Can we create a admin user in keycloak using below rest-api ?
https://$HOSTNAME/auth/admin/realms/{REALM}/users
I am using the below payload , but it's now working.
{ "attributes" : {}, "emailVerified": "", "enabled": true, "username":
"admin", "clientRoles": {"realm-management": [ "realm-admin" ] } }
Thanks in advance
You have to call a separate REST API after you create the user to add roles/groups.
See this issue.
Related
So, the default is that my logged user from the access token is whom has admin permissions but I don't know how to make any member an admin.
This is the body that I'm using from the documentation.
{
"name": "Test Group",
"welcomeMessage": "Welcome to group created programmatically",
"members": [
"{{mobile-number-3}}"
],
"memberUserIds": [
"{{loggedin-user-id}}"
],
"groupType": "Group",
"GroupPhoto": "",
"BackgroundPhoto": "",
"ShortDescriptionString": "Short description",
"LongDescriptionString": "Long description"
}
Even though there is no documentation of it, a simple PUT on endpoint https://{endpoint-url}/v1/groups/{group-id}/{member-id} with a JSON payload of { "role": "Admin" } works for me
You can also use the following API with JSON payload of { "role": "Admin" }.
{{endpoint-url}}/v1/groups/{{group-id}}/members/{{member-id}}
The "members" keyword is important here and it worked for me like this. Also, you can grant admin permissions only for group members. Otherwise, you will get an error from API.
I'm using App ID and I follow this tuts https://cloud.ibm.com/docs/services/appid?topic=appid-tutorial-roles for my personal project.
I tried to call API {{APPID_MANAGEMENT_SERVER_HOST}}/management/v4/{{APPID_TENANT_ID}}/users with body:
"idp": "cloud_directory",
"idp-identity": "huynhdn#gmail.com",
"profile": {
"attributes": {
"role": "MANAGER"
}
}
}
I get Future User in User Profiles! => OK
Next, I call {{APPID_MANAGEMENT_SERVER_HOST}}/management/v4/{{APPID_TENANT_ID}}/cloud_directory/Users to set password for this user.
"displayName": "Test User",
"password": "abcd1234",
"emails": [
{
"value": "huynhdn#gmail.com",
"primary": true
}
]
}
Finally, I call {{APPID_AUTH_SERVER_HOST}}/oauth/v4/{{APPID_TENANT_ID}}/token to get token with user created above! But when i check in app id, attribute "role" is gone :(
WHY? or Anyone can help me another way to create user has "username", "password", "attribute" with API management!
The doc page you're referencing above states that in order to get future user attribute the user must validate ownership over email. You can either do it through standard means, or manually specifying status:confirmed when creating your CLoud Dir user, e.g.
{
"displayName": "John Smith",
"password": "p4ssw0rd",
"emails": [
{
"value": "john#example.com",
"primary": true
}
],
"status":"CONFIRMED"
}```
I am new to Keycloak. I want create user using Keycloak admin REST API.
I have managed to create a user. But the problem is I also want to assign admin role to the user.
Attached is my JSON body. Can someone tell me what am I doing wrong here?
{
"username": "username",
"email": "user#gmail.com",
"firstName": "name1",
"lastName": "name2",
"realmRoles": [ "admin" ],
"enabled": true,
"credentials": [{
"type": "password",
"value": "default",
"temporary": false
}]
}
Thank you in advance
I have a workplace application,
I wish to change emailIds of the user via API,
I found that Account Management API
can be used to modify user details via API calls.
My use-case is to modify user email via the Account Management API, which comes under urn:scim:schemas:core:1.0 schema extension,
I wish to overwrite the existing email with the one I would specify in the requestBody,
From the documentation, I've come up with the following request -
Url endpoint -
https://someCompanyName.facebook.com/scim/v1/Users/ HTTP/1.1
Method type -
POST
Request body-
{
"schemas": [
"urn:scim:schemas:core:1.0",
"urn:scim:schemas:extension:facebook:auth_method:1.0"
],
"userName": "abc",
"name": {
"formatted": "Julius Caesar"
},
"emails": ["abc#gmail.com"],
"urn:scim:schemas:extension:facebook:auth_method:1.0": {
"auth_method": "password"
}
}
Is it correct? What modifications do I need to make to the request?
in order to change the emails of a user you have to do a PUT request to the address https://www.facebook.com/scim/v1/Users/{userId}
and you have to change in your payload the email address:
{
"schemas": [
"urn:scim:schemas:core:1.0",
"urn:scim:schemas:extension:facebook:auth_method:1.0"
],
"userName": "abc",
"name": {
"formatted": "Julius Caesar"
},
"emails": [
{
"primary": true,
"type": "work",
"value": "newemail#gmail.com"
}
],
"urn:scim:schemas:extension:facebook:auth_method:1.0": {
"auth_method": "password"
}
}
Hope it helps
I am having trouble setting up an admin Role within the loopback project with mongodb. I've set up a simple model, added acls, created a user and associated the user with the admin Role but I can't access the model through the API Explorer - it always comes back with "Authorization Required".
Here are the steps I took:
1) I added model test through slc:
slc loopback:model
? Enter the model name: test
? Select the data-source to attach test to: moti_db (mongodb)
? Select model's base class: PersistedModel
? Expose test via the REST API? Yes
? Custom plural form (used to build REST URL):
Let's add some test properties now.
Enter an empty property name when done.
? Property name: name
? Property type: string
? Required? No
2) create user through Sign Up page: id = 1
3) create admin Role through API: id = 1
4) changed Role and RoleMapping to public=true so I could set them through the rest api
Here's the test data model:
{
"name": "test",
"base": "PersistedModel",
"idInjection": true,
"properties": {
"name": {
"type": "string"
}
},
"validations": [],
"relations": {},
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "admin",
"permission": "ALLOW"
}
],
"methods": []
}
Here's the Role
{
"id": 1,
"name": "admin",
"created": "2015-05-22T19:45:23.887Z",
"modified": "2015-05-22T19:45:23.887Z"
}
Here's the RoleMapping:
{
"id": 1,
"principalType": "USER",
"principalId": "1",
"roleId": 1
}
Did you set an Authorization Token at the top of the Explorer? You need to call User.login() with an email and password, then set the Auth Token to the returning auth ID value. Then this token is sent with all subsequent calls (as an authorization: header value and allows you to make calls that require auth.
Another helpful thing is to run the API with ACL debugging, you can do
DEBUG=loopback:security slc run
and it will show you how it determines access. Maybe the output will be helpful (paste it here). Otherwise it's just a guess as your code looks good and assuming you've previously logged in and are using a token.