REST API中缺少Keycloak用户角色 [英] Keycloak User Roles missing in REST API
问题描述
如果有人知道,我想问一下,为什么在REST ADMIN API请求的用户详细信息中没有没有角色.我看到一些有关此主题的帖子,但是没有明确的答案,或者他们建议使用keycloak-admin-client,但这似乎不太方便.也许我需要在管理控制台中映射角色或使用声明?角色是最重要的用户属性之一,那么为什么不将其作为其他用户属性来检索呢?有什么建议吗?谢谢
I would like to ask, if somebody knows, why there are no roles within the user details in REST ADMIN API request. I saw some posts dealing with this topic, but there were either no clear answer or they propose to use keycloak-admin-client, but that seems not very convenient. Maybe I need to map the roles in Admin console or use claims? Roles are one of the most important user attribute so whats the reason they are not retrieved as other user attributes?Any suggestion? Thanks
GET /auth/admin/realms/{realm}/users
{
"id": "efa7e6c0-139f-44d8-baa8-10822ed2a9c1",
"createdTimestamp": 1516707328588,
"username": "testuser",
"enabled": true,
"totp": false,
"emailVerified": false,
"firstName": "Test",
"lastName": "User",
"email": "test@xxx.com",
"attributes": {"xxx": ["123456"]},
"disableableCredentialTypes": ["password"],
"requiredActions": []
}
推荐答案
您没有在用户详细信息中获得角色,因为REST API严格基于资源,并且角色是仅与用户相关联的单独对象.以下REST URL可用于获取用户的角色
获得相关的领域角色:
GET /auth/admin/realms/{realm}/users/{user-uuid}/role-mappings/realm
获得特定客户端的关联角色:
GET /auth/admin/realms/{realm}/users/{user-uuid}/role-mappings/clients/{client-uuid}
You are not getting roles in the user details because the REST API is strictly resource based and roles are separate objects that are just associated to a user. The following REST URLs can be used to get a user's roles
Getting the associated realm roles:
GET /auth/admin/realms/{realm}/users/{user-uuid}/role-mappings/realm
Getting the associated role of a specific client:
GET /auth/admin/realms/{realm}/users/{user-uuid}/role-mappings/clients/{client-uuid}
这篇关于REST API中缺少Keycloak用户角色的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
