问题描述
是否可以使用管理员帐户通过REST WITHOUT 来获取Keycloak领域中的用户列表?也许是从管理控制台分配的某种角色?寻找任何想法.
Is there a way to get a list of users on a Keycloak realm via REST WITHOUT using an admin account? Maybe some sort of assignable role from the admin console? Looking for any ideas.
现在,我正在使用管理员凭据来获取访问令牌,然后使用该令牌从realm/users
端点拉用户.
Right now I'm using admin credentials to grab an access token, then using that token to pull users from the realm/users
endpoint.
获取令牌(通过request
从node.js应用程序获取):
Getting the token (from node.js app via request
):
uri: `${keycloakUri}/realms/master/protocol/openid-connect/token`,
form: {
grant_type: 'password',
client_id: 'admin-cli',
username: adminUsername,
password: adminPassword,
}
使用令牌:
uri: `${keycloakUri}/admin/realms/${keycloakRealm}/users`,
headers: {
'authorization': `bearer ${passwordGrantToken}`,
}
我希望能够使用来自客户端应用程序的常规用户信息(用户名,电子邮件,全名).
I want to be able to use generic user info (usernames, emails, fullnames) from a client application.
推荐答案
您需要从realm-management
客户端中为所需用户分配view-users
角色.那就是用户的配置:
You need to assign the view-users
role from the realm-management
client, for the desired user. That would be the configuration for the user:
然后,您可以从${keycloakUri}/admin/realms/${keycloakRealm}/users
终结点捕获所有用户.那是从邮局检索到的信息,通过邮递员访问:
Then you can grab all the users from the ${keycloakUri}/admin/realms/${keycloakRealm}/users
endpoint. That's the info retrieved from the enpoint, accesed via Postman:
此外,与所提问题无关,我强烈建议您除非绝对需要,否则不要使用grant_type=password
.从 keycloak博客:
Also, unrelated to the asked question, I strongly encourage you not to use grant_type=password
unless you absolutelly need to. From the keycloak blog:
RESULT=`curl --data "grant_type=password&client_id=curl&username=user&password=password" http://localhost:8180/auth/realms/master/protocol/openid-connect/token`
另请参见 Oauth2规范.
这篇关于如何在没有管理员帐户的情况下通过REST获取Keycloak用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!