Upload an user to Keycloak using CURL

In this blog post I want briefly show, how I implemented the upload of an user to Keycloak with CURL in a bash script.

I came across a helpful blog post (Keycloak REST API: Create a New User), but this blog post didn’t contain the information: How to set the password for the user?

Here are the major two steps

Obtain the master realm admin access-token

First obtain the necessary admin access token from the master realm to be able to perform administration tasks in keycloak.

Upload the user based on a JSON file

Then I upload the user using a JSON file. The exact format for the JSON file I got by simply inspect and using the JSON format from an existing migration JSON export of a realm.

Bash script with CURL commands

The following bash script code contains the function I used within a bash script to upload an existing user from another realm into a newly created one.

Major step of the bash script:

  • Set the needed parameter for the authorization
  • Set the needed parameter for configuration of the import
  • Execute the CURL command to request the access-token
  • Execute the CURL command to upload the user
  • Verify upload
function createUserKeycloak() {
    echo "************************************"
    echo " Create Keycloak user"
    echo "************************************"
    # Set the needed parameter for the authorization
    USER=admin
    PASSWORD=admin
    GRANT_TYPE=password
    CLIENT_ID=admin-cli
    # Set the needed parameter for configuration of the import
    TENANT_B=tenantB
    USERDATA=cns-tenantB-user.json
    # Execute the CURL command to request the access-token
    access_token=$( curl -d "client_id=$CLIENT_ID" -d "username=$USER" -d "password=$PASSWORD" -d "grant_type=$GRANT_TYPE" "$KEYCLOAK_URL/auth/realms/master/protocol/openid-connect/token" | sed -n 's|.*"access_token":"\([^"]*\)".*|\1|p')
    echo "User : $USER/$PASSWORD" 
    echo "Access token : $access_token"
    # Execute the CURL command to upload the user
    result=$(curl -d @./$USERDATA -H "Content-Type: application/json" -H "Authorization: bearer $access_token" "$KEYCLOAK_URL/auth/admin/realms/$TENANT_B/users")
    # Verify upload
    if [ "$result" = "" ]; then
    echo "------------------------------------------------------------------------"
    echo "The user is created."
    echo "Open following link in your browser:"
    echo "$KEYCLOAK_URL/auth/admin/master/console/#/realms/$TENANT_A"
    echo "------------------------------------------------------------------------"
    else
    echo "------------------------------------------------------------------------"
    echo "It seems there is a problem with the user creation: $result"
    echo "------------------------------------------------------------------------"
    fi
}

The following code contains the format of the JSON for the user upload. With the credentials and did fulfil my needs.

But keep in mind, in future versions the Keycloak REST API will tell you the password upload in JSON will be deprecated.

{"firstName":"alice",
 "lastName":"alice", 
 "email":"alice@blog.com", 
 "enabled":"true", 
 "credentials": [ {
    "type" : "password",
    "hashedSaltedValue" : "A3okqV2T/ybXTVEgKfosoSjP8Yc9IZbFP/SY4cEd6hag7TABQrQ6nUSuwagGt96l8cw1DTijO75PqX6uiTXMzw==",
    "salt" : "sl4mXx6T9FypPH/s9TngfQ==",
    "hashIterations" : 27500,
    "counter" : 0,
    "algorithm" : "pbkdf2-sha256",
    "digits" : 0,
    "period" : 0,
    "createdDate" : 1554245879116,
    "config" : { }
  } ],
 "username":"alice"}

Maybe these two blog posts are also useful for you in that context:



I hope this was useful for you and let’s see what’s next?

Greetings,

Thomas

#keycloak, #CURL, #bashscript

2 thoughts on “Upload an user to Keycloak using CURL

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.