-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
auth/admin/realms/{realm-name}/groups?briefRepresentation=false returns empty subgroups. #27694
Comments
We are experiencing the same issue. I've read that with #22700 there now is a new This is a breaking change in the API that I wish was communicated more clearly. |
I have just tested this issue with Keycloak 24.0.1
This confuses me since This seems to be a result of using Output for
Output for
|
@KapilBillore can you rename the title of this issue to: /admin/realms/{realm-name}/groups returns empty subGroups when called without search parameter |
We also experience this issue since the upgrade. I'm using a .NET library and logged the JSON response I get from both the groups endpoint:
(I obfuscated some parts with *** though) If I use the new endpoint for children I just get |
As you mentioned/know we had some changes in this area due to some performance optimizations. AFAIK, the motivation behind not returning sub-groups when the I'm not sure if we are going to revisit this behavior. If I understand correctly, the issues reported here are:
|
@Skyppid Are you sure you called the
|
My main issue is that a simple call to
Since 23.x it is not returning a hierarchy by default anymore. If that is by choice the description of the endpoint should reflect this. Maybe something like:
and set |
Never mind ... it was late and I overlooked that I passed
At that point I might add that for me as a developer it's quite frustrating that for version 24 Keycloak's API documentation has more holes than a swiss cheese. It's really hard to figure out how to use the API since 90% of the parameters are not even described what they do. Most endpoints miss any description, it's just their name which often leaves you with speculation what it actually does as you just suggested for this specific one. I know API documentation is a tough task to keep it maintained, but it's missing so much information that should be available for developers. Maybe the API is a bit niché but still. Keycloak is not a small tool. Would be highly appreciated if this would be improved sometime. But yes, would really help if you change the description. I spent a whole day yesterday figuring out why a key feature broke. I'm not even sure if that change was mentioned in the Release Notes. At least I did not see it there. Luckily this discussion helped me find a way to solve it so we can manage our deadline. |
Due to the amount of issues reported by the community we are not able to prioritise resolving this issue at the moment. If you are affected by this issue, upvote it by adding a 👍 to the description. We would also welcome a contribution to fix the issue. |
@pedroigor Can you confirm that requesting |
Hello, The migration guide currently explains that a new endpoint is available but it does not mention that the existing one has changed.
It is important to highlight that a breaking change has been made and getting subgroups is no longer available on the |
I still think this is a bug that should be fixed. Breaking an API like this without documenting it cannot be intentional IMHO. |
Sorry I have to chime in. The keycloak admin API is probably one of the worst API's I have ever seen. Almost every field is optional and basically nothing is documented. In more cases than not it behaves differently than expected. Everything is trial and error, and it feels like you can not expect ANY consistency in responses between endpoints at all. This makes working with keycloak in strictly typed languages a true nightmare. I'm not writing this to just rant, but to press on that this is a serious issue. |
I think it speaks volumes that after introducing a breaking change without any warning or documentation, the developers can't decide if this was intended behaviour or a bug. |
Sadly true. They really need to improve there by a lot. One of the main reasons why we currently look into alternatives. I think some of the most critical issues on production we had were related to Keycloaks API... |
Before reporting an issue
Area
core
Describe the bug
Hi Team,
We have been migrating to KC 23.5 and observed that the /groups functionality doesn't return subgroups anymore and the field is empty.
Can you suggest an alternative way/fix to handle the same?
Version
23.5
Regression
Expected behavior
The groups should be returned with subgroups populated.
Actual behavior
Subgroup field is empty
How to Reproduce?
https://{keycloak-host}:port/auth/admin/realms/{realm-name}/groups?briefRepresentation=false
Anything else?
No response
The text was updated successfully, but these errors were encountered: