Comments on: How to Set Up Keycloak Admin Client with Spring Boot and Kotlin?

By: Karo

Karo — Mon, 27 Nov 2023 19:18:53 +0000

Hi Piotr,

first of all thanks for the clear guide, very helpful.

I made it work on my end with the keycloak version 22.0.3. I noticed a strange issue, when I did bulk user creation (loop through 50 users and call single user creation one by one), the first ~10 is created successfully (including extracting the newly created ids), but then it throws this exception:
Caused by: jakarta.ws.rs.WebApplicationException: Create method returned status Bad Request (Code: 400); expected status: Created (201)
. This is thrown when I try to extract the newly created user id from the header (after ~10 successfully created user and extracted ids) .

Do you maybe know why this issue appears?

Best,
Karo

By: Piotr

Piotr — Mon, 05 Sep 2022 05:23:35 +0000

In reply to Alex.

Hi man!
I haven’t verified this approach, but looks that the API exposes an endpoint, which you might be interested in:
PUT /{realm}/users/{id}/reset-password (link to the docs: https://www.keycloak.org/docs-api/15.0/rest-api/)
The example flow would look, as follow:
On your side:
1. Create table, for example “reset_tokens” with “token”, “email”, “expires_at” columns.
2. Expose new the endpoint, which user will be using to trigger the flow (he will have to send e-mail in the request body)
3. When user hits this endpoint, you should generate a new entry in the table. Check if the email exists in the system. If yest, then for the “token”, generate some random value and send this to the email provided by the user. (in real-life, this is done by creating a link with this token appended in the end so that the front-end automatically capture that and send to the server)
4. Create second endpoint. This will take two values in the request body: token and new password as text. When user hits this endpoint, then you check the table by the given token value (and also expires_at < now() ). If such a value is found, then you query the Keycloak endpoint.

By: Alex

Alex — Mon, 05 Sep 2022 00:46:52 +0000

Hi Piotr, thank you very much for this tutorial! I need to allow users to change their passwords and emails directly from my application(SpringBoot) . Is this possible with keycloak-admin-client and if yes, could you please show how? Thanks in advance, Alex

By: Piotr

Piotr — Tue, 29 Mar 2022 04:38:04 +0000

In reply to channing. Hi Pedro Could you please upload the code to GitHub? This way I will be able to help

By: Pedro

Pedro — Mon, 28 Mar 2022 16:07:54 +0000

In reply to channing.

For me it’s the same. I update my user but nothing changes on my keycloak server. However, if I send a second update request, the user appears as updated as my first request. I have tried several pieces of code, but nothing works. I’m using the version 17.0.1 for spring boot.

@Override
public void updateUser(User user) {
UsersResource instance = getInstance().realm(realm).users();
UserResource userResource = instance.get(user.getSecurityProviderId());
UserRepresentation userRepresentation = userResource.toRepresentation();

userRepresentation.setFirstName(user.getName());
userRepresentation.setLastName(user.getSurname());
userRepresentation.setEmail(user.getEmail());

userResource.update(userRepresentation);
}

By: Piotr

Piotr — Mon, 28 Mar 2022 05:11:29 +0000

In reply to channing.

OK, hello once again 🙂
I’ve just set up Keycloak from scratch:
1. Cloned the repository
2. Set Up config (step 2 + creating a realm called example from the link I’ve provided)
3. Update application.yaml and put credentials.secret with appropriate value
4. Added a bit modified code (I used Kotlin)
And this seems to be working fine, because when I update and then get user details by ID I receive:
“attributes”: {
“WECOM_USER_ID”: [
“myTestId”
]
}
I’ve uploaded my example as this commit: https://github.com/codersee-blog/kotlin-spring-boot-keycloak-admin/commit/9c4d593652b39de3c2482f5d1707928be14e1903

Let me know if this is still the issue

By: Piotr

Piotr — Mon, 28 Mar 2022 04:57:16 +0000

In reply to Piyush.

Hello! 🙂
I’m afraid that it might be a small mistake in your configuration (sometimes happens, even though we try to do everything letter by letter). I’ve just cloned the repository and set it up and both role and user was created successfully. (please remember about creating realm called example- chapter 2). It’s really hard to help what might be the cause without seeing the code
When it comes to creating the continuation with groups and policy/permissions- I don’t want to promise anything, because I got plenty of ongoing work that needs to be finished (and also I’ve used a Keycloak over the year ago last time).
Nevertheless, policy should (not sure) work out of the box with ‘hasPermission’ (similarly, like I do in the second tutorial with securing endpoints by ‘hasRole’)

By: Piotr

Piotr — Fri, 25 Mar 2022 05:44:09 +0000

In reply to channing. Hello! Let me get back to you with the answer during the weekend :)

By: channing

channing — Thu, 24 Mar 2022 05:50:12 +0000

In reply to Piyush. I have encountered the error also, and I don't how to solve it

By: channing

channing — Thu, 24 Mar 2022 05:49:05 +0000

HI Piotr,
Thanks for you article, it helps a lot. Here I have encounter a problem, I read users from keycloak successfully, but I can not update user’s atrributes succesfully. Following is my java code :
@Override
public void updateWecomUserId(String id, String wecomUserId) {
UserResource userResource = keycloak.realm(realm).users().get(id);
UserRepresentation userPresentation = userResource.toRepresentation();
Predicate> prdc = p -> p == null;
if (prdc.test(userPresentation.getAttributes())) {
userPresentation.setAttributes(new HashMap());
}
userPresentation.setLastName(“===test===”);
userPresentation.getAttributes().put(WECOM_USER_ID,
Collections.singletonList(wecomUserId));
// for the update , it throws exception:javax.ws.rs.BadRequestException: HTTP 400 Bad Request
userResource.update(userPresentation);

}
Do you know what mistake I have made ? Thanks a lot.