Keycloak/OIDC:检索用户组属性 [英] Keycloak/OIDC : retrieve user groups attributes
问题描述
我已经从Keycloak的OIDC端点中提取了用户的组信息,但是它们与我定义的组ATTRIBUTES无关(请参阅设置"附近的属性"标签进入组表单).是否有要求添加到我的请求中?
我正在使用RESTeasy客户端访问Keycloak的管理API(比使用所提供的管理客户端要好得多):
@Path("/admin/realms/{realm}")
public interface KeycloakAdminService {
@GET
@Path("/users/{id}/groups")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
List<GroupRepresentation> getUserGroups(@PathParam("realm") String realm, @PathParam("id") String userId,
@HeaderParam(AUTHORIZATION) String accessToken);
//DEBUG the access token must always be prefixed by "Bearer "
}
因此,我可以获取用户的网上论坛:
private void fetchUserGroups(UserInfoOIDC infos, String userId) {
log.info("Fetching user groups from {}...", getRealm());
try {
KeycloakAdminService proxy = kcTarget.proxy(KeycloakAdminService.class);
AccessTokenResponse response = authzClient.obtainAccessToken(getAdminUsername(), getAdminPassword());
List<GroupRepresentation> groups = proxy.getUserGroups(getRealm(), userId,
"Bearer " + response.getToken());
infos.importUserGroups(groups); //DEBUG here we go!
} catch (WebApplicationException e) {
log.error("User groups failure on {}: {}", getRealm(), e.getMessage());
}
}
但是当涉及到数据探索时,事实证明GroupRepresentation#getAttributes结构中没有提供任何属性.
我已阅读到可以将声明添加到用户信息请求中.可以在admin API上使用吗?如何使用RESTeasy模板实现该结果? 谢谢
这是我最终可以将组属性(如前所述,继承为用户属性)映射到用户信息中,并映射到其他声明"部分的方法:
I've extracted a user's groups information from the OIDC endpoint of Keycloak, but they don't come with the group ATTRIBUTES I defined (see Attributes tab into the group form, near Settings). Is there a claim to add to my request?
I'm using a RESTeasy client to reach Keycloak's admin API (had much better results than using the provided admin client, yet):
@Path("/admin/realms/{realm}")
public interface KeycloakAdminService {
@GET
@Path("/users/{id}/groups")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
List<GroupRepresentation> getUserGroups(@PathParam("realm") String realm, @PathParam("id") String userId,
@HeaderParam(AUTHORIZATION) String accessToken);
//DEBUG the access token must always be prefixed by "Bearer "
}
So I can fetch a user's groups:
private void fetchUserGroups(UserInfoOIDC infos, String userId) {
log.info("Fetching user groups from {}...", getRealm());
try {
KeycloakAdminService proxy = kcTarget.proxy(KeycloakAdminService.class);
AccessTokenResponse response = authzClient.obtainAccessToken(getAdminUsername(), getAdminPassword());
List<GroupRepresentation> groups = proxy.getUserGroups(getRealm(), userId,
"Bearer " + response.getToken());
infos.importUserGroups(groups); //DEBUG here we go!
} catch (WebApplicationException e) {
log.error("User groups failure on {}: {}", getRealm(), e.getMessage());
}
}
But when it comes to data exploration, it turns out that no attributes are provided into the GroupRepresentation#getAttributes structure.
I've read that claims can be added to user info requests. Does it work on the admin API? How can I achieve that result with RESTeasy templates? Thx
This is how I could eventually map group attributes (inherited as user attributes, as suspected before) into user informations, into the "other claims" section :
这篇关于Keycloak/OIDC:检索用户组属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
