Is there any login REST-API for created users in keycloak?
I used API
{{root}}/realms/{{realm}}/protocol/openid-connect/token
but it gives only access token but I need full information of the user.
I think what you are looking for is user info API which provides information of currently logged in user:
Try this: (by passing the token obtained from url you mentioned : {{root}}/realms/{{realm}}/protocol/openid-connect/token)
GET "{root}/auth/realms/yourRealmName/protocol/openid-connect/userinfo"
A sample response from my setup:
{
"sub": "d32be694-f438-44a5-95f2-7434ff37ca1e",
"email_verified": false,
"roles": [
"Administrator"
],
"groups": [
"Administrator"
],
"preferred_username": "administrator"
}
Related
I have a problem with creating another user by Admin API. I don't have an organization_id property in /userinfo response. I need it to create new users via my app. There I also use recommended scopes.
This response I have after call /userinfo
{
"sub": "xxx",
"name": "Some Name",
"given_name": "Name",
"family_name": "Name",
"created": "2022-02-02T16:38:29.457",
"email": "some.email#gmail.com",
"accounts": [
{
"account_id": "xxx",
"is_default": true,
"account_name": "Name",
"base_uri": "https://demo.docusign.net"
}
]
}
Also when I used Quickstart App I faced the same problem. I can't create users via this app. Because an organization_id property is missed.
Quickstart App error
Thanks.
#docusignapi
To use the Admin API you have to have an organization for your account.
Once you create an organization - you will have an organizationId which is used for this API call.
How to create an organization for your DocuSign account.
I have to implement signIn by google account.
I want to some suggestions.
I created project in google console. Added scope user info.profile
I'm following course instruction on internet, but I still cannot get userinfo ( email, name, age ... ).
Step:
Get code in url redirect_uri by client_id
Get token https://accounts.google.com/o/oauth2/token by code, client_id, client_secret ...
Try call to https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=accessToken to get info but only object
{
"azp": "155122683461-51hq2n932svo4ajbt98ic0q67m4tuj5o.apps.googleusercontent.com",
"aud": "155122683461-51hq2n932svo4ajbt98ic0q67m4tuj5o.apps.googleusercontent.com",
"sub": "108865940357700877124",
"scope": "https://www.googleapis.com/auth/userinfo.profile",
"exp": "1554094721",
"expires_in": "3326",
"access_type": "offline"
}
Can you guys give me an example :(
Thanks
people api
The infomration you are looking for can be found on people.get
GET https://people.googleapis.com/v1/{resourceName=people/*}
tip send Field mask with no space - person.emailAddresses,person.birthdays It reads form person info so the user will have had to fill in this information
However you will need to add the scopes to get the information you want
https://www.googleapis.com/auth/profile.emails.read
https://www.googleapis.com/auth/user.birthday.read
You can test it here Google Apis explorer
A node.js quick start for google people api can be found here
userinfo endpoint
The userinfo endpoint can also be used but it does not return the information you are looking for
You need to request the email scope to have seen email in the below response the user must grant you permission to see their email the following is standard response for profile scope only.
GET /oauth2/v2/userinfo HTTP/1.1
Host: www.googleapis.com
Content-length: 0
Authorization: Bearer ya29.GlveBiwp4-NTPLU9VN3rn1enty11KOdQHGcyfZd1xJ1Ee9eGS2Pw2nJ7KDUBQPa-uT-AoKDQdoVigU6bruVIB1a3fiBu1n
response
{
"picture": "https://lh5.googleusercontent.com/-a1CWlFnA5xE/AAAAAAAAAAI/AAAAAAAAl1I/UcwPajZOuN4/photo.jpg",
"name": "Linda Lawton",
"family_name": "Lawton",
"locale": "en",
"gender": "female",
"link": "https://plus.google.com/+LindaLawton",
"given_name": "Linda",
"id": "117200475532672775346"
}
scopes
You should consult the node tutorial for how to work with scopes. Remember you will need to request access of the user again if you change the scope in your code.
const SCOPES = ['profile', 'email'];
I'm setting up a document esigning process using Docusign. Since we have multiple associations, We have setup multiple accounts (around 20 APIAccountID under one organization (or you can say as one INTEGRATOR_KEY_ID)) one for each association. Can someone please let me know on how do we switch to different APIAccountID based on the request we get. Also, is it the right way to create a new DocuSignConnection every time when we get the request for different association ?
Your integration should use just one INTEGRATOR_KEY for the entire integration. When using one of the DocuSign OAuth flows such as JWT as you mention.
After the user grants access by providing their credentials and clicking Accept an access token will be sent back to your app (at the redirect URI you specify on your integrator key).
You then use that access token to call the User Info API which will return account ID for that given user.
User Info API
Request:
Authorization: Bearer eyJ0eX...MrhIddzBAQ
GET https://account-d.docusign.com/oauth/userinfo
Response:
{
"sub": "4799e5e9-1559-4915-9862-cf4713bbcacc",
"name": "Susan Smart",
"given_name": "Susan",
"family_name": "Smart",
"created": "2015-08-13T22:03:03.45",
"email": "susan.smart#example.com",
"accounts": [
{
"account_id": "a4ec37d6-04aa-4f37-86c2-143885c220e1",
"is_default": true,
"account_name": "Susan Smart",
"base_uri": "https://domain.example.com",
"organization": {
"organization_id": "9c5fb8e1-b0bf-4970-8e0e-054ff8a249bf",
"links": [
{
"rel": "self",
"href": "https://account.domain.example.com/organizations/9c5fb8e1-b0bf-4970-8e0e-054ff8a249bf"
}
]
}
}
]
}
You have one application which sends signing requests on behalf of multiple associations (organizations)?
As Ergin says, your application will have one integration key which will be used for all associations.
When a human logs into you app using OAuth Auth Code Grant, your app receives an access token. You can use that access token to look up the user's account and site (API URL).
Your application can make sending requests for any number of people and their associations. Each API request includes the user's individual access token, their account_id, and uses the site data to create the URL.
HTH.
I have a backend API written in nodejs(authorization with oAuth2) using azure-passport-ad, my frontend angular 5(openId connect), and I`m using Azure AD for authentication, the thing is that our users will have two roles
"student", "admin", how can I make that difference of roles, does the token retrieved by the idP gives me a field with the kind of roles that users has?
You can define the roles in Azure AD as shown here: https://joonasw.net/view/defining-permissions-and-roles-in-aad.
To define roles in an app, you will have to modify its manifest in AAD to something like this (other properties removed for brevity):
{
"appRoles": [
{
"allowedMemberTypes": [
"User"
],
"displayName": "Administrator",
"id": "179c1dc0-4801-46f3-bc0d-35f059da1415",
"isEnabled": true,
"description": "Administrators can access advanced features.",
"value": "admin"
}
]
}
Then you can assign users to these roles via the Users and groups tab for the Enterprise application/service principal's blade.
The ID tokens sent to your app will then contain the role(s) like so:
{
"family_name": "User",
"given_name": "Test",
"name": "Test User",
"roles": [
"admin"
]
}
You can check that claim after the token has been validated by Passport.
I'm using OAuth2 with OpenAM 13. I need my client application to be able to retrieve user information by means the OpenAM "User Information" endpoint.
However, I need to add / enhance the information provided to provide custom information in the user profile.
I was not able to see how to do this with the "User Information" endpoint.
However, with the "Token Information" endpoint it is very easy to add information (adding scopes that match the profile name automatically adds the information in the JSON response). I tried the same for the "User Information" endpoint but this didn't work.
In this other POST I have read that the "User Information" endpoint information can be enhanced by using a 'script'. However I was not able to find how to do it:
OpenAM - Use OAuth2 Access Token to get User Details?
Could someone help with this? I would really appreaciate it.
Thanks so much
In the default claims script you can add additional profile attributes by
extending the 'profile' key of the 'scopeClaimsMap' and create a mapping for the new claim in the 'claimAttributes' map.
As the claims script is using the IDRepo API of OpenAM you need to make sure the attributes are configured in the 'User Attributes' section of the configured user data store.
Example: Additional claim "employee_number" for the "profile" scope.
claimAttributes = [
"email": attributeRetriever.curry("mail"),
"address": { claim, identity, requested -> [ "formatted" : attributeRetriever("postaladdress", claim, identity, requested) ] },
"phone_number": attributeRetriever.curry("telephonenumber"),
"given_name": attributeRetriever.curry("givenname"),
"zoneinfo": attributeRetriever.curry("preferredtimezone"),
"family_name": attributeRetriever.curry("sn"),
"locale": attributeRetriever.curry("preferredlocale"),
"name": attributeRetriever.curry("cn"),
"employee_number": attributeRetriever.curry("employeeNumber")
]
scopeClaimsMap = [
"email": [ "email" ],
"address": [ "address" ],
"phone": [ "phone_number" ],
"profile": [ "given_name", "zoneinfo", "family_name", "locale", "name", "email", "employee_number" ]
]
The attribute 'employeeNumber' must be configured in the user data store config (which is there by default if you did not change anything)