API Create serviceAccount User - secret ignored

Agents, Protocols and APIs
1

Currently writing a micro service for the discussion related to:

Python Code for some context - if you want to run this you need to replace some variables:

def createUser(assetID, password):
    rURL = f'{apiurl}/api/master/user/master/users'
    rHeaders = {'Authorization': f'Bearer {thismodule.apitoken}'}
    rData = {'enabled':True,'secret': f'{password}', 'realm':'master','roles':[],'previousRoles':[],'realmRoles':[],'previousRealmRoles':[],'userAssetLinks':[{'id':{'realm':'master','assetId':f'{assetID}'}}],'serviceAccount':True,'username':f'{assetID}'}

    r = requests.post(url=rURL, json=rData, headers=rHeaders)
    return r.status_code, json.loads(r.content)['id']

The 'secret': f'{password}' is being ignored even tho the swagger states this body:

{
  "realm": "string",
  "realmId": "string",
  "id": "string",
  "firstName": "string",
  "lastName": "string",
  "email": "string",
  "enabled": true,
  "createdOn": "2023-06-14T17:28:35.288Z",
  "secret": "string",
  "attributes": {
    "additionalProp1": [
      "string"
    ],
    "additionalProp2": [
      "string"
    ],
    "additionalProp3": [
      "string"
    ]
  },
  "serviceAccount": true,
  "username": "string"
}

What “string” for secret is needed to be accepted?

Ignore the part where I use the assetID as username :wink:
I also copied this body from the network inspect when creating a User and linking it to an asset.
Yes I know you need to also POST f'{apiurl}/api/master/asset/user/link'

2

I resolved this issue for now by just getting a new secret via api:

def getNewPassword(userid):
    getApiToken()
    rURL = f'{apiurl}/api/master/user/master/reset-secret/{userid}'
    rHeader = {'Authorization': f'Bearer {thismodule.apitoken}'}
    r = requests.get(url=rURL, headers=rHeader)
    # Ignore, this is for local storage in a pysondb so the password can be accessed.
    db.updateById(f"{db.reSearch('userid', f'{userid}')[0]['id']}",{"password":f"{r.text}"})
    return {'status_code': f'{r.status_code}', 'content': f'{r.text}'}

Question remains, what type of secret do I need to provide to be accepted.

3

Hi,

Our user API is just an abstraction of the Keycloak user API and you cannot set a secret in keycloak just regenerate one:

image
image1496×280 19.4 KB

This is also reflected in our user UI.

Secret is there in the user model for when you read a user.

4

Ahh so my step with just generating one or reading one one creation already is the right way.
Makes sense regarding the mentioned abstraction of keycloak :slight_smile: