2

At the moment I am adding the user to one group at a time using this endpoint:

PUT /{realm}/users/{id}/groups/{groupId}

In my use case it would be beneficial to perform the affectations in bulk, so far I haven't found a documented way of doing so, is there a way to do it? Thanks

E. Karim
  • 649
  • 7
  • 14

3 Answers3

3
PUT /{realm}/users/{id}

It's in the documentation, but it doesn't work.

I started discussion on github

Ramil Minnigaliev
  • 31
  • 2
  • 1
    This does not provide an answer to the question. Once you have sufficient [reputation](https://stackoverflow.com/help/whats-reputation) you will be able to [comment on any post](https://stackoverflow.com/help/privileges/comment); instead, [provide answers that don't require clarification from the asker](https://meta.stackexchange.com/questions/214173/why-do-i-need-50-reputation-to-comment-what-can-i-do-instead). - [From Review](/review/late-answers/30031074) – Adrian Mole Oct 08 '21 at 20:55
2

You could try to update the full user data

PUT /{realm}/users/{id}

with a partial UserRepresentation containing a minimal json with "groups" array only ?

I see that nearly all fields are marked as optional: cfr https://www.keycloak.org/docs-api/12.0/rest-api/index.html#_userrepresentation

TacheDeChoco
  • 3,683
  • 1
  • 14
  • 17
  • Thanks for the reply, I think it's a good workaround. However I still haven't got it to work. Tried in the body: { groups: [ "group-1-id", "group-2-id" ] } it gave code 200 but didn't add the user to the groups, and { groups: [ { id: "group-1-id" }, { id: "group-2-id" } ] } which gave a code 500 – E. Karim Jun 08 '21 at 14:01
  • Did you try with the group **id** (ex "fcc0d684-f80b-4351-a441-49c8170c652c") and not the group name (ex: "my-group") ? – TacheDeChoco Jun 09 '21 at 07:17
  • Yes exactly, the group id. I think the feature I'm looking for is unfortunately not available in Keycloak. I needed it for atomicity since I modify in Keycloak and in a local database but for now I'm handling it by rolling back if one PUT /{realm}/users/{id}/groups/{groupId} fails and I undo the changed ones if there were any. – E. Karim Jun 09 '21 at 08:10
0

The following way still works as of Keycloak v21.0.2 but is super uncomfortable, especially in case when one group should be joined and another should be left:

PUT /{realm}/users/{id}/groups/{groupId}

In documentation for UserRepresentation the entry groups is listed as < string > array, however fetching user with

GET /{realm}/users/{id}

returns a UserRepresentation that is lacking the entry groups (in my case the user was part of a group, so it was not empty).

When updating a user with

PUT /{realm}/users/{id}

with a minimal UserRepresentation with only groups defined like this:

{"groups":["cdcb76bd-ebb1-48ef-bec2-a81aad370746"]}

the SuccessCode 204 is returned, but nothing changed (no removing unmentioned group or adding new group).

This is still an active issue as of May 2023, see here: https://github.com/keycloak/keycloak/issues/9354.

user3079834
  • 2,009
  • 2
  • 31
  • 63