Rest API: Update just user attributes

phoenix-ua · April 26, 2022, 10:31am

Hi there,

We have a web application that allows configuring user accounts in Keycloak by using the Java admin client. The user accounts can be created internally or configured via LDAP user federation or SAML identity provider, heavily use Keycloak roles and group features and rely on usage of native Keycloak user fields and attributes.

A need appeared to store business data in user attributes. The only way to do this in Keycloak admin client is (e.g. add attribute to existing user):

org.keycloak.admin.client.Keycloak.realm({realm-name}).users().get({user-id}).update({user-representation});

The problem is that you cannot update just the attributes field, you have to provide the whole user-representation object, which you have to fetch from Keycloak first.

I was wondering if Keycloak API has some better suited method to update just user attributes?

It would be faster from the performance point of view (no need to update the whole user entity, just update the ‘properties’ field).
It would be also easier to support from the maintainability point of view, cause now we need to copy a lot of unrelated fields and have a risk of passing something wrong or even clean something that was not expected to be modified.

Thanks in advance,
Volodymyr

stevenceuppens · October 11, 2022, 6:19am

Same issue here…

Seems like Keycloak is missing PATCH functionality on its rest & account management api.

I wanted a to leverage user profile feature to store all direct user related data in Keycloak. But now I t is tricky at to do a full override of the profile in order to execute an update. As you easily end up in a race conflict.

Does anyone know if this problem is take care of in the roadmap?

dasniko · October 11, 2022, 6:43am

AFAIK there will be a complete new version of the Admin API one day, without touching the existing API. But there’s no ETA yet.
The existing API has its flaws, yes, unfortunately.

xgp · October 11, 2022, 7:00am

@dasniko Do you have any links to documentation or design specs on the “new” Admin API? I haven’t seen anything. I’ve got a lot of tooling that depends on the existing Admin API, so I’d like to get a head-start on porting if this is coming soon.

dasniko · October 11, 2022, 7:08am

Oh, I’ll have to do a deep search. Somewhere in the issues/discussions in the GitHub repository.
There’s no design yet, only discussions. Also, there will be no “soon”, I guess.

dasniko · October 11, 2022, 7:14am

This is the discussion topic about the v2 Admin API, not much yet:

xgp · October 11, 2022, 10:34am

Sounds like a far future thing. Whew!

After all the breaking changes with Quarkus and the “new” store, I could use a break.

Topic		Replies	Views
Update user attributes by external API Getting advice	0	414	May 12, 2022
Prevent User from editing user attributes in new account console Getting advice	0	660	January 21, 2021
Want to Update The User Details thorugh my app and also call an external service after update is triggered Extending the server	1	158	October 27, 2023
User attributes maps Getting advice	0	432	November 9, 2020
Adjust user account update processing Getting advice	2	537	March 5, 2021

Rest API: Update just user attributes

Related Topics