Is there the option of giving users permission to only update their own account via admin REST api?

MHormes · October 26, 2022, 12:17pm

Currently I am using keycloak 19.0.2. and am looking into the option of letting users update their account.

I have found out that the admin API has the option of updating user data and attributes (via PUT at: admin/{realm}/users/{id}).
To use this endpoint, the user needs the manage-account role from the realm-management client. This role however gives the user permission to manage all users in my realm.

What possibilities are there to only let a user update their own data and attributes via the admin API?

dasniko · October 26, 2022, 1:26pm

The Admin REST API is, as the name says, the ADMIN REST API, not for regular user usage.

What you want is the Account REST API, which is, unfortunately, not documented, but fully functional available. The in Keycloak included account-console (React app) uses this API. So, most easy and useful approach is to open the developer console in the browser, making requests/clicks in the account-console and watch/record/analyze the HTTP requests…

MHormes · October 26, 2022, 2:08pm

Thanks for the fast reply! Looked at the Account REST API and managed to find the POST request that updates a user. For anyone interested it is: {base_url}/realms/{realm}/account. You will need an access token for the user you are trying to update.

Request body in JSON:

{
  "username": "user",
  "firstName": "test",
  "lastName": "test",
  "emailVerified": false,
  "userProfileMetadata": {
    "attributes": [
      {
        "name": "test",
        "displayName": "${username}",
        "required": true,
        "readOnly": true,
        "validators": {}
      },
      {
        "name": "email",
        "displayName": "${email}",
        "required": true,
        "readOnly": false,
        "validators": {
          "email": {
            "ignore.empty.value": true
          }
        }
      },
      {
        "name": "firstName",
        "displayName": "${firstName}",
        "required": true,
        "readOnly": false,
        "validators": {}
      },
      {
        "name": "lastName",
        "displayName": "${lastName}",
        "required": true,
        "readOnly": false,
        "validators": {}
      }
    ]
  }
``'

Topic		Replies	Views
Update non admin user's profile using REST API Getting advice	12	3488	March 6, 2024
Updating a user via Rest API Getting advice	3	1400	May 4, 2022
Update user profile through api without admin rights Getting advice authentication , oidc	11	19257	October 21, 2021
Update users on keycloak returns 403 without realm-management roles Getting advice authentication , user-federation	0	547	September 17, 2021
Using Keycloak admin APIs without using master realm user details	4	504	January 13, 2022

Is there the option of giving users permission to only update their own account via admin REST api?

Related Topics