Menu
I create token using http://localhost:8080/auth/realms/{realm_name}/protocol/openid-connect/token endpoint.
grant_type=client_credentials
client-id: ------------
client-secret: 78296d38-cc82-4010-a817-65c283484e51
Now I want to get users of realm. Then I send request to http://localhost:8080/auth/admin/realms/{realm_name}/users?username=demo endpoint with token.
But I got 403 forbidden response with "error": "unknown_error". How to solve it?
813
asked Sep 14 '25 05:09
The service account associated with your client needs to be allowed to view the realm users.
Go to http://localhost:8080/auth/admin/{realm_name}/console/#/realms/{realm_name}/clients
Select your client (which must be a confidential client)
In the settings tab, switch Service Account Enabled to ON
Click on save, the Service Account Roles tab will appear
In Client Roles, select realm_management
Scroll through available roles until you can select view_users
Click on Add selected
You should have something like this :
You client is now allowed to access users through the REST API.
138
to create(add) user
send POST request to:
http://localhost:8180/admin/realms/YOUR_REALM_NAME/users
with this body sample:
{
"firstName":"Amir",
"lastName":"Sharafkar", "email":"[email protected]", "enabled":"true",
"username":"sharafkar",
"credentials":[{
"type":"password",
"value":"1234",
"temporary":false
}]}
to get all users
send GET request to:
http://localhost:8180/admin/realms/YOUR_REALM_NAME/users
with "Authorization" key header with value: Bearer {YOUR_TOKEN}
to get individual user
send GET request to:
http://localhost:8180/admin/realms/YOUR_REALM_NAME/users/{id}
with "Authorization" key header with value: Bearer {YOUR_TOKEN}
DO NOT FORGET - Keycloak "version: 20.0.2"
assign role to your client with this steps:
26
answered Sep 15 '25 17:09
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With