Keycloak Rest Api Reset password via Postman

Question

I am trying to leverage the Keycloak Rest Api functionality to reset passwords for the users configured in Keycloak via Postman.

Steps performed:

1. I got the access token from http://127.0.0.1:8080/realms/:realmname/protocol/openid-connect/token for the user I want to change.
2. Then I am trying to use the same access token as Bearer Token and perform the PUT operation on http://127.0.0.1:8080/admin/realms/:realmName/users/:id/reset-password following the Keycloak Api Documentation.

Headers Body Response

User permissions

I keep on getting 403 Forbidden Error with no real reason, I even gave realm-management permission to the user but with no success. I've already gone through similar questions but have no expected resolution. I would appreciate any feedback or leads to resolve the issue. TIA

Answer 1

a user21 needs manage-users role (not manage-realm) for changing reset-password

Steps

#1 launching latest Keycloak

docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:21.0.1 start-dev

#2 Create my-realm

#3 Create user21

#4 Assign she has manage-users role

#5 Create user1

#6 Get user21 access token and set the Postman's global available

http://localhost:8080/realms/my-realm/protocol/openid-connect/token

var jsonData = JSON.parse(responseBody);
pm.globals.set("user21-token", jsonData.access_token);

#7 Get all of users for getting {user1-uuid}

http://localhost:8080/admin/realms/my-realm/users

#8 Change password for user1

With user21-token

In Input Body of PUT call.

{
    "temporary": false,
    "type": "password",
    "value": "12345"
}

Call reset-password API

You can confirm user21's role mapping API.

GET {Keycloak API}/admin/realms/{realm-name}/users/{user-uuid}/role-mappings