Bulk execute-actions-email and search/update users

I am using keycloak version 21.1.2 and i have a custom provider for accessing an existing database.

I would like to ask if there is any way to search/update bulk users or call the execute-actions-email in a bulk way.

Thank you in advance.

Kind regards

Currently, there’s no option for bulk user operations. When using the default admin API, you’d have to iterate over each user and send a separate request for each user.

Alternative could be to implement a custom endpoint and implementing the desired operations. But IMHO this is only worth the effort if you need this more often than once. :wink:

1 Like

Thank you very much for your answer.

I should support the existing implementation of the administration system, so bulk operations should be implemented.

As a reference, is this related for the custom endpoint https://www.youtube.com/watch?v=eZYGLuUrUp4?

Yes and no… :wink:

“Yes”:
Previously, there was only the extension point for the custom RealmResourceProvider. You can still use this.

“No”:
Since a few versions (don’t know exactly since which exactly), there’s also an admin-realm-restapi-extension SPI, which you can use to extend the admin api with custom endpoints.

The former mentioned RealmResourceProvider is for “regular” endpoints throughout the whole system, whereas with the latter approach is for extending the admin api only. IMHO for your use case, the admin API approach makes more sense.
Unfortunately I don’t an example for that already.

Ok, now I have an example for extending the admin API… :wink:

The approach is the same as the regular resource provider, but for admin components and you have the admin auth options at hand (so you don’t need to do the whole auth processing yourself).
The endpoint will then be available at /admin/realms/{realmname}/{your-provider-id}...

1 Like

Thank you so much @dasniko !

I am trying to create the admin component and i have access to it.
I have created a new project for the endpoints and i copy the jar to “/opt/keycloak/providers/”. I am getting 404 when i call HTTPGET /admin/realms/{realmname}/{your-provider-id}/users. Should i place the generated jar with endpoint to another folder?

Thank you in advance.

Have you created the service loader file under META-INF/services or used the @AutoService annotation (like I do in my code of the factory)?

I have created the service loader file under META-INF/services named as org.keycloak.services.resource.MyAdminRealmResourceProviderFactory and in there i have put the related path that the factory will be found.

I have also tried the @AutoService annotation and removing the service loader, but again i get 404.

The file under META-INF/services must be named org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory and the content is the full qualified classname of your factory class, e.g. dasniko.keycloak.resource.MyAdminRealmResourceProviderFactory

It worked! Thank you very much @dasniko !!!

1 Like

I am trying to access via code the corresponding class/code for the admin ui call PUT “admin/realms/{realm-name}/users/{id}/execute-actions-email” for sending the update password.

var user = session.users().getUserById(realm, id);
user.addRequiredAction(RequiredAction.UPDATE_PASSWORD) does not send an email, but only adds the required action to the user.

I have found this on how keycloak is sending an email → How Keycloak sends emails · GitHub.

How can i trigger to send an email for updating the password, while i know the user id?

For anyone may be interested, a good point of reference is https://github.com/keycloak/keycloak/blob/8f1234881de5353891f8220d732ec134f17f5030/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java#L871

Hi @dasniko . Does keycloak support long running background processes such as sending emails for multiple users? The iteration over the desired users will take a lot of time if the number of users is big

Thank you in advance!

Don’t know, yet I didn’t have to deal with long running processes in Keycloak.