Keycloak - Creating Users - Administration REST API

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
is praise the lord welcome to another kick lock tutorial today we're going to learn about creating a user using the rest api the administration rest api so the documentation is found on the if you come to the kick clock site and under docs administration rest api yeah so yes so we're going to use one of these endpoints to create a user that can be that can authenticate using keyclock for your application so without further um i have ado local installation of kick lock that i'll get to shortly uh you need to log into the administration console because we need to use either there are two ways to authenticate in order for you to get um to get a token that you use to call the administration rest and rest api endpoints you can either use the administrator username and password using the password grant or you can use the client credentials grant and the latter is preferable where you just generate a client secret and you use that to authenticate and get a token that you use to call the api endpoints so we will look at the latter so you need to ask you need to log into the administration console using your admin credentials on the ui um i have two rooms here i have the inside cream and the master room you have to not pay attention to this you have to use the master ram in order for you to to get the right the right privileges and the right client secret that will be used later on if you use the use another room you won't be able to access the administration rest appear endpoint endpoints so i select if you're if you have more than one ram select the master ram then then under your under clients in the master room you have a number of clients and one of them is the admin cli open auth to client click on that client we want to give that client some abilities for us to be able to generate a client secret um i've already enabled services account but usually by default it's not enabled so in your installation it won't be enabled if you've never enabled it before so enable it from off to on toggle the switch to on and then the other thing that you have to do okay before you do this you have to change the access type from public to confidential by default it's public so change it to confidential after to be like this public and you won't be able to see the services account so you have to change it to confidential then you're able to see these other options then enable the services account after enabling the services account up here we have a number of tabs one of the tabs that will be visible once you've enabled the services accounts and it will be the acquisitions tab before you do that it's not visible you can't see the accreditations tab so click on the credentials tab uh we have our client secret here already generated for us if you want to regenerate it you can click on regenerate so this is the character string that you're interested in that we'll be using later on as i will show you so get this string here copy it somewhere then the other thing that you have to do after doing these configurations come to service account roles the last tab service are controls and then under client roles look for the client rem so when you're in the master room your other rooms will be seen as client reams or client they'll be seen on the raw and other clients so uh mine my other ram is called i use attack uh key clock appends the rim there so select that ram under which you want to create the users before before enabling the roles that i'm going to enable now this is how it looks but before you you you can you're able to create a client you have to have certain permissions or roles and one of them is the manage users so you have to add this role to the to your ram you have to add the manage users role and i added the other roles like query users i needed querying users and then the other one was view users yeah so just adding any number of rows according to your needs there are a couple of them here but these for me were enough yes so i think we are done with the the settings and the configurations that we need and this is enough we don't need to do anything inside the inside your other room where you want the users so we'll now just jump over to our testing grounds and we are using postman to do our tests so um before you create a user like i said earlier you need a token yes you need a token how do i clear these okay sorry about that aren't it too clear let me go back to my home i did clear the console but it's opening up other stuff so let's quickly jump back to where i were so um we need to generate a token a token before we can call the api to create users so that's what's happening in this first request so this request goes to this url this endpoint of course up to here or up to here depending on which key clock installation the latter key clock installations by default don't have the off the auth context i'm using the latest kick lock version but i enabled this you can never enable this within the configs of key clock but that's not for today so uh but this is the rest of the of the url that we'll be calling it's under rams master this has to be mastered the master ram protocol open id connect i'm using open id connect not summer then token and then of course the rest of this will be your domain or ip whatever it is so yeah take note of that then um it's uh it's url encoded because we need to encode within the url certain key value pairs so what you need is the client id and for client id the value is admin cli client id admin cli then for the client secret is the secret that we copied earlier if you remember uh the secret that we copied from let's run the very fast under credentials this one here so this is the secret you put here and then the grant type is client credentials just the way it is so as all this is okay then you should have no problem generating a token yes what token is generated for us here so you can now use this token to call any of the rest endpoints the rest api endpoints so for today we are creating a user this is the payload for the user you can look it up they are not they have they are other you know other attributes and uh within the payload that you can add but for our purpose just kept it simple so we are creating the user and the credentials at the same time you could just create decide to create just a user without all this and then uh update the user with the credentials but i wanted to do this in one go so that's why i have my credentials here the credentials have to be the password has to be in a plain text so that's why it's very important that you're behind you're using https because the password is going in plain text so once your payload is in there and looks okay the other part is you adding your bearer token so i selected vera token and i added my token here you can copy the token then come to authorization the token that you created in the first step count to authorization and just add it there and you're done you send your request okay let's do that this is our body ttttttt looks good just a second let's generate the token again authorization i use exits with the same username let's just change this username to let's add something like that ah some email uh okay let's change that as well yes so once your user is created you'll have a 201 as the returned response or status meaning everything was successful so earlier on under authorization you saw something like this this is because i was i didn't have to copy my token manual to come and paste it here i had a simple script under tests this simple script that sets up the environmental variable in postman called refresh token so when i run when i run this generates for me that token and also inserts it within an environmental variable called refresh token which i'm able to access here so that's why you are seeing this like this here so um that's a pretty much it that's how you create a user with key clock thank you for listening to me and god bless you
Info
Channel: Arthur D. Mugume
Views: 28,414
Rating: undefined out of 5
Keywords:
Id: kIXs5k4gyuM
Channel Id: undefined
Length: 12min 9sec (729 seconds)
Published: Wed Mar 16 2022
Related Videos
Authentication in Spring boot application with Keycloak as OAuth2 provider (Part 1)
CodeTech
13K
Bilding an effective identity and access management architecture with Keycloak
Devoxx
51K
Keycloak Admin REST API | Create Users | Add Roles
Web Tech Stack
7.2K
Keycloak - Access Tokens (RPT, PAT, OTHERS) - With Usage Example
Arthur D. Mugume
7.7K
Comedian Colin Jost delivers remarks at White House Correspondents’ Dinner
ABC News
1.2M
Nvidia CEO Jensen Huang and the $2 trillion company powering today's AI | 60 Minutes
60 Minutes
530K
Create A Python API in 12 Minutes
Tech With Tim
510K
Keycloak intro part 1 - Quick run through creating Realms, clients and more
Arthur D. Mugume
12K
Keyclock SSO With Python Flask OIDC_Keyclock Integration
IOT Station
1.8K
Big Tech AI Is A Lie
Tina Huang
47K
Watch Colin Jost roast Biden, Trump and others at White House Correspondents’ Dinner
CNN
2M
Keycloak 19 - How To Secure Distributed Systems Using Oauth2 OIDC JWT
Professeur Mohamed YOUSSFI
6K
Keycloak - A gentle introduction to Keycloak using Vite+React, NodeJS
DeKay
35K
Keycloak Is AWESOME! Single Sign On Made Easy!
Jim's Garage
55K
Keycloak REST API with Postman
hexaDefence
43K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.