'How can i create user with multiple Client roles in a single API

I want to create a user and assign a client role with it in a single API in Keycloak I have attached the details.

I have this API

http://testkeycloak.com:8085/auth/admin/realms/engineer/users

{   
    "enabled":true,
    "username":"joshbiden",
    "email":"[email protected]",
    "firstName":"Josh",
    "lastName":"biden",
    "attributes": 
    {
        "Mobile Number":"3333332332"
    },
    "clientRoles": 
    {
        "name": "DEVELOPER"
    },
    "credentials":
    [
    {
        "type":"password",
        "value":"rollback",
        "temporary":false
    }
    ]
}

CLIENT ROLE - DETAILS

    {
        "id": "32e432da-d0c0-45f8-a67d-f3146b7a24b4",
        "name": "DEVELOPER",
        "composite": false,
        "clientRole": true,
        "containerId": "343434-7631-4187-ac76-ad78de119b90"
    }

How can I assign two clients' roles to the USER, I have tried to add users but facing an unknown error. Let me know any solution for the same

keycloakkeycloak-serviceskeycloak-rest-api


Solution 1:[1]

You can try to do it in two steps:

First create the user using the endpoint POST /{realm}/users and with the following data (without the role):

{
  "username": "joshbiden",
  "enabled": true,
  "firstName": "Josh",
  "lastName": "biden",
  "email": "[email protected]",
  "attributes": {
    "Mobile Number": [
      "3333332332"
    ]
  },
  "credentials": [{
    "type":"password",
    "value":"rollback",
    "temporary":false
  }]
}

Second, you assign the role using the endpoint :

POST /{realm}/users/{id}/role-mappings/clients/{id of client}

with the data:

[{
  "id": "32e432da-d0c0-45f8-a67d-f3146b7a24b4",
  "name": "DEVELOPER",
  "composite": false,
  "clientRole": true,
  "containerId": "343434-7631-4187-ac76-ad78de119b90"
}]

Solution 2:[2]

Try This,

{
  "enabled": true,
  "username": "joshbiden",
  "email": "[email protected]",
  "firstName": "Josh",
  "lastName": "biden",
  "attributes": {
    "Mobile Number": "3333332332"
  },
  "clientRoles": {
    "<name-of-the-client-in-realm>": ["DEVELOPER"]
  },
  "credentials": [
    {
      "type": "password",
      "value": "rollback",
      "temporary": false
    }
  ]
}

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 dreamcrash
Solution 2 Devendra Mahajan

Related Questions

Deploying a Keycloak HA cluster to kubernetes | Pods are not discovering each other

What is the best approach to logout from keycloak after authentication via pkce?

Change the preferred_username in token for client credential grant flow

Keycloak-js 'init()' not executing in React app

Keycloak Rest API get all available resources

Customize keycloak error page with spring boot

AWS Cognito in place of Keycloak [closed]

Keycloak 17.0.1 Import Realm on Docker / Docker-Compose Startup

How to configure "accept Terms and Conditions" on Keycloak registration page

What are the differences between CAS and Keycloak?

What are the differences between CAS and Keycloak?

Keycloak templates available variables

Keycloak: CLIENT_INITIATED_ACCOUNT_LINKING_ERROR with invalid_token

Keycloak / SpringBoot - The Issuer <https://example.com> provided in the OpenID Configuration did not match the requested issuer <https://bar.com>

M1 docker preview and keycloak 'image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8)' Issue