Get keycloak users based on their effective roles

Hi guys… I’m trying to get all users of my client that have some client role, no matter if it is assigned or effective.

I’ve tried this endpoint:
GET /{realm}/clients/{id}/roles/{role-name}/users
but it works just if the role is directly assigned to a user, not if it belongs as composite of a role assgned to that user…

Is there a way to do what I’m trying?

2 Likes

Hi, afraid this is a known limitation. There’s a PR for it here https://github.com/keycloak/keycloak/pull/6326, but we have some concerns around performance that needs to be investigated before we could merge it.

1 Like