Manipulate user

This project is about impersonation a user via Keycloak REST API.

Yet "impersonation" is not the correct term, you should talk about token-exchange.

Keycloak conf

Token exchange is an experimental feature in Keycloak, so you have to enable features preview.

bin/kc.sh start-dev --features="preview"

this will enable all the experimental feature; there's probably a way to cherry-pick only the token-exchange related.

Client configuration

• create the private Client image1 image2 image3
• write down client credential image
• enable client permission image
• create a new permission for token-exchange image
• go to client "Realm-management" -> Authorization -> Policies image
• create a new Policy, type "Client" image
• give it a name and link the new policy to private client created image
• now create a Scope-based permission image
• select the correct data image
  • Resources=Users
  • Auth scope = impersonate
  • Policies = the one created

Admin user

Now you need to create or select a user that will be used to impersonate all the other users and request the tokens In my example I create a new one called svc-impersonate

• Add a user image
• put the user details image
• set the credentials image and confirm
• go to Role Mapping image
• select the mappings as in image. When Assigning roles pay attention that they are filtered, choose the correct filter to search for the one needed