemented.
>
> I would like to know if there is a best practice for getting roles for all the users because calling a million times the role-mapping is very inefficient.
>
> Thank you in advance
> Kind regards,
> Benjamin
>
>
>
>
> [cid:image001.png at 01D4D841.19FC8380]
>
> Benjamin Huskić
> Founder & Solution Director
>
> mobile: +971-5444-9-4664
> email: benjamin.huskic at thequalitygate.com<mailto:benjamin.huskic at thequalitygate.com>
> web: http://www.thequalitygate.com<http://www.thequalitygate.com/>
>
>
>
> <image001.png>_______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list