Admin REST API: How to get the roles of a user?

[Arun]

Hii all.

I have a realm called "Dev" which has a group called "A". There is a role called "a". The group "A" has the role "a" mapped to it.

Now, I create a user "alice" and add them to group "A".

The issue I'm facing is the right method to know if a user has a role. Using the KeycloakJS plugin, if I decode the JWT, I'm able to see the role "a". But from Admin side:

- GET /{realm}/users/{id}/role-mappings/realm doesn't show the role "a".

- GET /{realm}/users/{id}/role-mappings/realm/available shows the role "a" but not "default-roles-dev"

Only GET /{realm}/users/{id}/role-mappings/realm/composite shows the full list of roles as available in the JWT.

My question is, if I need a least hassle way to know if a user has a role (irrespective of its origin), can I just use GET /{realm}/users/{id}/role-mappings/realm/composite ?

Also: If I manually add "a" to the user, it is available in /realm but not in /realm/available.

I'm using Keycloak 19.0.1

Thanks for reading!