Im going to update the username of an account via the keycloak user update REST API. But it is unable to update it by requesting with the own token. Do I have any other way to get username update by the same user.
Steps:
Assign manage-users role myself
get my access token
get user list - remember my user id
add new use with new user name
delete my user with #3 user id
1 Assign manage-users role myself
3 get user list - remember my user id
4 add new use with new user name
5 delete my user with #3 user id
Related
I configure the Github Identity Provider in my Keycloak.
And now I just allow user browser when first login and create the user account manually first by myself.
But I found I need to configure the Provider User ID for the user first.
Do you know how to get this Provider User ID?
Thanks!
I tried to set registeration first then get ID to configure. But for other new user, I don't know how to do that.
When a new user is created via rest API endpoint, how to add user role to the newly created user?
At the initial user creation endpoint role is not included. First, we need to create the user via rest API endpoint. post request domain/auth/admin/realms/{realm name}/users
Then we want to add a user role to the created user. For that, we should have the username of the created user. If you've enabled email as username in the key-cloak. You can fetch user data from the key-cloak via that email.
To fetch user data via username below endpoint is used. get request domain/auth/admin/realms/{realm name}/users?username="emailToTest#test.com".
To assign role to the user we can use below post endpoint domain/auth/admin/realms/{realm name}/users/{user_id}/role-mappings/realm
pass an array with below structure in the request body.
[
{
"id": "role id", you can get role id once you click on a specific role and on the URL there is the id
"name" :"role name"
},
{
"id":"role id", "name":"role name"
}
]
I have an app secured by keycloak. Going to a secured page brings up a keycloak login page and the correct user/password gives the expected results.
Within the client, I have switched on user registation. So now the login page shows a register link, which displays another keycloak page allowing the user to register with name, username, email.
This "works" in that the user is added to the keycloak user database. But the application displays the error page because a role is not mapped to that user in keycloak.
What I would like to happen is to be able to add the new user to the apps own user database, associate a role with the user, perhaps do some verification of the user.
So I don't really know what keycloak is sending back to the app except that it eventually leads to /error. Is there a way to tell keycloak after a new registration contact this url where things can happen within the app?
I came across similar scenario and the way I solved it was by enabling a default role to the newly added user.
This role can be changed later on but with a default role in place, your flow will complete.
There are 2 ways to assign a default role in keycloak. With both these configs, whenever a new user is registered even from external service providers, they will be assigned this default role:
Assign a default role directly to user:
Assign a default group to user & map a role to that default group
Please note that Default Group & Role names in above are my own and they are not predefined in keycloak.
After logging in to Keycloak admin console --> roles -> go to 'Default Roles' tab and add the role from available section to default realm roles section and save...Now when a user is registered, it will have the role assigned .
I am using yii2 basic and have implemented RBAC using permissions, roles.
I have Employee table and I have assigned Employee model to user application component.
Now the scenario is when admin creates employee he has to assign a role to that employee using auth_assignment CRUD.
Unless and until role has been assigned, the employee should not be able to login. Login page should be displayed to him with error message. (Similar to the scenario when incorrect username or password is entered by user.)
How to accomplish this?
I'm doing a Scala - Play application and I want to disconnect an user when an admin change his right. For exemple, is an user is logged and an admin upgrade his account to the admin type, I want disconnect this user.How can I do that ?
If you stored the userId in the Session you will need to add the rights of the user in the Session.
So that when the user connects, you can check his rights from the session to the ones in your database. If they don't match you can redirect the user to the login page.
just to cover all the bases since the answer here depends specifically on how your application determines if a user is logged in:
if user auth is done with a token generated by a secret that is stored on your user model and checked for validity on every request, you can generate a new secret for the user and all existing tokens will become invalid.