Hi, i’m making heavy use of REST-API calls against our Keycloak. One is to assign local Keycloak-Groups to users, usually between 120 and 300 per user. Currently i do this one-by-one, but that is very inefficient and slow.
Is there a way to assign multiple groups in one call?
The docs for the Users resource list a PUT /{realm}/users/{id}
endpoint which takes a UserRepresentation which has a field groups
, that sounds like it should meet your needs.
Thanks, sounds promission. Do you know how to formulate the groups " array" ?
I know this endpoint for changing users attributes like name, enabled and such, but never dig into array fields. A direct field is given als JSON payload like this
{
"enabled": "true"
}
I tried to use it for groups
{
"groups": [
"<GROUP>"
]
}
but that doesn’t work. It gives a 204 but do not add any groups, regardless if i give a groupname for “” or a group-ID.
Others also complained about this here:
and here
So it is possible to CREATE a user with POST /{realm}/users
and adding the “groups” array and it will contain the groups given by names. But it seems not working when updating a user with “PUT”.
AFAIK the groups
attribute is ignored when creating users. It’s only filled when retrieving existing user data.
From the code perspective, it’s the same class/object. It’s badly implemented and worse documented. Unfortunately.
Sorry dasniko, but you are wrong, it is just the other way. When creating a user it will be used and the final user object contains the groups. When retrieving a user it is missing.
BTW: we are using Keycloak 15.1
Ok, then I just mixed it up.
But anyway, it’s implemented and documented poorly.
There’s no big change in the admin API in recent versions.
On the GitHub repository is a discussion somewhere about an admin API v2.
Can you point me to that discussion? I haven’t found it right now.