Package org.keycloak.services.resources.admin

Class UserResource

java.lang.Object
org.keycloak.services.resources.admin.UserResource
public class UserResource extends Object
Base resource for managing users
Version:
$Revision: 1 $
Author:
Bill Burke

  • Field Details

    • realm

      protected final RealmModel realm

    • clientConnection

      protected final ClientConnection clientConnection

    • session

      protected final KeycloakSession session

    • headers

      protected final jakarta.ws.rs.core.HttpHeaders headers

  • Constructor Details

  • Method Details

    • updateUser

      @PUT @Consumes("application/json") public jakarta.ws.rs.core.Response updateUser(UserRepresentation rep)
      Update the user
      Parameters:
      rep -
      Returns:

    • validateUserProfile

      public static jakarta.ws.rs.core.Response validateUserProfile(UserProfile profile, KeycloakSession session, AdminAuth adminAuth)

    • updateUserFromRep

      public static void updateUserFromRep(UserProfile profile, UserModel user, UserRepresentation rep, KeycloakSession session, boolean isUpdateExistingUser)

    • getUser

      @GET @Produces("application/json") public UserRepresentation getUser(@QueryParam("userProfileMetadata") boolean userProfileMetadata)
      Get representation of the user
      Returns:

    • impersonate

      @Path("impersonation") @POST @Produces("application/json") public Map<String,Object> impersonate()
      Impersonate the user
      Returns:

    • getSessions

      @Path("sessions") @GET @Produces("application/json") public Stream<UserSessionRepresentation> getSessions()
      Get sessions associated with the user
      Returns:

    • getOfflineSessions

      @Path("offline-sessions/{clientUuid}") @GET @Produces("application/json") public Stream<UserSessionRepresentation> getOfflineSessions(@PathParam("clientUuid") String clientUuid)
      Get offline sessions associated with the user and client
      Returns:

    • getFederatedIdentity

      @Path("federated-identity") @GET @Produces("application/json") public Stream<FederatedIdentityRepresentation> getFederatedIdentity()
      Get social logins associated with the user
      Returns:
      a non-null Stream of social logins (federated identities).

    • addFederatedIdentity

      @Path("federated-identity/{provider}") @POST public jakarta.ws.rs.core.Response addFederatedIdentity(@PathParam("provider") String provider, FederatedIdentityRepresentation rep)
      Add a social login provider to the user
      Parameters:
      provider - Social login provider id
      rep -
      Returns:

    • removeFederatedIdentity

      @Path("federated-identity/{provider}") @DELETE public void removeFederatedIdentity(@PathParam("provider") String provider)
      Remove a social login provider from user
      Parameters:
      provider - Social login provider id

    • getConsents

      @Path("consents") @GET @Produces("application/json") public Stream<Map<String,Object>> getConsents()
      Get consents granted by the user
      Returns:

    • revokeConsent

      @Path("consents/{client}") @DELETE public void revokeConsent(@PathParam("client") String clientId)
      Revoke consent and offline tokens for particular client from user
      Parameters:
      clientId - Client id

    • logout

      @Path("logout") @POST public void logout()
      Remove all user sessions associated with the user Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user.

    • deleteUser

      @DELETE public jakarta.ws.rs.core.Response deleteUser()
      Delete the user

    • getRoleMappings

      @Path("role-mappings") public RoleMapperResource getRoleMappings()

    • disableCredentialType

      @Path("disable-credential-types") @PUT @Consumes("application/json") public void disableCredentialType(List<String> credentialTypes)
      Disable all credentials for a user of a specific type
      Parameters:
      credentialTypes -

    • resetPassword

      @Path("reset-password") @PUT @Consumes("application/json") public void resetPassword(CredentialRepresentation cred)
      Set up a new password for the user.
      Parameters:
      cred - The representation must contain a rawPassword with the plain-text password

    • credentials

      @GET @Path("credentials") @Produces("application/json") public Stream<CredentialRepresentation> credentials()

    • getConfiguredUserStorageCredentialTypes

      @GET @Path("configured-user-storage-credential-types") @Produces("application/json") public Stream<String> getConfiguredUserStorageCredentialTypes()
      Return credential types, which are provided by the user storage where user is stored. Returned values can contain for example "password", "otp" etc. This will always return empty list for "local" users, which are not backed by any user storage
      Returns:

    • removeCredential

      @Path("credentials/{credentialId}") @DELETE public void removeCredential(@PathParam("credentialId") String credentialId)
      Remove a credential for a user

    • setCredentialUserLabel

      @PUT @Consumes("text/plain") @Path("credentials/{credentialId}/userLabel") public void setCredentialUserLabel(@PathParam("credentialId") String credentialId, String userLabel)
      Update a credential label for a user

    • moveCredentialToFirst

      @Path("credentials/{credentialId}/moveToFirst") @POST public void moveCredentialToFirst(@PathParam("credentialId") String credentialId)
      Move a credential to a first position in the credentials list of the user
      Parameters:
      credentialId - The credential to move

    • moveCredentialAfter

      @Path("credentials/{credentialId}/moveAfter/{newPreviousCredentialId}") @POST public void moveCredentialAfter(@PathParam("credentialId") String credentialId, @PathParam("newPreviousCredentialId") String newPreviousCredentialId)
      Move a credential to a position behind another credential
      Parameters:
      credentialId - The credential to move
      newPreviousCredentialId - The credential that will be the previous element in the list. If set to null, the moved credential will be the first element in the list.

    • resetPasswordEmail

      @Deprecated @Path("reset-password-email") @PUT @Consumes("application/json") public jakarta.ws.rs.core.Response resetPasswordEmail(@QueryParam("redirect_uri") String redirectUri, @QueryParam("client_id") String clientId)
      Deprecated.
      Send an email to the user with a link they can click to reset their password. The redirectUri and clientId parameters are optional. The default for the redirect is the account client. This endpoint has been deprecated. Please use the execute-actions-email passing a list with UPDATE_PASSWORD within it.
      Parameters:
      redirectUri - redirect uri
      clientId - client id
      Returns:

    • executeActionsEmail

      @Path("execute-actions-email") @PUT @Consumes("application/json") public jakarta.ws.rs.core.Response executeActionsEmail(@QueryParam("redirect_uri") String redirectUri, @QueryParam("client_id") String clientId, @QueryParam("lifespan") Integer lifespan, List<String> actions)
      Send an email to the user with a link they can click to execute particular actions. An email contains a link the user can click to perform a set of required actions. The redirectUri and clientId parameters are optional. If no redirect is given, then there will be no link back to click after actions have completed. Redirect uri must be a valid uri for the particular clientId.
      Parameters:
      redirectUri - Redirect uri
      clientId - Client id
      lifespan - Number of seconds after which the generated token expires
      actions - Required actions the user needs to complete
      Returns:

    • sendVerifyEmail

      @Path("send-verify-email") @PUT @Consumes("application/json") public jakarta.ws.rs.core.Response sendVerifyEmail(@QueryParam("redirect_uri") String redirectUri, @QueryParam("client_id") String clientId, @QueryParam("lifespan") Integer lifespan)
      Send an email-verification email to the user An email contains a link the user can click to verify their email address. The redirectUri and clientId parameters are optional. The default for the redirect is the account client.
      Parameters:
      redirectUri - Redirect uri
      clientId - Client id
      lifespan - Number of seconds after which the generated token expires
      Returns:

    • groupMembership

      @GET @Path("groups") @Produces("application/json") public Stream<GroupRepresentation> groupMembership(@QueryParam("search") String search, @QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResults, @QueryParam("briefRepresentation") @DefaultValue("true") boolean briefRepresentation)

    • getGroupMembershipCount

      @GET @Path("groups/count") @Produces("application/json") public Map<String,Long> getGroupMembershipCount(@QueryParam("search") String search)

    • removeMembership

      @DELETE @Path("groups/{groupId}") public void removeMembership(@PathParam("groupId") String groupId)

    • joinGroup

      @PUT @Path("groups/{groupId}") public void joinGroup(@PathParam("groupId") String groupId)

    • getUnmanagedAttributes

      @GET @Path("unmanagedAttributes") @Produces("application/json") public Map<String,List<String>> getUnmanagedAttributes()