步骤1.获取访问令牌:
curl --location --request POST 'https://localhost/auth/realms/master/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-url## Heading ##encoded' \
--data-urlencode 'username=*******' \
--data-urlencode 'password=*******' \a
--data-urlencode 'grant_type=*******' \
--data-urlencode 'client_id=*******'
步骤2.创建用户并分配角色:
curl --location --request POST 'https://localhost/auth/admin/realms/MyRealm/users' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJKZFVORmNDU19rWjdvZ3ZFSkI4VXZpMTNRb2hKbnh2VW9oeVpieXg2Vld3In0.eyJqdGkiOiI4OGQ4Njk4NC04OGNjLTQzNzAtYWExMC00MTBkYWY5OGY0ODciLCJleHAiOjE1ODQ5NDA2MTYsIm5iZiI6MCwiaWF0IjoxNTg0OTQwNTU2LCJpc3MiOiJodHRwczovL2lkLmRldi1wcm90b24uaXRlcjIwMDQubGFiLmVoZWFsdGguZXhjaGFuZ2UvYXV0aC9yZWFsbXMvbWFzdGVyIiwic3ViIjoiYzI5YjQzMGItMWZlNC00NzJhLWFjYTMtMzgzYTkxNTNmM2RjIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWRtaW4tY2xpIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiNzMyOGUyMDItNzQyZC00ZTdkLTgwMWUtY2UyNGQ1NWUyZDZjIiwiYWNyIjoiMSIsInNjb3BlIjoiZW1haWwgcHJvZmlsZSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ifQ.brCZauRzLeoAHvxtgJy6PYwZhbInVfbLA6HF7YHmwuGzoDoexj97P1s03r2G5bzYUkL93sejEFT5AkPeoZ0gpzHY3IsG3UF7Q9Qvk3t5c08CcAqOn4czhYYV91fwwBWMgTv4sQh0D-_bSq0OtI5g9Ojo0sHzxleYEUW8UYdFsQ_JvpOnZEM87CzUhBqsDDnQ4kPslOaaG2q5PPY3ccNKHexE0UkxjtOeUoIn6tdf-0Yqwc55JCMzWOZmt3pFqWKfm3-VZX5lT0UTL9ktrrLfFTIMfZb-Lmyp2g3_s_juUpkbgPpBPHgh6IGS6XaOnxgseq1Vz4h6pZ_A0O60Z8R5-w' \
--data-raw '{
"username": "ayman",
"enabled": true,
"email": " [email protected]",
"firstName": "ayman",
"lastName": "ayman",
"emailVerified":true,
"credentials": [
{
"type": "password",
"value": "ayman"
}
],
"realmRoles": [
"test-role"
]
}'
步骤3.获取用户详细信息
curl --location --request GET 'https://localhost/auth/admin/realms/MyRealm/users/d3bbe900-c7b3-49c5-9414-28f9433d3fc1' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJKZFVORmNDU19rWjdvZ3ZFSkI4VXZpMTNRb2hKbnh2VW9oeVpieXg2Vld3In0.eyJqdGkiOiJkMjgzYzA2NS1hMmJjLTQwNDctOWQ0MC01NWI4Nzg5YmNkNGUiLCJleHAiOjE1ODQ5NTM2NDgsIm5iZiI6MCwiaWF0IjoxNTg0OTUzNTg4LCJpc3MiOiJodHRwczovL2lkLmRldi1wcm90b24uaXRlcjIwMDQubGFiLmVoZWFsdGguZXhjaGFuZ2UvYXV0aC9yZWFsbXMvbWFzdGVyIiwic3ViIjoiYzI5YjQzMGItMWZlNC00NzJhLWFjYTMtMzgzYTkxNTNmM2RjIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWRtaW4tY2xpIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiNjhmYmQ1YWQtMTkwMC00MzgyLThiMmYtYjhlYjExOTA4YmFhIiwiYWNyIjoiMSIsInNjb3BlIjoiZW1haWwgcHJvZmlsZSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ifQ.KmWR31pAR4Tl3Mad7awvqeK8np3x5qaPL1tYWAPLDdYaT4nLzpGblmPOBNzYIaEdhs9iwGEmES5_VzrI4C7xUVsY-Zq4jl8iPYP7IawzqgXyrTVuvAO_DLdgdVRKidTT6I-Eh1F87AV14-pOf0GXQ4wnQl5qGl5S6XUTJkegx8eGCg5Qp-zAdHOkxvPL3KRtpgwJx5QCvce-1-wW5Fckk3a-61vXA-o9jUDnJGWTYUyAssVD8zRUs-hhAms1PoR4nW1tCd_9J7xiWmr2hN0-pHY-u5PjNlrxCyOx-3pkRzworZ9e2i0ff0x2dcivpzyDfqe__sdsLVQsiiD1S7ViHw'
问题:
已成功创建用户,但未为其分配角色(realmRole)。经过更多研究后,我发现此行为是由于keycloak API中的错误(堆栈溢出问题)引起的。
有什么方法可以创建用户并为其分配领域角色?
更新:
根据一些答案,我们可以使用角色映射器API调用将角色映射到用户。有关这些操作的文档:https : //www.keycloak.org/docs-api/6.0/rest-api/index.html#_role_mapper_resource
POST /{realm}/groups/{id}/role-mappings/realm
上述网址中的组是什么?
此url:POST /{realm}/groups/{id}/role-mappings/realm用于将领域角色分配给一个组,其中{id}组ID为。
要将领域角色分配给用户,请使用:
# Get the role lists
GET /{realm}/roles
# Get the user lists
GET /{realm}/users
# Assign your role to user
POST /{realm}/users/{userId}/role-mappings/realm
body :[{id: roleId, name: roleName]
您的要求可能是:
curl --location --request POST 'https://localhost/auth/admin/realms/MyRealm/users/MyUserId/role-mappings/realm' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJKZFVORmNDU19rWjdvZ3ZFSkI4VXZpMTNRb2hKbnh2VW9oeVpieXg2Vld3In0.eyJqdGkiOiI4OGQ4Njk4NC04OGNjLTQzNzAtYWExMC00MTBkYWY5OGY0ODciLCJleHAiOjE1ODQ5NDA2MTYsIm5iZiI6MCwiaWF0IjoxNTg0OTQwNTU2LCJpc3MiOiJodHRwczovL2lkLmRldi1wcm90b24uaXRlcjIwMDQubGFiLmVoZWFsdGguZXhjaGFuZ2UvYXV0aC9yZWFsbXMvbWFzdGVyIiwic3ViIjoiYzI5YjQzMGItMWZlNC00NzJhLWFjYTMtMzgzYTkxNTNmM2RjIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWRtaW4tY2xpIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiNzMyOGUyMDItNzQyZC00ZTdkLTgwMWUtY2UyNGQ1NWUyZDZjIiwiYWNyIjoiMSIsInNjb3BlIjoiZW1haWwgcHJvZmlsZSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ifQ.brCZauRzLeoAHvxtgJy6PYwZhbInVfbLA6HF7YHmwuGzoDoexj97P1s03r2G5bzYUkL93sejEFT5AkPeoZ0gpzHY3IsG3UF7Q9Qvk3t5c08CcAqOn4czhYYV91fwwBWMgTv4sQh0D-_bSq0OtI5g9Ojo0sHzxleYEUW8UYdFsQ_JvpOnZEM87CzUhBqsDDnQ4kPslOaaG2q5PPY3ccNKHexE0UkxjtOeUoIn6tdf-0Yqwc55JCMzWOZmt3pFqWKfm3-VZX5lT0UTL9ktrrLfFTIMfZb-Lmyp2g3_s_juUpkbgPpBPHgh6IGS6XaOnxgseq1Vz4h6pZ_A0O60Z8R5-w' \
-d '[
{
"id": "12345678-1234-5678-1234-567812345678",
"name": "admin"
}
]'
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句