Package org.keycloak.services.resources.admin

Class UserResource

  • public class UserResource
extends Object
    Base resource for managing users
    Version:
    $Revision: 1 $
    Author:
    Bill Burke

    • Field Detail

      • headers

        protected final javax.ws.rs.core.HttpHeaders headers

    • Method Detail

      • updateUser

        @PUT
@Consumes("application/json")
public javax.ws.rs.core.Response updateUser​(UserRepresentation rep)
        Update the user
        Parameters:
        rep -
        Returns:

      • getUser

        @GET
@Produces("application/json")
public UserRepresentation getUser()
        Get representation of the user
        Returns:

      • impersonate

        @Path("impersonation")
@POST
@Produces("application/json")
public Map<String,​Object> impersonate()
        Impersonate the user
        Returns:

      • getSessions

        @Path("sessions")
@GET
@Produces("application/json")
public Stream<UserSessionRepresentation> getSessions()
        Get sessions associated with the user
        Returns:

      • getOfflineSessions

        @Path("offline-sessions/{clientUuid}")
@GET
@Produces("application/json")
public Stream<UserSessionRepresentation> getOfflineSessions​(@PathParam("clientUuid")
                                                            String clientUuid)
        Get offline sessions associated with the user and client
        Returns:

      • getFederatedIdentity

        @Path("federated-identity")
@GET
@Produces("application/json")
public Stream<FederatedIdentityRepresentation> getFederatedIdentity()
        Get social logins associated with the user
        Returns:
        a non-null Stream of social logins (federated identities).

      • addFederatedIdentity

        @Path("federated-identity/{provider}")
@POST
public javax.ws.rs.core.Response addFederatedIdentity​(@PathParam("provider")
                                                      String provider,
                                                      FederatedIdentityRepresentation rep)
        Add a social login provider to the user
        Parameters:
        provider - Social login provider id
        rep -
        Returns:

      • removeFederatedIdentity

        @Path("federated-identity/{provider}")
@DELETE
public void removeFederatedIdentity​(@PathParam("provider")
                                    String provider)
        Remove a social login provider from user
        Parameters:
        provider - Social login provider id

      • getConsents

        @Path("consents")
@GET
@Produces("application/json")
public Stream<Map<String,​Object>> getConsents()
        Get consents granted by the user
        Returns:

      • revokeConsent

        @Path("consents/{client}")
@DELETE
public void revokeConsent​(@PathParam("client")
                          String clientId)
        Revoke consent and offline tokens for particular client from user
        Parameters:
        clientId - Client id

      • logout

        @Path("logout")
@POST
public void logout()
        Remove all user sessions associated with the user Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user.

      • deleteUser

        @DELETE
public javax.ws.rs.core.Response deleteUser()
        Delete the user

      • disableCredentialType

        @Path("disable-credential-types")
@PUT
@Consumes("application/json")
public void disableCredentialType​(List<String> credentialTypes)
        Disable all credentials for a user of a specific type
        Parameters:
        credentialTypes -

      • resetPassword

        @Path("reset-password")
@PUT
@Consumes("application/json")
public void resetPassword​(CredentialRepresentation cred)
        Set up a new password for the user.
        Parameters:
        cred - The representation must contain a rawPassword with the plain-text password

      • getConfiguredUserStorageCredentialTypes

        @GET
@Path("configured-user-storage-credential-types")
@Produces("application/json")
public Stream<String> getConfiguredUserStorageCredentialTypes()
        Return credential types, which are provided by the user storage where user is stored. Returned values can contain for example "password", "otp" etc. This will always return empty list for "local" users, which are not backed by any user storage
        Returns:

      • removeCredential

        @Path("credentials/{credentialId}")
@DELETE
public void removeCredential​(@PathParam("credentialId")
                             String credentialId)
        Remove a credential for a user

      • setCredentialUserLabel

        @PUT
@Consumes("text/plain")
@Path("credentials/{credentialId}/userLabel")
public void setCredentialUserLabel​(@PathParam("credentialId")
                                   String credentialId,
                                   String userLabel)
        Update a credential label for a user

      • moveCredentialToFirst

        @Path("credentials/{credentialId}/moveToFirst")
@POST
public void moveCredentialToFirst​(@PathParam("credentialId")
                                  String credentialId)
        Move a credential to a first position in the credentials list of the user
        Parameters:
        credentialId - The credential to move

      • moveCredentialAfter

        @Path("credentials/{credentialId}/moveAfter/{newPreviousCredentialId}")
@POST
public void moveCredentialAfter​(@PathParam("credentialId")
                                String credentialId,
                                @PathParam("newPreviousCredentialId")
                                String newPreviousCredentialId)
        Move a credential to a position behind another credential
        Parameters:
        credentialId - The credential to move
        newPreviousCredentialId - The credential that will be the previous element in the list. If set to null, the moved credential will be the first element in the list.

      • resetPasswordEmail

        @Deprecated
@Path("reset-password-email")
@PUT
@Consumes("application/json")
public javax.ws.rs.core.Response resetPasswordEmail​(@QueryParam("redirect_uri")
                                                    String redirectUri,
                                                    @QueryParam("client_id")
                                                    String clientId)
        Deprecated.
        Send an email to the user with a link they can click to reset their password. The redirectUri and clientId parameters are optional. The default for the redirect is the account client. This endpoint has been deprecated. Please use the execute-actions-email passing a list with UPDATE_PASSWORD within it.
        Parameters:
        redirectUri - redirect uri
        clientId - client id
        Returns:

      • executeActionsEmail

        @Path("execute-actions-email")
@PUT
@Consumes("application/json")
public javax.ws.rs.core.Response executeActionsEmail​(@QueryParam("redirect_uri")
                                                     String redirectUri,
                                                     @QueryParam("client_id")
                                                     String clientId,
                                                     @QueryParam("lifespan")
                                                     Integer lifespan,
                                                     List<String> actions)
        Send an email to the user with a link they can click to execute particular actions. An email contains a link the user can click to perform a set of required actions. The redirectUri and clientId parameters are optional. If no redirect is given, then there will be no link back to click after actions have completed. Redirect uri must be a valid uri for the particular clientId.
        Parameters:
        redirectUri - Redirect uri
        clientId - Client id
        lifespan - Number of seconds after which the generated token expires
        actions - Required actions the user needs to complete
        Returns:

      • sendVerifyEmail

        @Path("send-verify-email")
@PUT
@Consumes("application/json")
public javax.ws.rs.core.Response sendVerifyEmail​(@QueryParam("redirect_uri")
                                                 String redirectUri,
                                                 @QueryParam("client_id")
                                                 String clientId)
        Send an email-verification email to the user An email contains a link the user can click to verify their email address. The redirectUri and clientId parameters are optional. The default for the redirect is the account client.
        Parameters:
        redirectUri - Redirect uri
        clientId - Client id
        Returns:

      • groupMembership

        @GET
@Path("groups")
@Produces("application/json")
public Stream<GroupRepresentation> groupMembership​(@QueryParam("search")
                                                   String search,
                                                   @QueryParam("first")
                                                   Integer firstResult,
                                                   @QueryParam("max")
                                                   Integer maxResults,
                                                   @QueryParam("briefRepresentation") @DefaultValue("true")
                                                   boolean briefRepresentation)

      • getGroupMembershipCount

        @GET
@Path("groups/count")
@Produces("application/json")
public Map<String,​Long> getGroupMembershipCount​(@QueryParam("search")
                                                      String search)

      • removeMembership

        @DELETE
@Path("groups/{groupId}")
public void removeMembership​(@PathParam("groupId")
                             String groupId)

      • joinGroup

        @PUT
@Path("groups/{groupId}")
public void joinGroup​(@PathParam("groupId")
                      String groupId)