"Service Account Role" section using the Keycloak Admin REST API
I want to assign a custom role (ca_boarding_administrator_role) in the "Service Account Role" section using the Keycloak Admin REST API.
My client (cq-boarding-client) has the access type "confidential".
My goal is to have it available in the access_token under the realm_access.roles claim.
This documentation describes how to accomplish this in using the web UI. In my case I am trying to automate using the Admin REST API: https://www.keycloak.org/docs/latest/server_admin/index.html#_service_accounts
By taking a closer look at the Keycloak Resource Models I realized that for each confidential Client also a User is created. By adding the desired role to the realmRoles attribute of the User does the trick.
In case anybody is interested, I included my nodejs script to automate it: service-account-role-mappings.js
For additional reference:
- How to use Keycloak for user self-registration
- Unable to authenticate the login of application user using Keycloak
- retrieve google refresh token in keycloak
- Keycloak as a Broker saml client
- How to authenticate in the Keycloak admin api?
- KeyCloak Java Service Account Create User
- client-credentials is unsupported_grant_type
- Keycloak: Client in non-master realm gets 403 Forbidden when using User Search API
- How can I get userId after call create user api in keycloak?
- Keycloak Admin REST-API Synchronize federation mapper
- Keycloak Token exchange Error - Client is not within the token audience
- Keycloak set password policy via Rest API
- How to create enabled users in Keycloak via API calls?
- Keycloak Admin password with external rds database
- How get the client of a composite in Keycloak API
- Keycloak User Action Mail URL Issue
- Keycloak: Could not find resource for full path
- How to add user attributes to registration form in Keycloak?
- How to enable admin user of master realm
- KeyCloak Admin Functionality in Python
- Keycloak: how do you disable TOTP from the admin REST API?
- How to list service account users in keycloak
- Which roles enable a user in a Keycloak Realm to use the Admin-REST-API?
- Keycloak Admin API: Unable to create a realm
- How to configure custom themes for keycloak on kubernetes
- Connecting to Keycloak client programmatically is not working
- Why would there be a need for more than 1 realm in Keycloak?
- Why I can not reach this keycloak rest api end point?
- Why the buildin claims not shown in JWT from the default client “admin-cli” in Keycloak?
- Keycloak PUT-request returns 401 (unauthorized)