[keycloak-user] How to configure my client for use ADMIN REST API [DELETE]: https://keycloaksrv.fr/auth/admin/realms/myclient/users/'

Gary Kennedy gary at apnic.net
Tue May 7 00:02:00 EDT 2019


I'm pretty sure this is similar to the problem I'm having, and I'm also pretty sure that you need to either:

- add the assigned roles needed for the admin API call (eg, as Sebastien wrote) to the service or user account;
  AND ensure the token is issued for the admin clients (either "admin-cli" or "security-admin-console" by default)
  (ie, the "azp" claim is either "admin-cli" or "security-admin-console")

OR

- if the token is NOT issued for the admin clients, the token needs a "resource_access" claim which is a map containing the "realm-management" key with a map value having a "roles" key which is an array of role name strings. eg:
    "resource_access": {
        "realm-management": {
            "roles": [ "manage-users" ]
        }
    }

Cheers,
Gary

> On 7 May 2019, at 2:54 am, Sebastien Blanc <sblanc at redhat.com> wrote:
> 
> Give your user the "manage-users" role , you can do that from the role
> Mappings tab in the user screen and select in "client roles" =>
> "realm-management" and there you should see the role "manage-users" and
> assign it.
> 
> 
> 
> On Mon, May 6, 2019 at 5:45 PM Christophe Lehingue <clehingue at gmail.com>
> wrote:
> 
>> Hello, how to configure a client so that the user can use the user removal
>> API?
>> 
>> [DELETE]:
>> https://keycloaksrv.fr/auth/admin/realms/myclient/users/fdskgjdkdjkgjf-sdssdsqdqsdqsdsq
>> 
>> Whenever I try to call this request REST => I get the following error
>> message: "resulted in a 401/403 Unauthorized`"
>> 
>> Can you help me ?
>> 
>> Thank you
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3492 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20190507/c2e61229/attachment.bin 


More information about the keycloak-user mailing list