External web page for creating and managing users into keycloak server

[P Terziev]

I want to create a web based React page with Java BE which will be used to make a limited users into Keycloak server using Keycloak REST API. I will create users and enable, disable users. When user status for example is changed direct API call will be made to apply the change into Keycloak.
But I have the following problem: In some cases I might need to manually change into Keycloak admin panel user status or important setting. This means that React app will have outdated database.
Is there some solution to this problem?

[Tony Harris]

Use the keycloak API's to interact directly with Keycloak instead of a separate user database.

We create a confidential client in the realm we want to manage, turn on the service account and add the appropriate realm-management client roles to this service account.

Obtain a token using the client-credentials grant for using this client and then call the keycloak APIs using this access token to manage these users.

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/497e503b-46d3-47ce-bda9-4a762fa1b74en%40googlegroups.com.

[P Terziev]

I was also thinking about this but how can you get users by pages in that case?

[Tony Harris]

The users API endpoint in Keycloak  GET /{realm}/users has a query parameter of first which is defined as 

first optional

Pagination offset

integer(int32)

and max, which says how man results, combined they give pages of results.

max optional

Maximum results size (defaults to 100)

integer(int32)

You also have GET /{realm}/users/count that returns the number of users matching the search criteria that allows you to work out how many pages of results to display

[P Terziev]

Thanks for sharing. I found something interesting:

https://github.com/p2-inc/keycloak-events

What if I use KeyCloak webhooks in this case and also Keycloak Rest API? I can subscribe to the webhook events in BackEnd, and whenever user data changes in KeyCloak admin panel, this webhook event will be fired and I can update the database.

[Geoffrey Cleaves]

Why insist on maintaining a separate database? 

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/CALiZ_he7iE93dqifNBbk9nX6hUnNfyBdkVF1jHYxH2AGdbGmxg%40mail.gmail.com.

[P Terziev]

I think it will be easy for future migration if I decide to migrate to OKTA for example. Can you share your pros and cons, please?

[Ethin Probst]

You don’t need an external database. That’s waisted infrastructure. That’s Keycloaks job. If you want to switch to Okta or something else in the future, migrate all your users – an external DB won’t make that any easier, particularly if you follow proper security practices as you should be doing. Your external web page – if you do really want to create one – should be a proxy to Keycloak and that’s it. It should rely on Keycloak for user management.

 

Sent from Mail for Windows

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/CALiZ_hdSCoKMeMHk0p%2BANVfH6%3DZEuu-w-ovH-2V_G_Vv%3D6z6ug%40mail.gmail.com.