Search code examples
node.jspostmankeycloakkeycloak-rest-api

Add user to client role using Keycloak Rest API

I am trying to add a client level role to a specific user using the Keycloak rest API. I am trying this in Postman but keep getting 404 not found.

Here is the url-

https://{keycloak url}/auth/admin/realms/acme/users/b62dc517-0dd8-41ad-9d97-f385e507e279/role- mappings/clients/6b1f23b4-6bec-4873-a991-4b7e49e8b797

The "users" param in the url is the user id (b62dc517-0dd8-41ad-9d97-f385e507e279) in keycloak, and the last part of the url is the client id (6b1f23b4-6bec-4873-a991-4b7e49e8b797) in keycloak

The body of the POST-

{
"roles": [
            {

                "id": "5aee8f8c-421f-4ed4-93d1-2ddd44864f4f",
                "name": "admin",
                "composite": false,
                "clientRole": true,
                "containerId": "5f930328-98bc-40d0-9882-dd7f2482b6c2"
            }
]
}

For Postman, I set- Content-Type application/json Authorization Bearer {TOKEN}

Where have I gone wrong?

EDIT: Here are my Postman settings-

Here are my settings in postman- Headers-

Content-Length = <calculated when request is sent>
Host = <calculated when request is sent>
User-Agent = PostmanRuntime/7.26.10
Accept = */*
Accept Encoding = gzip, deflate, br
Connection = keep-alive
Content-Type = application/json

Authorization- Type = Bearer Token Token is successfully generated before each try manually

Body- raw radio button is selected with below as the raw data-

 {
   "roles": [
        {

            "id": "5aee8f8c-421f-4ed4-93d1-2ddd44864f4f",
            "name": "admin",
            "composite": false,
            "clientRole": true,
            "containerId": "6b1f23b4-6bec-4873-a991-4b7e49e8b797"
        }
 ]
 }

Method is POST

EDIT- The answer was in comments from dreamcrash. I had copied the client id from the Keycloak UI, which caused the 404. I noticed when I used postman to get the client id, it was different than what was on the UI. When I used the return value, all was well and it worked! The name and id of client, realm, etc for url params or body of a post documentation is confusing. The wrong id will cause a 404. Hope this helps someone as I spent hours on this one...

Solution

  • The problem is on the body try the following:

    [{"id":"5aee8f8c-421f-4ed4-93d1-2ddd44864f4f","name":"admin","composite":false,"clientRole":true,"containerId":"6b1f23b4-6bec-4873-a991-4b7e49e8b797"}]

    The id should be the role ID and the containerId should be the ID of the client.