Class UserResource
java.lang.Object
org.keycloak.services.resources.admin.UserResource
Base resource for managing users
- Version:
- $Revision: 1 $
- Author:
- Bill Burke
-
Field Summary
Modifier and TypeFieldDescriptionprotected final ClientConnection
protected final jakarta.ws.rs.core.HttpHeaders
protected final RealmModel
protected final KeycloakSession
-
Constructor Summary
ConstructorDescriptionUserResource
(KeycloakSession session, UserModel user, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) -
Method Summary
Modifier and TypeMethodDescriptionjakarta.ws.rs.core.Response
addFederatedIdentity
(String provider, FederatedIdentityRepresentation rep) Add a social login provider to the userjakarta.ws.rs.core.Response
Delete the uservoid
disableCredentialType
(List<String> credentialTypes) Disable all credentials for a user of a specific typejakarta.ws.rs.core.Response
Send an email to the user with a link they can click to execute particular actions.Return credential types, which are provided by the user storage where user is stored.Get consents granted by the userGet social logins associated with the usergetGroupMembershipCount
(String search) getOfflineSessions
(String clientUuid) Get offline sessions associated with the user and clientGet sessions associated with the usergetUser
(boolean userProfileMetadata) Get representation of the usergroupMembership
(String search, Integer firstResult, Integer maxResults, boolean briefRepresentation) Impersonate the uservoid
void
logout()
Remove all user sessions associated with the user Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user.void
moveCredentialAfter
(String credentialId, String newPreviousCredentialId) Move a credential to a position behind another credentialvoid
moveCredentialToFirst
(String credentialId) Move a credential to a first position in the credentials list of the uservoid
removeCredential
(String credentialId) Remove a credential for a uservoid
removeFederatedIdentity
(String provider) Remove a social login provider from uservoid
removeMembership
(String groupId) void
Set up a new password for the user.jakarta.ws.rs.core.Response
resetPasswordEmail
(String redirectUri, String clientId) Deprecated.void
revokeConsent
(String clientId) Revoke consent and offline tokens for particular client from userjakarta.ws.rs.core.Response
sendVerifyEmail
(String redirectUri, String clientId, Integer lifespan) Send an email-verification email to the user An email contains a link the user can click to verify their email address.void
setCredentialUserLabel
(String credentialId, String userLabel) Update a credential label for a userjakarta.ws.rs.core.Response
Update the userstatic void
updateUserFromRep
(UserProfile profile, UserModel user, UserRepresentation rep, KeycloakSession session, boolean isUpdateExistingUser) static jakarta.ws.rs.core.Response
validateUserProfile
(UserProfile profile, KeycloakSession session, AdminAuth adminAuth)
-
Field Details
-
realm
-
clientConnection
-
session
-
headers
protected final jakarta.ws.rs.core.HttpHeaders headers
-
-
Constructor Details
-
UserResource
public UserResource(KeycloakSession session, UserModel user, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent)
-
-
Method Details
-
updateUser
@PUT @Consumes("application/json") public jakarta.ws.rs.core.Response updateUser(UserRepresentation rep) Update the user- Parameters:
rep
-- Returns:
-
validateUserProfile
public static jakarta.ws.rs.core.Response validateUserProfile(UserProfile profile, KeycloakSession session, AdminAuth adminAuth) -
updateUserFromRep
public static void updateUserFromRep(UserProfile profile, UserModel user, UserRepresentation rep, KeycloakSession session, boolean isUpdateExistingUser) -
getUser
@GET @Produces("application/json") public UserRepresentation getUser(@QueryParam("userProfileMetadata") boolean userProfileMetadata) Get representation of the user- Returns:
-
impersonate
Impersonate the user- Returns:
-
getSessions
@Path("sessions") @GET @Produces("application/json") public Stream<UserSessionRepresentation> getSessions()Get sessions associated with the user- Returns:
-
getOfflineSessions
@Path("offline-sessions/{clientUuid}") @GET @Produces("application/json") public Stream<UserSessionRepresentation> getOfflineSessions(@PathParam("clientUuid") String clientUuid) Get offline sessions associated with the user and client- Returns:
-
getFederatedIdentity
@Path("federated-identity") @GET @Produces("application/json") public Stream<FederatedIdentityRepresentation> getFederatedIdentity()Get social logins associated with the user- Returns:
- a non-null
Stream
of social logins (federated identities).
-
addFederatedIdentity
@Path("federated-identity/{provider}") @POST public jakarta.ws.rs.core.Response addFederatedIdentity(@PathParam("provider") String provider, FederatedIdentityRepresentation rep) Add a social login provider to the user- Parameters:
provider
- Social login provider idrep
-- Returns:
-
removeFederatedIdentity
@Path("federated-identity/{provider}") @DELETE public void removeFederatedIdentity(@PathParam("provider") String provider) Remove a social login provider from user- Parameters:
provider
- Social login provider id
-
getConsents
@Path("consents") @GET @Produces("application/json") public Stream<Map<String,Object>> getConsents()Get consents granted by the user- Returns:
-
revokeConsent
Revoke consent and offline tokens for particular client from user- Parameters:
clientId
- Client id
-
logout
@Path("logout") @POST public void logout()Remove all user sessions associated with the user Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user. -
deleteUser
@DELETE public jakarta.ws.rs.core.Response deleteUser()Delete the user -
getRoleMappings
-
disableCredentialType
@Path("disable-credential-types") @PUT @Consumes("application/json") public void disableCredentialType(List<String> credentialTypes) Disable all credentials for a user of a specific type- Parameters:
credentialTypes
-
-
resetPassword
@Path("reset-password") @PUT @Consumes("application/json") public void resetPassword(CredentialRepresentation cred) Set up a new password for the user.- Parameters:
cred
- The representation must contain a rawPassword with the plain-text password
-
credentials
@GET @Path("credentials") @Produces("application/json") public Stream<CredentialRepresentation> credentials() -
getConfiguredUserStorageCredentialTypes
@GET @Path("configured-user-storage-credential-types") @Produces("application/json") public Stream<String> getConfiguredUserStorageCredentialTypes()Return credential types, which are provided by the user storage where user is stored. Returned values can contain for example "password", "otp" etc. This will always return empty list for "local" users, which are not backed by any user storage- Returns:
-
removeCredential
@Path("credentials/{credentialId}") @DELETE public void removeCredential(@PathParam("credentialId") String credentialId) Remove a credential for a user -
setCredentialUserLabel
@PUT @Consumes("text/plain") @Path("credentials/{credentialId}/userLabel") public void setCredentialUserLabel(@PathParam("credentialId") String credentialId, String userLabel) Update a credential label for a user -
moveCredentialToFirst
@Path("credentials/{credentialId}/moveToFirst") @POST public void moveCredentialToFirst(@PathParam("credentialId") String credentialId) Move a credential to a first position in the credentials list of the user- Parameters:
credentialId
- The credential to move
-
moveCredentialAfter
@Path("credentials/{credentialId}/moveAfter/{newPreviousCredentialId}") @POST public void moveCredentialAfter(@PathParam("credentialId") String credentialId, @PathParam("newPreviousCredentialId") String newPreviousCredentialId) Move a credential to a position behind another credential- Parameters:
credentialId
- The credential to movenewPreviousCredentialId
- The credential that will be the previous element in the list. If set to null, the moved credential will be the first element in the list.
-
resetPasswordEmail
@Deprecated @Path("reset-password-email") @PUT @Consumes("application/json") public jakarta.ws.rs.core.Response resetPasswordEmail(@QueryParam("redirect_uri") String redirectUri, @QueryParam("client_id") String clientId) Deprecated.Send an email to the user with a link they can click to reset their password. The redirectUri and clientId parameters are optional. The default for the redirect is the account client. This endpoint has been deprecated. Please use the execute-actions-email passing a list with UPDATE_PASSWORD within it.- Parameters:
redirectUri
- redirect uriclientId
- client id- Returns:
-
executeActionsEmail
@Path("execute-actions-email") @PUT @Consumes("application/json") public jakarta.ws.rs.core.Response executeActionsEmail(@QueryParam("redirect_uri") String redirectUri, @QueryParam("client_id") String clientId, @QueryParam("lifespan") Integer lifespan, List<String> actions) Send an email to the user with a link they can click to execute particular actions. An email contains a link the user can click to perform a set of required actions. The redirectUri and clientId parameters are optional. If no redirect is given, then there will be no link back to click after actions have completed. Redirect uri must be a valid uri for the particular clientId.- Parameters:
redirectUri
- Redirect uriclientId
- Client idlifespan
- Number of seconds after which the generated token expiresactions
- Required actions the user needs to complete- Returns:
-
sendVerifyEmail
@Path("send-verify-email") @PUT @Consumes("application/json") public jakarta.ws.rs.core.Response sendVerifyEmail(@QueryParam("redirect_uri") String redirectUri, @QueryParam("client_id") String clientId, @QueryParam("lifespan") Integer lifespan) Send an email-verification email to the user An email contains a link the user can click to verify their email address. The redirectUri and clientId parameters are optional. The default for the redirect is the account client.- Parameters:
redirectUri
- Redirect uriclientId
- Client idlifespan
- Number of seconds after which the generated token expires- Returns:
-
groupMembership
@GET @Path("groups") @Produces("application/json") public Stream<GroupRepresentation> groupMembership(@QueryParam("search") String search, @QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResults, @QueryParam("briefRepresentation") @DefaultValue("true") boolean briefRepresentation) -
getGroupMembershipCount
-
removeMembership
@DELETE @Path("groups/{groupId}") public void removeMembership(@PathParam("groupId") String groupId) -
joinGroup
-