I’m currently using Keycloack REST API to create realm, clients, etc.
However, I can’t find any reference about the route to manage the client’s Service Account Roles in the Keycloack REST API documentation.
Do you know if such thing is possible?
Or is only manageable at Keycloack backoffice?
Everything is available in the Admin REST API. If it doesn’t appear in the documentation (it is sometimes incomplete), the best thing to do is make the change in the Admin UI while the Network tab of the developer console is open, and then look at the requests that were made.
Just for the record, the route to manage Service Account Roles is
/auth/admin/realms/#realmName#/users/#service-account-client-user-id#/role-mappings/clients/#client-id#/composite
@xgp@iuri.figueiredo
I have found via the admin ui that service account roles are assigned via the following course of calls:
GET http://localhost:8090/admin/realms/[realm]/clients/[clientId]
GET http://localhost:8090/admin/realms/[realm]/clients/[clientId]/service-account-user
GET /admin/realms/[realm]/users/[service-account-client-user-id]/role-mappings
GET /admin/realms/[realm]/ui-ext/available-roles/users/service-account-client-user-id
GET /admin/realms/[realm]/users/service-account-client-user-id/role-mappings/realm/available
POST /admin/realms/[realm]/users/service-account-client-user-id/role-mappings/clients/cfd5ca0a-d670-4306-af6d-e490013aa78f
To which classes the above calls are mapped? In ClientRepresentation class there is no access to the users or service account user.
I use keycloak version 21.1.2
Thank you in advance.