DEV Community

loading...

Keycloak: REST API for managing users

rounakcodes
Self taught. Full Stack Developer. More than 4 years of experience. Currently working on scaling a SaaS product.
Updated on ・1 min read

While Keycloak is well documented, I found it really hard to get started. Hence, these notes.
admin-cli is a default client in a realm. We use that as the client_id to get an access token.

Get access token

curl --request POST 'http://localhost:8080/auth/realms/<realm-name>/protocol/openid-connect/token' \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --data-urlencode 'username=<username>' \
    --data-urlencode 'password=<password>' \
    --data-urlencode 'grant_type=password' \
    --data-urlencode 'client_id=admin-cli'
Enter fullscreen mode Exit fullscreen mode

Get users

 curl --request GET 'http://localhost:8080/auth/admin/realms/<realm-name>/users' \
        --header 'Authorization: Bearer <access-token>'
Enter fullscreen mode Exit fullscreen mode

Create a user

 curl --request POST 'http://localhost:8080/auth/admin/realms/<realm-name>/users' \
      --header 'Content-Type: application/json' \
      --header 'Authorization: Bearer <access-token>' \
      --data-raw '{"username":"<username>"}'
Enter fullscreen mode Exit fullscreen mode

Set user password (use the Get users API to get user id)

 curl --request PUT 'http://localhost:8080/auth/admin/realms/<realm-name>/users/<user-id>/reset-password'
       --header "Content-Type: application/json"
       --header "Authorization: Bearer <access-token>"
       --data-raw '{"type":"password", "value":"<password>", "temporary": false}'
Enter fullscreen mode Exit fullscreen mode

Send verify email

Pre-requisite: Configure Realm Email Settings)

curl --request PUT 'http://localhost:8080/auth/admin/realms/<realm-name>/users/<user-id>/send-verify-email' \
--header 'Authorization: Bearer <access-token>'
Enter fullscreen mode Exit fullscreen mode

Discussion (0)