Class UserResource
- java.lang.Object
-
- org.keycloak.services.resources.admin.UserResource
-
public class UserResource extends Object
Base resource for managing users- Version:
- $Revision: 1 $
- Author:
- Bill Burke
-
-
Field Summary
Fields Modifier and Type Field Description protected ClientConnection
clientConnection
protected javax.ws.rs.core.HttpHeaders
headers
protected RealmModel
realm
protected KeycloakSession
session
-
Constructor Summary
Constructors Constructor Description UserResource(KeycloakSession session, UserModel user, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description javax.ws.rs.core.Response
addFederatedIdentity(String provider, FederatedIdentityRepresentation rep)
Add a social login provider to the userStream<CredentialRepresentation>
credentials()
javax.ws.rs.core.Response
deleteUser()
Delete the uservoid
disableCredentialType(List<String> credentialTypes)
Disable all credentials for a user of a specific typejavax.ws.rs.core.Response
executeActionsEmail(String redirectUri, String clientId, Integer lifespan, List<String> actions)
Send an email to the user with a link they can click to execute particular actions.Stream<String>
getConfiguredUserStorageCredentialTypes()
Return credential types, which are provided by the user storage where user is stored.Stream<Map<String,Object>>
getConsents()
Get consents granted by the userStream<FederatedIdentityRepresentation>
getFederatedIdentity()
Get social logins associated with the userMap<String,Long>
getGroupMembershipCount(String search)
Stream<UserSessionRepresentation>
getOfflineSessions(String clientUuid)
Get offline sessions associated with the user and clientRoleMapperResource
getRoleMappings()
Stream<UserSessionRepresentation>
getSessions()
Get sessions associated with the userUserRepresentation
getUser()
Get representation of the userStream<GroupRepresentation>
groupMembership(String search, Integer firstResult, Integer maxResults, boolean briefRepresentation)
Map<String,Object>
impersonate()
Impersonate the uservoid
joinGroup(String groupId)
void
logout()
Remove all user sessions associated with the user Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user.void
moveCredentialAfter(String credentialId, String newPreviousCredentialId)
Move a credential to a position behind another credentialvoid
moveCredentialToFirst(String credentialId)
Move a credential to a first position in the credentials list of the uservoid
removeCredential(String credentialId)
Remove a credential for a uservoid
removeFederatedIdentity(String provider)
Remove a social login provider from uservoid
removeMembership(String groupId)
void
resetPassword(CredentialRepresentation cred)
Set up a new password for the user.javax.ws.rs.core.Response
resetPasswordEmail(String redirectUri, String clientId)
Deprecated.void
revokeConsent(String clientId)
Revoke consent and offline tokens for particular client from userjavax.ws.rs.core.Response
sendVerifyEmail(String redirectUri, String clientId)
Send an email-verification email to the user An email contains a link the user can click to verify their email address.void
setCredentialUserLabel(String credentialId, String userLabel)
Update a credential label for a userjavax.ws.rs.core.Response
updateUser(UserRepresentation rep)
Update the userstatic void
updateUserFromRep(UserProfile profile, UserModel user, UserRepresentation rep, KeycloakSession session, boolean isUpdateExistingUser)
static javax.ws.rs.core.Response
validateUserProfile(UserProfile profile, UserModel user, KeycloakSession session)
-
-
-
Field Detail
-
realm
protected final RealmModel realm
-
clientConnection
protected final ClientConnection clientConnection
-
session
protected final KeycloakSession session
-
headers
protected final javax.ws.rs.core.HttpHeaders headers
-
-
Constructor Detail
-
UserResource
public UserResource(KeycloakSession session, UserModel user, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent)
-
-
Method Detail
-
updateUser
@PUT @Consumes("application/json") public javax.ws.rs.core.Response updateUser(UserRepresentation rep)
Update the user- Parameters:
rep
-- Returns:
-
validateUserProfile
public static javax.ws.rs.core.Response validateUserProfile(UserProfile profile, UserModel user, KeycloakSession session)
-
updateUserFromRep
public static void updateUserFromRep(UserProfile profile, UserModel user, UserRepresentation rep, KeycloakSession session, boolean isUpdateExistingUser)
-
getUser
@GET @Produces("application/json") public UserRepresentation getUser()
Get representation of the user- Returns:
-
impersonate
@Path("impersonation") @POST @Produces("application/json") public Map<String,Object> impersonate()
Impersonate the user- Returns:
-
getSessions
@Path("sessions") @GET @Produces("application/json") public Stream<UserSessionRepresentation> getSessions()
Get sessions associated with the user- Returns:
-
getOfflineSessions
@Path("offline-sessions/{clientUuid}") @GET @Produces("application/json") public Stream<UserSessionRepresentation> getOfflineSessions(@PathParam("clientUuid") String clientUuid)
Get offline sessions associated with the user and client- Returns:
-
getFederatedIdentity
@Path("federated-identity") @GET @Produces("application/json") public Stream<FederatedIdentityRepresentation> getFederatedIdentity()
Get social logins associated with the user- Returns:
- a non-null
Stream
of social logins (federated identities).
-
addFederatedIdentity
@Path("federated-identity/{provider}") @POST public javax.ws.rs.core.Response addFederatedIdentity(@PathParam("provider") String provider, FederatedIdentityRepresentation rep)
Add a social login provider to the user- Parameters:
provider
- Social login provider idrep
-- Returns:
-
removeFederatedIdentity
@Path("federated-identity/{provider}") @DELETE public void removeFederatedIdentity(@PathParam("provider") String provider)
Remove a social login provider from user- Parameters:
provider
- Social login provider id
-
getConsents
@Path("consents") @GET @Produces("application/json") public Stream<Map<String,Object>> getConsents()
Get consents granted by the user- Returns:
-
revokeConsent
@Path("consents/{client}") @DELETE public void revokeConsent(@PathParam("client") String clientId)
Revoke consent and offline tokens for particular client from user- Parameters:
clientId
- Client id
-
logout
@Path("logout") @POST public void logout()
Remove all user sessions associated with the user Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user.
-
deleteUser
@DELETE public javax.ws.rs.core.Response deleteUser()
Delete the user
-
getRoleMappings
@Path("role-mappings") public RoleMapperResource getRoleMappings()
-
disableCredentialType
@Path("disable-credential-types") @PUT @Consumes("application/json") public void disableCredentialType(List<String> credentialTypes)
Disable all credentials for a user of a specific type- Parameters:
credentialTypes
-
-
resetPassword
@Path("reset-password") @PUT @Consumes("application/json") public void resetPassword(CredentialRepresentation cred)
Set up a new password for the user.- Parameters:
cred
- The representation must contain a rawPassword with the plain-text password
-
credentials
@GET @Path("credentials") @Produces("application/json") public Stream<CredentialRepresentation> credentials()
-
getConfiguredUserStorageCredentialTypes
@GET @Path("configured-user-storage-credential-types") @Produces("application/json") public Stream<String> getConfiguredUserStorageCredentialTypes()
Return credential types, which are provided by the user storage where user is stored. Returned values can contain for example "password", "otp" etc. This will always return empty list for "local" users, which are not backed by any user storage- Returns:
-
removeCredential
@Path("credentials/{credentialId}") @DELETE public void removeCredential(@PathParam("credentialId") String credentialId)
Remove a credential for a user
-
setCredentialUserLabel
@PUT @Consumes("text/plain") @Path("credentials/{credentialId}/userLabel") public void setCredentialUserLabel(@PathParam("credentialId") String credentialId, String userLabel)
Update a credential label for a user
-
moveCredentialToFirst
@Path("credentials/{credentialId}/moveToFirst") @POST public void moveCredentialToFirst(@PathParam("credentialId") String credentialId)
Move a credential to a first position in the credentials list of the user- Parameters:
credentialId
- The credential to move
-
moveCredentialAfter
@Path("credentials/{credentialId}/moveAfter/{newPreviousCredentialId}") @POST public void moveCredentialAfter(@PathParam("credentialId") String credentialId, @PathParam("newPreviousCredentialId") String newPreviousCredentialId)
Move a credential to a position behind another credential- Parameters:
credentialId
- The credential to movenewPreviousCredentialId
- The credential that will be the previous element in the list. If set to null, the moved credential will be the first element in the list.
-
resetPasswordEmail
@Deprecated @Path("reset-password-email") @PUT @Consumes("application/json") public javax.ws.rs.core.Response resetPasswordEmail(@QueryParam("redirect_uri") String redirectUri, @QueryParam("client_id") String clientId)
Deprecated.Send an email to the user with a link they can click to reset their password. The redirectUri and clientId parameters are optional. The default for the redirect is the account client. This endpoint has been deprecated. Please use the execute-actions-email passing a list with UPDATE_PASSWORD within it.- Parameters:
redirectUri
- redirect uriclientId
- client id- Returns:
-
executeActionsEmail
@Path("execute-actions-email") @PUT @Consumes("application/json") public javax.ws.rs.core.Response executeActionsEmail(@QueryParam("redirect_uri") String redirectUri, @QueryParam("client_id") String clientId, @QueryParam("lifespan") Integer lifespan, List<String> actions)
Send an email to the user with a link they can click to execute particular actions. An email contains a link the user can click to perform a set of required actions. The redirectUri and clientId parameters are optional. If no redirect is given, then there will be no link back to click after actions have completed. Redirect uri must be a valid uri for the particular clientId.- Parameters:
redirectUri
- Redirect uriclientId
- Client idlifespan
- Number of seconds after which the generated token expiresactions
- Required actions the user needs to complete- Returns:
-
sendVerifyEmail
@Path("send-verify-email") @PUT @Consumes("application/json") public javax.ws.rs.core.Response sendVerifyEmail(@QueryParam("redirect_uri") String redirectUri, @QueryParam("client_id") String clientId)
Send an email-verification email to the user An email contains a link the user can click to verify their email address. The redirectUri and clientId parameters are optional. The default for the redirect is the account client.- Parameters:
redirectUri
- Redirect uriclientId
- Client id- Returns:
-
groupMembership
@GET @Path("groups") @Produces("application/json") public Stream<GroupRepresentation> groupMembership(@QueryParam("search") String search, @QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResults, @QueryParam("briefRepresentation") @DefaultValue("true") boolean briefRepresentation)
-
getGroupMembershipCount
@GET @Path("groups/count") @Produces("application/json") public Map<String,Long> getGroupMembershipCount(@QueryParam("search") String search)
-
removeMembership
@DELETE @Path("groups/{groupId}") public void removeMembership(@PathParam("groupId") String groupId)
-
joinGroup
@PUT @Path("groups/{groupId}") public void joinGroup(@PathParam("groupId") String groupId)
-
-