Is there any way to use keycloak and give permission to a user performing actions for another user?
You can use impersonation for your request. Go to keycloak admin console - > Users - > Search User and select One user - > Click on Impersonate button. You will be logged in as that user and redirected to account console page.
To perform above task user must have impersonate role. Which can be assigned to the user from Role Mappings.
Refer https://www.janua.fr/using-impersonation-with-keycloak/ for more details
Related
In the keycloak administration, if I set the "Required User Action" of a user to "Update Password". The user is asked for a new password after a successful login, calling:
https://SERVER/auth/realms/REALM/login-actions/required-action?execution=UPDATE_PASSWORD&client_id=CLIENT_ID&tab_id=TAB_ID
Calling this URL with a user logged-in but not configured "Update Password" I get a message "User is already logged in".
What would be the correct URL to call from an external application, e.g. from a menu with actions edit-profile, change-password...
Edit: In our application we authenticate users managed in keycloak. We would like to be able to link a keycloak page (similar as the one posted) where the user can update/change his password (e.g. old-pw, new-pw, confirm-pw).
This answer is based on Keycloak 12 (latest version at the time of writing the answer)
You can ask users to change their profile details or passwords from the manage account section. You can get the URL of that screen and direct users to that.
"manage account" link location
Account management screen
Consider I have two registration pages:
1) Student : /register-student
2) Tutor : /register-tutor
I have another URL for login : /login
Now for each of them I have their own callback URL's.
/callback-student
/callback-tutor
/callback
On registration once the user is authenticated, based on the Callback we assign the respective roles. And then redirect the user to the home page.
Note: Once registration is done we do not let the user be authenticated. Rather we redirect the user to login page and expect the user to login.
Once the user logs in, he is authenticated and at the same time I expect to have the user mapped to the right role as we have Role based policies on our resources.
This is my approach of doing the registration, I want to know if this is the right way to do it using Keycloak.
If there is a better way, it would be helpful if you can provide links wherein I can refer to and implement the same.
I am using keycloak 7.0.1 and I have enabled the Resigtration link in the login page. My use case is the following:
Upon Registration a User should be created as disabled.
Admin user verifies the account then enables the user manually
The problem is that the user is automatically logged in after finishing registration. Any idea how to prevent this? (I also don’t need to enable any further steps e.g. verify email)
In keycloak mailing lists and also in the following post, it is said that automatic login is the default behavior, so is there anyway to change this?
Keycloak automatic login after email confirmation with disabled user
I want to add a "Login to Facebook" button to my page. However, I don't want to have the user prompted to grant my app access. I don't need any of the user's personal info so they shouldn't need to grant me access. Is this possible?
I don't need any of the user's personal info
So why to use the facebook API?
You must be fetching at least the ID of the user right? That's the part of just the basic information; so in the least case the user will be prompted to grant the permission to your app to fetch the basic info. You shouldn't bother much, since most of the users don't hesitate sharing just their basic information.
Is it possible to login to facebook directly (facebook.com) using the test user account created using the Facebook Developer app feature (Roles / Create test users)? What password should I use? I understand we can use the "Switch to " option after logging in as myself to facebook, but I want to be able to login directly using the test user accounts, so that I can provide these user details for other testers who do need to use their personal facebook account in any way related to the testing of the application.
Yes, we can login directly facebook(facebook.com) with test user accounts.
Step 1
Create test user by clicking Add button
Step 2
Click Edit button where have all option
Change name
Set Password
Generate access token etc.
You can simply change the password of the Test User by issuing a POST request to this URL
https://graph.facebook.com/TEST_USER_ID?password=NEW_PASSWORD&name=NEW_NAME&method=post&access_token=APP_ACCESS_TOKEN
Then you can give other people the account info of that user with the newly set password and they can log in to Facebook as that user.