How to get Keycloak users via REST without admin account

Solution 1:

You need to assign the view-users role from the realm-management client, for the desired user. That would be the configuration for the user:

enter image description here

Then you can grab all the users from the ${keycloakUri}/admin/realms/${keycloakRealm}/users endpoint. That's the info retrieved from the enpoint, accesed via Postman:

enter image description here

Also, unrelated to the asked question, I strongly encourage you not to use grant_type=password unless you absolutelly need to. From the keycloak blog:

RESULT=`curl --data "grant_type=password&client_id=curl&username=user&password=password" http://localhost:8180/auth/realms/master/protocol/openid-connect/token`

This is a bit cryptic and luckily this is not how you should really be obtaining tokens. Tokens should be obtained by web applications by redirecting to the Keycloak login page. We're only doing this so we can test the service as we don't have an application that can invoke the service yet. Basically what we are doing here is invoking Keycloaks OpenID Connect token endpoint with grant type set to password which is the Resource Owner Credentials flow that allows swapping a username and a password for a token.

See also the Oauth2 spec.