Setup user registration with Keycloak API through Postman

Hi everyone,

Keycloak first timer here. I wanted to test Keycloak with Postman so that I understand all the things I need to do and setup before starting to use it. I am aiming to having a Keycloak being used via it’s API. So I would like to be able to have my FrontendApp to have a user registration form and then I will make an API call to Keycloak to register that user, with maybe email verification.

Then, this user can login with username/password, where frontend obtains a session token. From then on, all access to BackendApp API is done with this session token, that then in the backend I use to verify against Keycloak API that token is valid and to obtain user info.

Anyway, I believe this is all known and I am just repeating it to be sure I don’t miss out a detail.

1. I have created myRealm and I created two clients, postman-FE and postman-BE.
2. Both clients have client authentication ON
3. Both clients have client_secret and Client Authenticator option is Client Id and Secret.

I then try to call the Register new user endpoint but I get error 401 UNAUTHORIZED.

request:POST http://localhost:8080/admin/realms/myRealm/users
body: {
“firstName”: “fName”,
“lastName”: “lName”,
“username”: “fnln”,
“email":"some_email@domain.com”,
“emailVerified”: true,
“enabled”: true,
“attributes”: {},
“groups”:
}

For this request I have entered client_id and client_secret into Postman when I choose Basic auth in the Authentication tab.

Then I think I need to authenticate a client, so my Postman requests. I am guessing I should do this with the following two endpoints:
{{url}}/realms/{{realm}}/protocol/openid-connect/auth
{{url}}/realms/{{realm}}/protocol/openid-connect/token

names in {{ }} are variables set in Postman if you never used it.

I am not sure how to access these endpoint and actually authenticate. What should be the params, as whatever I provide doesn’t work. I tried using basic auth in Authorization tab in Postman. I tried using header params with client_id and client_secret but no success.

I am out of ideas. Thanks for any pointers!

{{url}}/realms/{{realm}}/protocol/openid-connect/token
You must use account admin to get access token, after use it to create new user.
On header you use Bearer Token.

What do you mean that I need to use account admin? I tried with all user combinations.

That’s not the way keycloak is supposed to be used. Credential management, registration, etc. should be handled through keycloaks built-in flows, not via a MITM attack.

Ok, could you please point me to the right flow documentation for user registration via API, if that’s possible? If not I think I saw it’s possible to build a template for user login/registration? within Keycloak.

Yes you can customize the themes. Server Developer Guide gives a short introduction. The registration template is pat of the login theme. Depending on your timeline it might make sense to directly look into the v2 theme, which is currently in preview.

Adapting the login theme will allow you to customize everything login, registration etc. For self-service you’ll have to look into the account theme.