I am new to this keycloak user management.
Basically I want to fetch users using "IN" condition on username field
Unfortunately, no. See REST API doc: https://www.keycloak.org/docs-api/15.0/rest-api/index.html
Currently, keycloak doesn't support getting multiple users by ids or usernames.
You can use keycloak SPI:
This is my repo for this query function:
Bulk user query
If there is any bug. Feel free to submit pull request too.
Related
I am trying to change account email in Keycloak, but did not find any useful information in the Keycloak official documentation.
I tried work with this endpoint
PUT /admin/realms/{realm}/users/{id}/execute-actions-email
but it only accepts an array of actions and sends to a user an email to perform specified actions.
But I want to update it directly performing my request. Is this possible?
I think you are looking for below API.
PUT /admin/realms/{realm}/users/{id}
with a JSON payload as below.
{
"email":"new#email.com"
}
I am aware that WSO2 APIM has its REST APIs which can fetch all the subscriptions and applications for an API. But since these REST APIs are scope specific and require scoped tokens which are created based on a particular users credentials it can only retrieve the subscriptions and applications of a particular user and not all the API subscriptions (subscriptions done by other users).
Is there any way I could retrieve all the subscriptions of an API (not restricted by a single user)
Try explore the Registry REST API [1], I think this is the best way to get this generic information.
[1] https://docs.wso2.com/display/AM250/Using+the+Registry+REST+API
Another possibility is you check in the Administration Services [2] if you find something that can help you.
[2] https://docs.wso2.com/display/AM250/WSO2+Admin+Services
Actually, I figured out what I was doing wrong. The Store REST APIs are scoped and can only fetch the subscriptions of a particular user since the token scope is user specific. However, if I tried the Publishers REST API for fetching all subscriptions, I could fetch all the subscriptions regardless of the user and application, hence giving me the result I required.
Basically I used https://docs.wso2.com/display/AM210/apidocs/publisher/#!/operations#SubscriptionCollection#subscriptionsGet
instead of
https://docs.wso2.com/display/AM210/apidocs/store/#!/operations#SubscriptionCollection#subscriptionsGet
I have been experimenting with the REST API using my logged in user account's token to then make PUT requests on my user record to update some custom attributes.
In order to get to this work I had to grant my user account the manage-users role in Keycloak, prior to this I was getting forbidden responses back.
I can now make the PUT request successfully, and after logging out and logging back in I can see the updated attributes I set in my PUT request.
But I have now allowed my user to be able to manage all users in my realm, which I dont want to allow.
Instead I only want to be able to update my own account details.
I know the user can view their own profile and make changes on the Keycloak provided screens. But for certain custom attributes I want to be able to do this from the client side application they are logged in to, so using the REST API but not granting them a role that could allow them to update other users details.
Is this possible?
According to the User section Keycloak's Admin REST API, this is not possible.
One solution would be for your client app to send the update request to a backend. The backend will verify that the update request is legit (aka the JWT is verified and the update does apply to the user requesting the change).
Another solution would be to theme the User Account Service's screens to add input fields for your custom attributes, as the documentation says that:
This screen can be extended to allow the user to manage additional attributes. See the Server Developer Guide for more details.
The second option seems the more secure. I hope that helps.
This seems to be possible with the Account Management API.
Unfortunately, I didn't find any official documentation about that. However, there's an example in Keycloak that demonstrates how to do it.
I generated an API key for my Rally account. Is there a REST API to retrieve my basic user information, such as name, ObjectID, and ObjectUUID?
Sure, you can just read the /user endpoint and fetch whatever fields you need. This endpoint can both be used to query for multiple users, or if just read without any parameters it will return yourself.
So, to get yourself:
GET https://rally1.rallydev.com/slm/webservice/v2.0/user?fetch=ObjectID
Or to query for users (which you're probably familiar with):
GET https://rally1.rallydev.com/slm/webservice/v2.0/user?fetch=ObjectID&query=(UserName contains "Bob")
I'm doing a GET for customers with a given email address (there will only be one). Before displaying the returned information, I need to authenticate the user, but I can't see a way in the docs that allows providing a password as a parameter to a GET. In fact It only seems to be possible to provide a password when creating (POSTing) or updating (PUTting) a customer. Is it possible to authenticate customers via the API this way?
from what I understand - _authentication is only supported for POST and PUT on customer objects. I believe it is intended to create a customer who can login and stuff like that.
Can you explain your use case and maybe there is a workaround..