Login/Register
How can I get other users info(username, firstname) by id? [Keycloak]
Asked Answered
Solved javaapikeycloakuser-management
E

5

23

How can I get user keycloak attributes (username, firstname, email...) based on user id? The user I'm using in the Keycloak session has already the role view-users assigned so I should be able to list at least all users, is there any Keycloak class that I can use?

What I'm trying to achieve here is to avoid to replicate the keycloak users database to another local database, but doesn't seem possible to access any other user info, besides the one in the current session...

Edinburgh answered 12/4, 2019 at 1:36 Comment(0)
W
27

You can use the Admin REST API. The detailed description of the relevant API is available here. Also you can use the JAVA wrapper API. Please find couple of examples below.

Example 1, REST:

Get an access token:

curl \
  -d "client_id=admin-cli" \
  -d "username=admin" \
  -d "password=secret" \
  -d "grant_type=password" \
  "http://localhost:8080/auth/realms/master/protocol/openid-connect/token"

Get all users:

curl \
  -H "Authorization: bearer eyJhbGciOiJSUzI...." \
  "http://localhost:8080/auth/admin/realms/master/users"

Sample output:

[
     {
        "id":"349f67de-36e6-4552-ac54-e52085109616",
        "username":"admin",
        "enabled":true,
        ...
     },
     {
        "id":"08afb701-fae5-40b4-8895-e387ba1902fb",
        "username":"lbalev",
        "enabled":true,
        ....
     }
  ]

Get a user based by user id:

curl \
  -H "Authorization: bearer eyJhbGciOiJSU...." \
  "http://localhost:8080/auth/admin/realms/master/users/349f67de-36e6-4552-ac54-e52085109616"

Example 2, JAVA API:

Get a user based on user ID:

public class TestUserAccess {

  private static final String SERVER_URL = "http://localhost:8080/auth";
  private static final String REALM = "master";
  private static final String USERNAME = "admin";
  private static final String PASSWORD = "secret";
  private static final String CLIENT_ID = "admin-cli";

  public static void main(String[] args) {

    Keycloak keycloak = KeycloakBuilder
        .builder()
        .serverUrl(SERVER_URL)
        .realm(REALM)
        .username(USERNAME)
        .password(PASSWORD)
        .clientId(CLIENT_ID)
        .resteasyClient(new ResteasyClientBuilder().connectionPoolSize(10).build())
        .build();

    UsersResource usersResource = keycloak.realm(REALM).users();
    UserResource userResource = usersResource.get("08afb701-fae5-40b4-8895-e387ba1902fb");
    System.out.println(userResource.toRepresentation().getEmail());
  }
}

The relevant dependencies for the example above are (please note that the versions might not be up-to-date):

dependencies {
    compile group: 'org.keycloak', name: 'keycloak-admin-client', version: '3.3.0.CR2'
    compile group: 'org.jboss.resteasy', name: 'resteasy-jaxrs', version: '3.1.4.Final'
    compile group: 'org.jboss.resteasy', name: 'resteasy-client', version: '3.1.4.Final'
    compile group: 'org.jboss.resteasy', name: 'resteasy-jackson2-provider', version: '3.1.4.Final'
}
Whitaker answered 14/4, 2019 at 7:57 Comment(1)
can u exaplain why the url is localhost:8080, from my understanding keyclock has a different ip address something like 43.224.110.84:8080Borderland
B
12

The is simple method as well, because in above answer all the user info is getting fetched which is not the proper way because in case thousands of users it will be heavy call.

so just pass username as query parameter

GET: http://localhost:8080/auth/admin/realms/{real-name}/users?username=testUser

make sure you user admin access token for the call

Betaine answered 19/9, 2020 at 18:56 Comment(3)
Best solution for searching by username, thanks! Unfortunately its not working with id param.Coo
For retrieving user representation by user id use /auth/admin/realms/{realm-name}/users/{id} endpoint. SourceDecagram
@Coo in case u can't find a specific, existing user, you might not have the permissions to see this user or you are in the wrong realm, e.g. u use master in the url instead of the realm the user is actually in.Valdovinos
I
5

You can just simply search by id in search bar of the keycloak admin console, like this, enter image description here

id:ac796f21-c4ef-4182-a70a-970bac598bd6

Use id: before enter the user id.

if user id is 12345

Search by id,

id:12345 

Assume you have this user
user01 - [email protected]

Search by email or username with wildcard

user%
%gmail.com
%kod%
Ithunn answered 22/2, 2023 at 4:16 Comment(1)
Nice! Works flawless! I would like to know more about this. Does anybody know if this is somewhere in the docs? Cant find it there.Saipan
D
4

Thanks @Nikhil Shinde for sharing the restapi endpoint.

Like he said the below will give look a like users.

GET: http://localhost:8080/auth/admin/realms/{real-name}/users?username=testUser

If you want exact username match, then try with exact=true

GET: http://localhost:8080/auth/admin/realms/{real-name}/users?username=testUser&exact=true

Source : https://www.keycloak.org/docs-api/15.0/rest-api/index.html#_users_resource

Discus answered 29/10, 2021 at 15:4 Comment(3)
You answer seems very similar with the which one that you mentionned. What did you add to it ?Dumm
The second url gives the exact user rather than a list of look a like user.Discus
thanks, this works for me: IP:8080/admin/realms/master/… in my v17.01 put /auth in path give me error.Sodalite
P
1

Keycloak Rest API

Version > 17 Quarkus base

// Below will return's look a like users
GET: http://localhost:8080/admin/realms/{real-name}/users?username=testUser

// Below Will return's exact same user
GET: http://localhost:8080/admin/realms/{real-name}/users?username=testUser&exact=true

For Legacy Version use /auth/ in url

// Below will return's look a like users
GET: http://localhost:8080/auth/admin/realms/{real-name}/users?username=testUser

// Below Will return's exact same user
GET: http://localhost:8080/auth/admin/realms/{real-name}/users?username=testUser&exact=true
Punjabi answered 1/2, 2023 at 13:11 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.