Hi, on Keycloak - Version 17.0.1 I would like to set User required action using SQL statement.
I tried this:
insert into user_required_action (user_id, required_action) values (‘my-uuid’,‘my-custom-action’);
but it had no effect.
It works when I do it from the frontend, and I checked that the exact entry is in the user_required_action when I do it from frontend and when I do it with SQL but it only works from the frontend.
Is there some table that I’m missing?
It is fairly dangerous to use SQL to do this, as there is no guarantee that the database and the way things are stored won’t change in the future. Why not just use the admin API to add the required action?
Manipulating the database is the very last thing you want to do.
Keycloak caches a lot of data which is stored in the database, so editing data in the database directly leads to data inconsistency, as the data in the db is different from the data in the cache. Don’t do it!
If there’s really no other way than executing SQL statements, which is really, really NOT recommended, then do it only when all the available Keycloak nodes are stopped. Never execute the statements when any node is actively running!
I have to update required action on bunch of users, so I thought easiest would be from SQL, but it seems that was not a good idea.
Regarding the API, from what I see there’s no PATCH method on the users resource, so I would have to first fetch all the users ids, then do GET on the users resource and then PUT with added required action? Is this correct or there’s some other way to add required action to bunch of users?
When using the available Admin API, it’s a bit awkward, yes.
But you could implement a custom admin API endpoint resource to bulk edit users and setting a required action to them. For doing this one-time-only, it might be a bit overhead, but it’s AFAIK the only way around.