Is there a way to list service account users using Keycloak API (19.x)?
I can list users using GET /admin/realms/{realm}/users, and I can access a service user account user using GET /admin/realms/{realm}/users/{service-account-user-id}, if I have such an id from, say, a user login event, but is there a way to list those?
All I need are their ids and username values.
I looked through the available Keycloak REST API documentation and I could not see it under /admin/realms/{realm}/users or /admin/realms/{realm}/clients. There are also no corresponding create and update events when those users are created by flipping Service Accounts Enabled on a client.
There is no endpoint to list all the service-account users.
You'll have to iterate over all the clients and find those that are configured with service-account.
Here is a working example in Java, using the Keycloak Admin client:
public void listAll() {
final RealmResource realmResource = ...;
final List<ClientRepresentation> clients = realmResource.clients().findAll();
for (final ClientRepresentation client : clients) {
if (!client.isServiceAccountsEnabled()) {
continue;
}
final UserRepresentation serviceAccountUser = realmResource.clients().get(client.getId()).getServiceAccountUser();
final String userId = serviceAccountUser.getId();
final String userName = serviceAccountUser.getUsername());
...
}
}
Kindly, from Cloud-IAM