Keycloak-使用管理API向用户添加客户端角色 [英] Keycloak - using admin API to add client role to user

问题描述

我正尝试使用密钥斗篷AdminAPI( https://www.keycloak.org/docs-api/3.0/rest-api/index.html#_users_resource )来创建用户并分配客户端角色.我收到正确的令牌，并且已创建用户，但分配角色返回404

I'm triyng to use keycloak AdminAPI (https://www.keycloak.org/docs-api/3.0/rest-api/index.html#_users_resource) to create user and assign client roles. I'm receiving correct token, and user is created but assigning roles return 404

我正在使用Postman与API连接:

I'm using Postman to connect with API:

/auth/realms/{realmName}/protocol/openid-connect/token
Content-Type application/x-www-form-urlencoded <-with parameters ofc
/auth/admin/realms/{realmName}/users

Content-Type application/json
Authorization Bearer {TOKEN}
Body:

{
   "username": "name",
   "enabled": true,
   "emailVerified": false,
   "firstName": "first",
   "lastName": "last",
   "credentials": [
       {
           "type": "password",
           "value": "newPas1*",
           "temporary": false
       }
   ]
}

以上为我工作，但下一个不为我

Above works for me, but the next one don't

/auth/admin/realms/{realmName}/users/xxxxxx-xxxx-xxxx-xxxx-xxxxxxxx/role-mappings/clients/realm-management

Content-Type application/json
Authorization Bearer {TOKEN}
Body:

{
   "roles": [
       {
           "id": "0830ff39-43ea-48bb-af8f-696bc420c1ce",
           "name": "create-client",
           "description": "${role_create-client}",
           "composite": false,
           "clientRole": true,
           "containerId": "344e7c81-e7a2-4a43-b013-57d7ed198eee"
       }
   ]
}

其中'xxxxxx-xxxx-xxxx-xxxx-xxxxxxxx'是创建期间返回的用户ID，并且存在create-client角色

where 'xxxxxx-xxxx-xxxx-xxxx-xxxxxxxx' is userID returned during creation and create-client role exists

我需要一种通过Http请求添加客户端角色的方法.我看到有一些Java的keycloack实现，但是我使用的是.NET CORE，所以会有目标实现，但是我需要先提出工作要求，因为您可能会猜到

I need a way to add client role via Http request. I saw there are some keycloack implementation for java but I'm using .NET CORE so there will be the target implementation but I need to have working request first as you may gues

推荐答案

您必须将客户端UUID传递给role-mappings REST方法，而不是在管理UI中创建客户端时指定的ID.使用GET /admin/realms/{realm}/clients?clientId=realm-management REST方法找出客户端UUID.

You have to pass client UUID to the role-mappings REST method, not the ID that you specify when creating a client in admin UI. Use GET /admin/realms/{realm}/clients?clientId=realm-management REST method to find out the client UUID.

更新

在Keycloak 6.0.1中添加一个角色，该角色需要传递角色名称和ID.

In Keycloak 6.0.1 to add a role it is required to pass role name and id.

示例:

POST /auth/admin/realms/{realm}/users/{user}/role-mappings/clients/{client}

[
  {
    "id": "0830ff39-43ea-48bb-af8f-696bc420c1ce",
    "name": "create-client"
  }
]

这篇关于Keycloak-使用管理API向用户添加客户端角色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！