Update user profile through api without admin rights

A working example of an Auth Service that supports microservices authorization: piggymetrics

The Admin REST API

Authenticating

export ACCESS_TOKEN=$(curl -X POST 'http://localhost:10001/auth/realms/master/protocol/openid-connect/token' \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "username=admin" \
  -d 'password=secret' \
  -d 'grant_type=password' \
  -d 'client_id=admin-cli' | jq -r '.access_token')

Note: I set the admin-cli Access Type to confidential .

Basic Operations

GET /{realm}/users

curl -X GET 'http://localhost:10001/auth/admin/realms/development/users' \
  -H "Accept: application/json" \
  -H "Authorization: Bearer $ACCESS_TOKEN" | jq .

Output:

{
  "id": "35129fce-98de-47e6-85cc-cdb81b46c0d2",
  "createdTimestamp": 1578541188081,
  "username": "rob.ferguson",
  "enabled": true,
  "totp": false,
  "emailVerified": false,
  "firstName": "Rob",
  "lastName": "Ferguson",
  "email": "rob.ferguson@robferguson.org",
  "federationLink": "b02e5323-0ea4-442c-ba59-5e997d0c5f94",
  "attributes": {
    "LDAP_ENTRY_DN": [
      "uid=rob.ferguson,ou=users,dc=flowable,dc=org"
    ],
    "LDAP_ID": [
      "rob.ferguson"
    ],
    "modifyTimestamp": [
      "20200109033948Z"
    ],
    "createTimestamp": [
      "20200109033948Z"
    ]
  },
  "disableableCredentialTypes": [],
  "requiredActions": [],
  "notBefore": 0,
  "access": {
    "manageGroupMembership": true,
    "view": true,
    "mapRoles": true,
    "impersonate": true,
    "manage": true
  }
}

Ref: