UserResource (Keycloak Docs Distribution 14.0.0 API)

java.lang.Object
- org.keycloak.services.resources.admin.UserResource

```
public class UserResource
extends Object
```
Base resource for managing users

Version:

$Revision: 1 $

Author:

Bill Burke

Field Summary

Fields
Modifier and Type	Field and Description
`protected ClientConnection`	`clientConnection`
`protected javax.ws.rs.core.HttpHeaders`	`headers`
`protected RealmModel`	`realm`
`protected KeycloakSession`	`session`

Constructor Summary

Constructors
Constructor and Description

UserResource(RealmModel realm, UserModel user, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent)

Constructors
Constructor and Description
`UserResource(RealmModel realm, UserModel user, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent)`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`javax.ws.rs.core.Response`	`addFederatedIdentity(String provider, FederatedIdentityRepresentation rep)` Add a social login provider to the user
`Stream<CredentialRepresentation>`	`credentials()`
`javax.ws.rs.core.Response`	`deleteUser()` Delete the user
`void`	`disableCredentialType(List<String> credentialTypes)` Disable all credentials for a user of a specific type
`javax.ws.rs.core.Response`	`executeActionsEmail(String redirectUri, String clientId, Integer lifespan, List<String> actions)` Send a update account email to the user An email contains a link the user can click to perform a set of required actions.
`Stream<String>`	`getConfiguredUserStorageCredentialTypes()` Return credential types, which are provided by the user storage where user is stored.
`Stream<Map<String,Object>>`	`getConsents()` Get consents granted by the user
`Stream<FederatedIdentityRepresentation>`	`getFederatedIdentity()` Get social logins associated with the user
`Map<String,Long>`	`getGroupMembershipCount(String search)`
`Stream<UserSessionRepresentation>`	`getOfflineSessions(String clientUuid)` Get offline sessions associated with the user and client
`RoleMapperResource`	`getRoleMappings()`
`Stream<UserSessionRepresentation>`	`getSessions()` Get sessions associated with the user
`UserRepresentation`	`getUser()` Get representation of the user
`Stream<GroupRepresentation>`	`groupMembership(String search, Integer firstResult, Integer maxResults, boolean briefRepresentation)`
`Map<String,Object>`	`impersonate()` Impersonate the user
`void`	`joinGroup(String groupId)`
`void`	`logout()` Remove all user sessions associated with the user Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user.
`void`	`moveCredentialAfter(String credentialId, String newPreviousCredentialId)` Move a credential to a position behind another credential
`void`	`moveCredentialToFirst(String credentialId)` Move a credential to a first position in the credentials list of the user
`void`	`removeCredential(String credentialId)` Remove a credential for a user
`void`	`removeFederatedIdentity(String provider)` Remove a social login provider from user
`void`	`removeMembership(String groupId)`
`void`	`resetPassword(CredentialRepresentation cred)` Set up a new password for the user.
`javax.ws.rs.core.Response`	`resetPasswordEmail(String redirectUri, String clientId)` Deprecated.
`void`	`revokeConsent(String clientId)` Revoke consent and offline tokens for particular client from user
`javax.ws.rs.core.Response`	`sendVerifyEmail(String redirectUri, String clientId)` Send an email-verification email to the user An email contains a link the user can click to verify their email address.
`void`	`setCredentialUserLabel(String credentialId, String userLabel)` Update a credential label for a user
`javax.ws.rs.core.Response`	`updateUser(UserRepresentation rep)` Update the user
`static void`	`updateUserFromRep(UserProfile profile, UserModel user, UserRepresentation rep, KeycloakSession session, boolean isUpdateExistingUser)`
`static javax.ws.rs.core.Response`	`validateUserProfile(UserProfile profile, UserModel user, KeycloakSession session)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

realm
```
protected RealmModel realm
```

clientConnection

@Context
protected ClientConnection clientConnection

session

@Context
protected KeycloakSession session

headers

@Context
protected javax.ws.rs.core.HttpHeaders headers

Constructor Detail

UserResource

public UserResource(RealmModel realm,
                    UserModel user,
                    AdminPermissionEvaluator auth,
                    AdminEventBuilder adminEvent)

Method Detail

updateUser

@PUT
 @Consumes(value="application/json")
public javax.ws.rs.core.Response updateUser(UserRepresentation rep)

Update the user

Parameters:: rep -
Returns:

validateUserProfile

public static javax.ws.rs.core.Response validateUserProfile(UserProfile profile,
                                                            UserModel user,
                                                            KeycloakSession session)

updateUserFromRep

public static void updateUserFromRep(UserProfile profile,
                                     UserModel user,
                                     UserRepresentation rep,
                                     KeycloakSession session,
                                     boolean isUpdateExistingUser)

getUser

@GET
 @Produces(value="application/json")
public UserRepresentation getUser()

Get representation of the user

Returns:

impersonate

@Path(value="impersonation")
 @POST
 @Produces(value="application/json")
public Map<String,Object> impersonate()

Impersonate the user

Returns:

getSessions

@Path(value="sessions")
 @GET
 @Produces(value="application/json")
public Stream<UserSessionRepresentation> getSessions()

Get sessions associated with the user

Returns:

getOfflineSessions

@Path(value="offline-sessions/{clientUuid}")
 @GET
 @Produces(value="application/json")
public Stream<UserSessionRepresentation> getOfflineSessions(@PathParam(value="clientUuid")
                                                                                                                                                    String clientUuid)

Get offline sessions associated with the user and client

Returns:

getFederatedIdentity

@Path(value="federated-identity")
 @GET
 @Produces(value="application/json")
public Stream<FederatedIdentityRepresentation> getFederatedIdentity()

Get social logins associated with the user

Returns:: a non-null Stream of social logins (federated identities).

addFederatedIdentity

@Path(value="federated-identity/{provider}")
 @POST
public javax.ws.rs.core.Response addFederatedIdentity(@PathParam(value="provider")
                                                                                                          String provider,
                                                                                                          FederatedIdentityRepresentation rep)

Add a social login provider to the user

Parameters:: provider - Social login provider id; rep -
Returns:

removeFederatedIdentity

@Path(value="federated-identity/{provider}")
 @DELETE
public void removeFederatedIdentity(@PathParam(value="provider")
                                                                                          String provider)

Remove a social login provider from user

Parameters:: provider - Social login provider id

getConsents

@Path(value="consents")
 @GET
 @Produces(value="application/json")
public Stream<Map<String,Object>> getConsents()

Get consents granted by the user

Returns:

revokeConsent

@Path(value="consents/{client}")
 @DELETE
public void revokeConsent(@PathParam(value="client")
                                                                    String clientId)

Revoke consent and offline tokens for particular client from user

Parameters:: clientId - Client id

logout
```
@Path(value="logout")
 @POST
public void logout()
```
Remove all user sessions associated with the user Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user.

deleteUser

@DELETE
public javax.ws.rs.core.Response deleteUser()

Delete the user

getRoleMappings

@Path(value="role-mappings")
public RoleMapperResource getRoleMappings()

disableCredentialType

@Path(value="disable-credential-types")
 @PUT
 @Consumes(value="application/json")
public void disableCredentialType(List<String> credentialTypes)

Disable all credentials for a user of a specific type

Parameters:: credentialTypes -

resetPassword
```
@Path(value="reset-password")
 @PUT
 @Consumes(value="application/json")
public void resetPassword(CredentialRepresentation cred)
```
Set up a new password for the user.

Parameters:

cred - The representation must contain a rawPassword with the plain-text password

credentials

@GET
 @Path(value="credentials")
 @Produces(value="application/json")
public Stream<CredentialRepresentation> credentials()

getConfiguredUserStorageCredentialTypes
```
@GET
 @Path(value="configured-user-storage-credential-types")
 @Produces(value="application/json")
public Stream<String> getConfiguredUserStorageCredentialTypes()
```
Return credential types, which are provided by the user storage where user is stored. Returned values can contain for example "password", "otp" etc. This will always return empty list for "local" users, which are not backed by any user storage

Returns:

removeCredential

@Path(value="credentials/{credentialId}")
 @DELETE
public void removeCredential(@PathParam(value="credentialId")
                                                                                String credentialId)

Remove a credential for a user

setCredentialUserLabel

@PUT
 @Consumes(value="text/plain")
 @Path(value="credentials/{credentialId}/userLabel")
public void setCredentialUserLabel(@PathParam(value="credentialId")
                                                                                                                            String credentialId,
                                                                                                                            String userLabel)

Update a credential label for a user

moveCredentialToFirst

@Path(value="credentials/{credentialId}/moveToFirst")
 @POST
public void moveCredentialToFirst(@PathParam(value="credentialId")
                                                                                               String credentialId)

Move a credential to a first position in the credentials list of the user

Parameters:: credentialId - The credential to move

moveCredentialAfter

@Path(value="credentials/{credentialId}/moveAfter/{newPreviousCredentialId}")
 @POST
public void moveCredentialAfter(@PathParam(value="credentialId")
                                                                                                                     String credentialId,
                                                                                                                     @PathParam(value="newPreviousCredentialId")
                                                                                                                     String newPreviousCredentialId)

Move a credential to a position behind another credential

Parameters:: credentialId - The credential to move; newPreviousCredentialId - The credential that will be the previous element in the list. If set to null, the moved credential will be the first element in the list.

resetPasswordEmail

@Deprecated
 @Path(value="reset-password-email")
 @PUT
 @Consumes(value="application/json")
public javax.ws.rs.core.Response resetPasswordEmail(@QueryParam(value="redirect_uri")
                                                                                                                                                String redirectUri,
                                                                                                                                                @QueryParam(value="client_id")
                                                                                                                                                String clientId)

Deprecated.

Send an email to the user with a link they can click to reset their password. The redirectUri and clientId parameters are optional. The default for the redirect is the account client. This endpoint has been deprecated. Please use the execute-actions-email passing a list with UPDATE_PASSWORD within it.

Parameters:: redirectUri - redirect uri; clientId - client id
Returns:

executeActionsEmail

@Path(value="execute-actions-email")
 @PUT
 @Consumes(value="application/json")
public javax.ws.rs.core.Response executeActionsEmail(@QueryParam(value="redirect_uri")
                                                                                                                                     String redirectUri,
                                                                                                                                     @QueryParam(value="client_id")
                                                                                                                                     String clientId,
                                                                                                                                     @QueryParam(value="lifespan")
                                                                                                                                     Integer lifespan,
                                                                                                                                     List<String> actions)

Send a update account email to the user An email contains a link the user can click to perform a set of required actions. The redirectUri and clientId parameters are optional. If no redirect is given, then there will be no link back to click after actions have completed. Redirect uri must be a valid uri for the particular clientId.

Parameters:: redirectUri - Redirect uri; clientId - Client id; lifespan - Number of seconds after which the generated token expires; actions - required actions the user needs to complete
Returns:

sendVerifyEmail

@Path(value="send-verify-email")
 @PUT
 @Consumes(value="application/json")
public javax.ws.rs.core.Response sendVerifyEmail(@QueryParam(value="redirect_uri")
                                                                                                                             String redirectUri,
                                                                                                                             @QueryParam(value="client_id")
                                                                                                                             String clientId)

Send an email-verification email to the user An email contains a link the user can click to verify their email address. The redirectUri and clientId parameters are optional. The default for the redirect is the account client.

Parameters:: redirectUri - Redirect uri; clientId - Client id
Returns:

groupMembership

@GET
 @Path(value="groups")
 @Produces(value="application/json")
public Stream<GroupRepresentation> groupMembership(@QueryParam(value="search")
                                                                                                                    String search,
                                                                                                                    @QueryParam(value="first")
                                                                                                                    Integer firstResult,
                                                                                                                    @QueryParam(value="max")
                                                                                                                    Integer maxResults,
                                                                                                                    @QueryParam(value="briefRepresentation") @DefaultValue(value="true")
                                                                                                                    boolean briefRepresentation)

getGroupMembershipCount

@GET
 @Path(value="groups/count")
 @Produces(value="application/json")
public Map<String,Long> getGroupMembershipCount(@QueryParam(value="search")
                                                                                                                       String search)

removeMembership

@DELETE
 @Path(value="groups/{groupId}")
public void removeMembership(@PathParam(value="groupId")
                                                                      String groupId)

joinGroup

@PUT
 @Path(value="groups/{groupId}")
public void joinGroup(@PathParam(value="groupId")
                                                            String groupId)

Class UserResource