-
Feature
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
False
-
-
False
Keycloak currently offers an Admin RestAPI Endpoint that returns a stream of users that have a specified role name, aka:
"GET /admin/realms/{realm}/roles/{role-name}/users" cf. -> https://access.redhat.com/webassets/avalon/d/red_hat_build_of_keycloak-22/rest-api/#_roles
Some customers wanted to leverage this endpoint in order to introduce some searching and filtering capabilities (like to filter the returned users with part of the name, account username as in the similar way to doing a: "GET /{realm}/users?search=xxxxx"
However, from an Engineering perspective we should not use the endpoint for filter users by roles (aka, "/
/roles/{role-name}/users" ) to add support for all the additional search capabilities.
Instead, we can add support for filtering by role with query parameter added to the base users endpoint, aka: "GET /admin/realms/{realm}/users"
An example for filtering the users of a given role through the base users endpoint would be something like:
GET /admin/realms/{realm}/users?search=xxxxx&role-name=yyyyy
This may be useful for a quick auditing need for example.