Keycloak User Roles missing in REST API
I would like to ask, if somebody knows, why there are no roles within the user details in REST ADMIN API request. I saw some posts dealing with this topic, but there were either no clear answer or they propose to use keycloak-admin-client, but that seems not very convenient. Maybe I need to map the roles in Admin console or use claims? Roles are one of the most important user attribute so whats the reason they are not retrieved as other user attributes?Any suggestion? Thanks
GET /auth/admin/realms/{realm}/users
{
"id": "efa7e6c0-139f-44d8-baa8-10822ed2a9c1",
"createdTimestamp": 1516707328588,
"username": "testuser",
"enabled": true,
"totp": false,
"emailVerified": false,
"firstName": "Test",
"lastName": "User",
"email": "[email protected]",
"attributes": {"xxx": ["123456"]},
"disableableCredentialTypes": ["password"],
"requiredActions": []
}
Answer
You are not getting roles in the user details because the REST API is strictly resource based and roles are separate objects that are just associated to a user. The following REST URLs can be used to get a user's roles
Getting the associated realm roles:
GET /auth/admin/realms/{realm}/users/{user-uuid}/role-mappings/realm
Getting the associated role of a specific client:
GET /auth/admin/realms/{realm}/users/{user-uuid}/role-mappings/clients/{client-uuid}