Keycloak get user password
Question
In my project, I need to get current user password from Rest API.
I searched keycloak 4.8.3 final documentation but I could not find it. With admin user I can change password without knowing the current password. But my logged in user can be admin or not. I found that keycloak does not give me permission to that because of security. Wrap up is there any way to active that settings or is there a way to get password with Rest API? Thank you.
1 answers
solution1
3 ACCPTED 2021-03-04 10:15:08
Via the Rest API, one cannot get the password for obvious reasons. Ideally, in a secure setting, even if one is the admin one should not have access to the users' passwords.
From the comments you wrote:
I could use method like boolean isPasswordCorrect(username,password)
An approach is to create a client on your Realm as follows:
- Go to your Realm;
- Clients;
- Create Client;
- Set
Access Typeto public; - Set
Direct Access Grants Enabledto ON; - Save;
Now request from the newly created client a token on behalf of the user that you want to check if the password is correct:
As you can see the endpoint is:
<KEYCLOAK_HOST>/auth/realms/<REALM_NAME/protocol/openid-connect/token
and the body is:
client_id : <The client ID of the newly create client>
username : <The username>
password : <The password to be tested>
grant_type : password
If the password is correct you will get back a token object, otherwise you will get the following response:
{
"error": "invalid_grant",
"error_description": "Invalid user credentials"
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.