Keycloak API get each role for a specific user

Question

I try to access every role for the user 7b244fd8-5e1a-43af-9572-91d50784fda7 and found this code (Keycloak User Roles missing in REST API):

GET /auth/admin/realms/{realm}/users/{user-uuid}/role-mappings/clients/{client-uuid}

This is why I try to make the following GET request (Bearer token correctly provided)

https://mywebsite.com/auth/admin/realms/master/users/7b244fd8-5e1a-43af-9572-91d50784fda7/role-mappings/clients/admin-cli

I get an {"error": "Client not found" } error.

I guess the "admin-cli" in my code is wrong, but this is the Client ID in the master realm. Is this the wrong id? How can I make the request to get all roles for a specific user working?

Answer 1

I get an {"error": "Client not found" } error.

I guess the "admin-cli" in my code is wrong, but this is the Client ID in the master realm. Is this the wrong id? How can I make the request to get all roles for a specific user working?

You should use the ID of the client and not the client ID, which you can find on the url:

or via Rest Admin API:

GET /auth/admin/realms/{realm}/clients?clientId=$CLIENT_ID

The /auth path was removed starting with Keycloak 17 Quarkus distribution, in that case the endpoint would be:

GET /admin/realms/{realm}/clients?clientId=$CLIENT_ID