9

I am trying to trigger sending email using Keycloak API, but not succeeding. As described in documentation first I am getting token for my admin user: 

 curl \
  -d "client_id=admin-cli" \
  -d "username=admin" \
  -d "password=admin" \
  -d "grant_type=password" \
  "http://localhost:8180/auth/realms/master/protocol/openid-connect/token"

I am successfully getting a token, which I am then using in my second call as follows: 

curl -v  -X PUT -d '["UPDATE_PASSWORD"]' \
    -H "Content-Type: application/json" \
    -H "Authorization: bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJqZEpWUW1QdEdsT3Azd0xYV2tWWVJ2ZzJXNkRubVBPSHNGQ0t5WGQ5RkVZIn0.eyJqdGkiOiIxYTI5YmJjYi04NWQ1LTRmOWQtYWRiOC0zYzA1OTZmNjJmNGMiLCJleHAiOjE1NTE5NTM5MzUsIm5iZiI6MCwiaWF0IjoxNTUxOTUzODc1LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgxODAvYXV0aC9yZWFsbXMvbWFzdGVyIiwiYXVkIjoiYWRtaW4tY2xpIiwic3ViIjoiNDY2YTQwMDQtNDBmNy00NWZiLTk3ZTItODg2Mzg0NGVlOWU3IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWRtaW4tY2xpIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiM2Q0MDZmYTEtZGJhYy00NjEwLWJiMmQtMjNiYjAyNDgxNTU2IiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6W10sInJlc291cmNlX2FjY2VzcyI6e30sInNjb3BlIjoicHJvZmlsZSBlbWFpbCIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwibmFtZSI6IkdvaGFyIEdhc3BhcnlhbiIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiZ2l2ZW5fbmFtZSI6IkdvaGFyIiwiZmFtaWx5X25hbWUiOiJHYXNwYXJ5YW4iLCJlbWFpbCI6ImdvaGFyLmdhc3BhcnlhbkBsZXZlcnRvbi5haSJ9.qJJ1jMs4p8V2CbtKsaVyUhWwiQur7hAwyYi14RGx5T0on6EelRNlFtduGu0XOBeB2gZ8VwuVYgmb8SGXupvJs2LfqhXMnZIy0E7y4QX0ZJQ_YH8dzAZTU6x9cJlSmFY3tTts1CF7-ySDI-ZiaKST7eVT-lkxb5fNBj2_C-6-wwOtxmctSCrQZcdKzGxf0iAYTieaGgNTJf_e6FTusvHLzFyUCAjHszV5Gw-gkzlM7R3uE9wWxjPZgkFz5zGxgKrnijZn45r0CIDQb7kKxCalBvYb-saNscpelzyHqyEd1her90UoHcLyE0JexF37Qqz040JxeJt0I1nOOADAjO8X2Q" \
    "http://localhost:8180/auth/admin/realms/local/users/4553/execute-actions-email"

Answer I am getting is 404.

I figured that the problem is I am using user from user federation with an id from my database. If I create user in keycloak and use id that keycloak generated it will work.The thing is I need this functionality for federated users. Any hints?

gohar.gasparyan
  • 233
  • 3
  • 8

1 Answers1

2

As of 2022. Keycloak 19.02 the Documentation States:

Which is in fact wrong. The right api endpoint is the one mentioned by gohar.gasparyan

Edit: Which is in fact me not reading since the Documentation states at the top

The UserQueryProvider can be found in Groups

I have a user that is part of that group, logs in using username/password ( I couldn't figure out setting an access token ) and then uses the API Endpoints using a Bearer Token.

Full Script is as follows:

#!/bin/bash

KEYCLOAK_URL=http://localhost:8080/auth
KEYCLOAK_REALM=myRealmName
KEYCLOAK_CLIENT_ID=serviceAccount
KEYCLOAK_CLIENT_SECRET=serviceAccountPassword
REDIRECT_URL=http://redirect-link-after-action.com
# Realm -> Manage -> Clients -> ClientID of connected application
CLIENT_ID=ConnectApplicationClientID

set -x

export TKN=$(curl -X POST "${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/token" \
 -H "Content-Type: application/x-www-form-urlencoded" \
 -d "username=${KEYCLOAK_CLIENT_ID}" \
 -d "password=${KEYCLOAK_CLIENT_SECRET}" \
 -d 'grant_type=password' \
 -d 'client_id=admin-cli' | jq -r '.access_token')

#curl -X GET "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${USER_ID}" \
RAW=$(curl -X GET "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users" \
-H "Accept: application/json" \
-H "Authorization: Bearer $TKN" | jq .)

eval "$( echo $RAW | jq -r '@sh "values=( \([.[].id]) )"' )"

REDIRECT_URI_ENCODED=$(printf %s $REDIRECT_URL | jq -sRr @uri)


for i in "${values[@]}"; do
  curl -v -X PUT "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users/${i}/execute-actions-email?redirect_uri=${REDIRECT_URI_ENCODED}&client_id=${CLIENT_ID}" -H "Content-Type: application/json" -H "Authorization: Bearer $TKN" -d '["UPDATE_PASSWORD"]'
done

Make sure to add the redirect_uri to the valid redirection urls in the client configuration

After all that endavour we end with the nice Link "Back to Application"

Take note that your email account update links will refer the KEYCLOAK_URL variable unless you specify a Frontend URL in the Realm -> Configure -> Realm settings

Cookie
  • 113
  • 1
  • 1
  • 7