Class UserResource


public class UserResource extends Object
Base resource for managing users
$Revision: 1 $
Bill Burke
  • Field Details

    • realm

      protected final RealmModel realm
    • clientConnection

      protected final ClientConnection clientConnection
    • session

      protected final KeycloakSession session
    • headers

      protected final headers
  • Constructor Details

  • Method Details

    • updateUser

      @PUT @Consumes("application/json") public updateUser(UserRepresentation rep)
      Update the user
      rep -
    • validateUserProfile

      public static validateUserProfile(UserProfile profile, KeycloakSession session, AdminAuth adminAuth)
    • updateUserFromRep

      public static void updateUserFromRep(UserProfile profile, UserModel user, UserRepresentation rep, KeycloakSession session, boolean isUpdateExistingUser)
    • getUser

      @GET @Produces("application/json") public UserRepresentation getUser(@QueryParam("userProfileMetadata") boolean userProfileMetadata)
      Get representation of the user
    • impersonate

      @Path("impersonation") @POST @Produces("application/json") public Map<String,Object> impersonate()
      Impersonate the user
    • getSessions

      @Path("sessions") @GET @Produces("application/json") public Stream<UserSessionRepresentation> getSessions()
      Get sessions associated with the user
    • getOfflineSessions

      @Path("offline-sessions/{clientUuid}") @GET @Produces("application/json") public Stream<UserSessionRepresentation> getOfflineSessions(@PathParam("clientUuid") String clientUuid)
      Get offline sessions associated with the user and client
    • getFederatedIdentity

      @Path("federated-identity") @GET @Produces("application/json") public Stream<FederatedIdentityRepresentation> getFederatedIdentity()
      Get social logins associated with the user
      a non-null Stream of social logins (federated identities).
    • addFederatedIdentity

      @Path("federated-identity/{provider}") @POST public addFederatedIdentity(@PathParam("provider") String provider, FederatedIdentityRepresentation rep)
      Add a social login provider to the user
      provider - Social login provider id
      rep -
    • removeFederatedIdentity

      @Path("federated-identity/{provider}") @DELETE public void removeFederatedIdentity(@PathParam("provider") String provider)
      Remove a social login provider from user
      provider - Social login provider id
    • getConsents

      @Path("consents") @GET @Produces("application/json") public Stream<Map<String,Object>> getConsents()
      Get consents granted by the user
    • revokeConsent

      @Path("consents/{client}") @DELETE public void revokeConsent(@PathParam("client") String clientId)
      Revoke consent and offline tokens for particular client from user
      clientId - Client id
    • logout

      @Path("logout") @POST public void logout()
      Remove all user sessions associated with the user Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user.
    • deleteUser

      @DELETE public deleteUser()
      Delete the user
    • getRoleMappings

      @Path("role-mappings") public RoleMapperResource getRoleMappings()
    • disableCredentialType

      @Path("disable-credential-types") @PUT @Consumes("application/json") public void disableCredentialType(List<String> credentialTypes)
      Disable all credentials for a user of a specific type
      credentialTypes -
    • resetPassword

      @Path("reset-password") @PUT @Consumes("application/json") public void resetPassword(CredentialRepresentation cred)
      Set up a new password for the user.
      cred - The representation must contain a rawPassword with the plain-text password
    • credentials

      @GET @Path("credentials") @Produces("application/json") public Stream<CredentialRepresentation> credentials()
    • getConfiguredUserStorageCredentialTypes

      @GET @Path("configured-user-storage-credential-types") @Produces("application/json") public Stream<String> getConfiguredUserStorageCredentialTypes()
      Return credential types, which are provided by the user storage where user is stored. Returned values can contain for example "password", "otp" etc. This will always return empty list for "local" users, which are not backed by any user storage
    • removeCredential

      @Path("credentials/{credentialId}") @DELETE public void removeCredential(@PathParam("credentialId") String credentialId)
      Remove a credential for a user
    • setCredentialUserLabel

      @PUT @Consumes("text/plain") @Path("credentials/{credentialId}/userLabel") public void setCredentialUserLabel(@PathParam("credentialId") String credentialId, String userLabel)
      Update a credential label for a user
    • moveCredentialToFirst

      @Path("credentials/{credentialId}/moveToFirst") @POST public void moveCredentialToFirst(@PathParam("credentialId") String credentialId)
      Move a credential to a first position in the credentials list of the user
      credentialId - The credential to move
    • moveCredentialAfter

      @Path("credentials/{credentialId}/moveAfter/{newPreviousCredentialId}") @POST public void moveCredentialAfter(@PathParam("credentialId") String credentialId, @PathParam("newPreviousCredentialId") String newPreviousCredentialId)
      Move a credential to a position behind another credential
      credentialId - The credential to move
      newPreviousCredentialId - The credential that will be the previous element in the list. If set to null, the moved credential will be the first element in the list.
    • resetPasswordEmail

      @Deprecated @Path("reset-password-email") @PUT @Consumes("application/json") public resetPasswordEmail(@QueryParam("redirect_uri") String redirectUri, @QueryParam("client_id") String clientId)
      Send an email to the user with a link they can click to reset their password. The redirectUri and clientId parameters are optional. The default for the redirect is the account client. This endpoint has been deprecated. Please use the execute-actions-email passing a list with UPDATE_PASSWORD within it.
      redirectUri - redirect uri
      clientId - client id
    • executeActionsEmail

      @Path("execute-actions-email") @PUT @Consumes("application/json") public executeActionsEmail(@QueryParam("redirect_uri") String redirectUri, @QueryParam("client_id") String clientId, @QueryParam("lifespan") Integer lifespan, List<String> actions)
      Send an email to the user with a link they can click to execute particular actions. An email contains a link the user can click to perform a set of required actions. The redirectUri and clientId parameters are optional. If no redirect is given, then there will be no link back to click after actions have completed. Redirect uri must be a valid uri for the particular clientId.
      redirectUri - Redirect uri
      clientId - Client id
      lifespan - Number of seconds after which the generated token expires
      actions - Required actions the user needs to complete
    • sendVerifyEmail

      @Path("send-verify-email") @PUT @Consumes("application/json") public sendVerifyEmail(@QueryParam("redirect_uri") String redirectUri, @QueryParam("client_id") String clientId)
      Send an email-verification email to the user An email contains a link the user can click to verify their email address. The redirectUri and clientId parameters are optional. The default for the redirect is the account client.
      redirectUri - Redirect uri
      clientId - Client id
    • groupMembership

      @GET @Path("groups") @Produces("application/json") public Stream<GroupRepresentation> groupMembership(@QueryParam("search") String search, @QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResults, @QueryParam("briefRepresentation") @DefaultValue("true") boolean briefRepresentation)
    • getGroupMembershipCount

      @GET @Path("groups/count") @Produces("application/json") public Map<String,Long> getGroupMembershipCount(@QueryParam("search") String search)
    • removeMembership

      @DELETE @Path("groups/{groupId}") public void removeMembership(@PathParam("groupId") String groupId)
    • joinGroup

      @PUT @Path("groups/{groupId}") public void joinGroup(@PathParam("groupId") String groupId)