本文介绍了如何在没有管理员帐户的情况下通过REST获取Keycloak用户的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

是否可以使用管理员帐户通过REST WITHOUT 来获取Keycloak领域中的用户列表?也许是从管理控制台分配的某种角色?寻找任何想法.

Is there a way to get a list of users on a Keycloak realm via REST WITHOUT using an admin account? Maybe some sort of assignable role from the admin console? Looking for any ideas.

现在,我正在使用管理员凭据来获取访问令牌,然后使用该令牌从realm/users端点拉用户.

Right now I'm using admin credentials to grab an access token, then using that token to pull users from the realm/users endpoint.

获取令牌(通过request从node.js应用程序获取):

Getting the token (from node.js app via request):

uri: `${keycloakUri}/realms/master/protocol/openid-connect/token`,
form: {
  grant_type: 'password',
  client_id: 'admin-cli',
  username: adminUsername,
  password: adminPassword,
}

使用令牌:

uri: `${keycloakUri}/admin/realms/${keycloakRealm}/users`,
headers: {
  'authorization': `bearer ${passwordGrantToken}`,
}

我希望能够使用来自客户端应用程序的常规用户信息(用户名,电子邮件,全名).

I want to be able to use generic user info (usernames, emails, fullnames) from a client application.

推荐答案

您需要从realm-management客户端中为所需用户分配view-users角色.那就是用户的配置:

You need to assign the view-users role from the realm-management client, for the desired user. That would be the configuration for the user:

然后,您可以从${keycloakUri}/admin/realms/${keycloakRealm}/users终结点捕获所有用户.那是从邮局检索到的信息,通过邮递员访问:

Then you can grab all the users from the ${keycloakUri}/admin/realms/${keycloakRealm}/users endpoint. That's the info retrieved from the enpoint, accesed via Postman:

此外,与所提问题无关,我强烈建议您除非绝对需要,否则不要使用grant_type=password.从 keycloak博客:

Also, unrelated to the asked question, I strongly encourage you not to use grant_type=password unless you absolutelly need to. From the keycloak blog:

RESULT=`curl --data "grant_type=password&client_id=curl&username=user&password=password" http://localhost:8180/auth/realms/master/protocol/openid-connect/token`

另请参见 Oauth2规范.

这篇关于如何在没有管理员帐户的情况下通过REST获取Keycloak用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-30 00:34
查看更多