Why I can not reach this keycloak rest api end point?

1
votes

I am trying to retrieve users list based on their roles. I have this role: ROLE_ADMIN. I would like to retrieve every user that have this role.

I try it with this endpoint:

http://10.10.10.10:5555/auth/demo-realm/clients/e286a05c-6641-49c3-bb7c-ffe5dd2d8c66/roles/ROLE_ADMIN/users

but it sends me back this:

{ "error": "RESTEASY003210: Could not find resource for full path: http://10.10.10.10:5555/auth/demo-realm/clients/e286a05c-6641-49c3-bb7c-ffe5dd2d8c66/roles/ROLE_ADMIN/users" }

I found the endpoint here: https://www.keycloak.org/docs-api/11.0/rest-api/index.html under "Return List of Users that have the specified role name".

I can reach these end points for example:

http://10.10.10.10:5555/auth/realms/demo-realm/protocol/openid-connect/token

http://10.10.10.10:5555/auth/admin/realms/demo-realm/users

What did I miss? What makes this to not work?

Thanks in advance.

1
keycloakkeycloak-rest-api

1 Answers

1
votes

To get the users associate with a given Realm role you need to call the endpoint:

GET <KEYCLOAK_HOST>/auth/admin/realms/<YOUR_REALM>/roles/<ROLE_NAME>/users

to get the users associate with a given Client role you need to call this endpoint:

GET <KEYCLOAK_HOST>/auth/admin/realms/<YOUR_REALM>/clients/<CLIENT_ID>/roles/<ROLE_NAME>/users

where <CLIENT_ID> is the ID from the client to which the <ROLE_NAME> belongs to.

Finally, to get the client ID, you can call this endpoint:

GET <KEYCLOAK_HOST>/auth/admin/realms/<YOUR_REALM>/clients?clientId=<ID_OF_CLIENT>

Note that the client ID is the unique ID generated by Keycloak, whereas <ID_OF_CLIENT> is the Client ID that you have given to your Keycloak client.