Im tried to create new user with clients role. I have client roles: - Admin - Operator - Manager

And during creating user I want to assign user a client role

my curl:

curl -X POST -H 'Authorization: Bearer token' -H 'Content-Type: application/json' -i 'http://localhost.com/auth/admin/realms/realm/users' --data '{
  "username": "[email protected]",
  "enabled": true,
  "firstName": "",
  "lastName": "",
  "email": "[email protected]",
  "credentials": [
    {
      "type": "password",
      "value": "qq",
      "temporary": false
    }
  ],
  "clientRoles": {
    "suppression": [
      "Admin"
    ]
  }
}'

User have created successfully, but role have not assigned. Also I want to do this in one request

This is not the correct way to assign roles to the user. It is a step by step process- Step 1 - Create a user in keycloak.

curl -X POST -H 'Authorization: Bearer token' -H 'Content-Type: application/json' -i 'http://localhost.com/auth/admin/realms/realm/users' --data '{.....

Step 2 - Then use a different API to map this user to a certain client-role.

POST /admin/realms/{realm}/users/{id}/role-mappings/clients/{client}

For the complete spec of this API, You can search for this API in Keycloak ADMIN API docs. Here's the link https://www.keycloak.org/docs-api/3.0/rest-api/index.html and search for "Add client-level roles to the user role mapping"

After reading this answer: https://mcmap.net/q/1469377/-keycloak-role-mapping

• Create new group (mine is "admin-group")
• Add Role mapping for the role you want every user on this group will get this Role.

When using create a new user POST I added this to the user

"groups" : [
    "admin-group"
]

The user added to this group and gets the role mapped to this group