Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Keycloak Admin API Rest Example: Get User
#!/bin/bash
# requires https://stedolan.github.io/jq/download/
# config
KEYCLOAK_URL=http://localhost:8080/auth
KEYCLOAK_REALM=realm
KEYCLOAK_CLIENT_ID=clientId
KEYCLOAK_CLIENT_SECRET=clientSecret
USER_ID=userId
export TKN=$(curl -X POST "${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=${KEYCLOAK_CLIENT_ID}" \
-d "password=${KEYCLOAK_CLIENT_SECRET}" \
-d 'grant_type=password' \
-d 'client_id=admin-cli' | jq -r '.access_token')
curl -X GET "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${$USER_ID}" \
-H "Accept: application/json" \
-H "Authorization: Bearer $TKN" | jq .
@luciddreamz

This comment has been minimized.

Copy link
Owner Author

@luciddreamz luciddreamz commented Mar 28, 2017

Untested! :)

@victorperin

This comment has been minimized.

Copy link

@victorperin victorperin commented Apr 13, 2018

Did I must configure something with a client to enable this way of getting the access_token?

@ec-wagner

This comment has been minimized.

Copy link

@ec-wagner ec-wagner commented Oct 20, 2018

Hi!

Do you know if keyloac can handle the same POST request (to get a token) as JSON instead of form data?

e.g. like this:

curl -X POST http://localhost:8080/auth/realms/master/protocol/openid-connect/token \
   --header "Content-Type: application/json" \
   --data '{"grant_type": "password", "client_id": "admin-cli", "username": "admin", "password": "admin"}'

I am getting the following error:

{"error":"invalid_request","error_description":"Missing form parameter: grant_type"}

Or is "Content-Type: application/x-www-form-urlencoded" header a requirement that can`t be bypassed?

@jijiechen

This comment has been minimized.

Copy link

@jijiechen jijiechen commented Jul 16, 2019

The admin RESTful API has a base path /auth/admin/realms/

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Jul 17, 2019

@jijiechen , so how would a rest api call for token ackquiration look like ?

@jijiechen

This comment has been minimized.

Copy link

@jijiechen jijiechen commented Jul 25, 2019

@oe19fyfa For acquiring a token, I didn't test the script provided by the gist author, but I did test the request using Postman, the script here looks good.
Here is a C# code sample for getting an access token:
https://github.com/dotnetclub-net/dotnetclub/blob/dev/src/Discussion.Web/Services/UserManagement/KeyCloakUserUpdater.cs#L66

@aawgit

This comment has been minimized.

Copy link

@aawgit aawgit commented Aug 22, 2019

What I experienced was that the admin user token is given for master realm (Too bad that there is no proper documentation). Therefore the code should be changed as KEYCLOAK_REALM=master. This answer by Boomer is helpful https://stackoverflow.com/questions/48146410/unable-to-get-oauth-token-from-keycloak

@bi40

This comment has been minimized.

Copy link

@bi40 bi40 commented Nov 14, 2019

Hi!

Do you know if keyloac can handle the same POST request (to get a token) as JSON instead of form data?

e.g. like this:

curl -X POST http://localhost:8080/auth/realms/master/protocol/openid-connect/token \
   --header "Content-Type: application/json" \
   --data '{"grant_type": "password", "client_id": "admin-cli", "username": "admin", "password": "admin"}'

I am getting the following error:

{"error":"invalid_request","error_description":"Missing form parameter: grant_type"}

Or is "Content-Type: application/x-www-form-urlencoded" header a requirement that can`t be bypassed?

the content type is required in this example

@msca79

This comment has been minimized.

Copy link

@msca79 msca79 commented Jan 29, 2020

Hi,

There is more "$" in USER_ID

users/${**$**USER_ID}

curl -X GET "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${$USER_ID}" \
-H "Accept: application/json" \
-H "Authorization: Bearer $TKN" | jq .

this is works for me:

curl -X GET "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${USER_ID}" \
-H "Accept: application/json" \
-H "Authorization: Bearer $TKN" | jq .

Anyway works :)

regards, Szabi

@rthummarajula

This comment has been minimized.

Copy link

@rthummarajula rthummarajula commented Apr 29, 2020

Thanks @jijiechen for below advise, it saved lot of time and it is working fine.

The admin RESTful API has a base path /auth/admin/realms/

@hasnatsaeed

This comment has been minimized.

Copy link

@hasnatsaeed hasnatsaeed commented Jul 9, 2020

Hi,
It seems that when I use my custom realm (xyz) to get the access token for the admin user, it is not working. I have to specify the realm as 'master' to get an access token for admin-cli. Can somebody please help me with this? Why can't I use my own realm (xyz) to get the token for admin user? I can see that under my own realm clients, I do have the admin-cli client available.Thanks

@jijiechen

This comment has been minimized.

Copy link

@jijiechen jijiechen commented Jul 13, 2020

@hasnatsaeed Custom realms mean to manage other systems that consume these custom realms, and only the master realm is meant to manage the KeyCloak itself.
So the situation you ran into was a correct behavior, wasn't it?

@jeudy-ua

This comment has been minimized.

Copy link

@jeudy-ua jeudy-ua commented Nov 11, 2020

Is there any way to get the groups in the user detail response? The UserRepresentation definition has the groups field, but is not returned by the api:

 {'id': '314cfd91-dae1-40c1-9af9-5857c6531dc3',
  'createdTimestamp': 1600373234948,
  'username': 'jeudy@x.io',
  'enabled': True,
  'totp': False,
  'emailVerified': True,
  'firstName': 'Jeudy',
  'lastName': 'Blanco',
  'email': 'jeudy@x.io',
  'disableableCredentialTypes': [],
  'requiredActions': [],
  'notBefore': 0,
  'access': {'manageGroupMembership': True,
   'view': True,
   'mapRoles': True,
   'impersonate': True,
   'manage': True}}
@SalahAdDin

This comment has been minimized.

Copy link

@SalahAdDin SalahAdDin commented Feb 17, 2021

@jijiechen Thanks man, you gave me a clue about my problem.

@azadious

This comment has been minimized.

Copy link

@azadious azadious commented Aug 24, 2021

Untested! :)

Don't worry it works.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment