[keycloak-user] Best practice for getting roles for all users
Benjamin Huskic
benjamin.huskic at thequalitygate.com
Sat Mar 16 11:37:11 EDT 2019
Hi Niko,
Thanks for the update. We were thinking of something similar, and good to know that there is in fact no efficient option.
Cheers,
Ben
-----Original Message-----
From: Niko Köbler <niko at n-k.de>
Sent: Saturday, 16 March 2019 19:31
To: Benjamin Huskic <benjamin.huskic at thequalitygate.com>
Cc: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Best practice for getting roles for all users
Hi Ben,
I don't know any built-in possibility to achieve this with Keycloak.
Depending on the amount of roles, you could do "reverse" lookup and query all roles for their users. Then you have to re-sort the results to get all roles for each user.
Second option could be to write a custom REST endpoint with a custom database query for exactly these informations.
Would be more efficient than multiple queries over the API, but is prone to database changes (although they might be unlikely, imo). So you would have to track changes.
Cheers,
- Niko
> Am 11.03.2019 um 16:32 schrieb Benjamin Huskic <benjamin.huskic at thequalitygate.com>:
>
> Hello everybody,
>
> I need to query a list of all users with their roles in our application. I would like to avoid calling for every user (~10000) the GET /auth/admin/realms/{realm}/users/{user-uuid}/role-mappings/realm. The GET /auth/admin/realms/{realm}/users unfortunately does not provide the roles. I have read the API documentation and tried to find out any recommendation on the web, but I didn't find any. The only thing I found was a feature request which might help to lower the calls: https://issues.jboss.org/browse/KEYCLOAK-2035 but it seems that this feature was not implemented.
>
> I would like to know if there is a best practice for getting roles for all the users because calling a million times the role-mapping is very inefficient.
>
> Thank you in advance
> Kind regards,
> Benjamin
>
>
>
>
> [cid:image001.png at 01D4D841.19FC8380]
>
> Benjamin Huskić
> Founder & Solution Director
>
> mobile: +971-5444-9-4664
> email: benjamin.huskic at thequalitygate.com<mailto:benjamin.huskic at thequalitygate.com>
> web: http://www.thequalitygate.com<http://www.thequalitygate.com/>
>
>
>
> <image001.png>_______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list