455 lines
26 KiB
Markdown
455 lines
26 KiB
Markdown
## Keycloak Admin Client
|
||
|
||
## Features
|
||
|
||
- TypeScript supported
|
||
- Latest Keycloak version supported
|
||
- [Complete resource definitions](https://github.com/keycloak/keycloak-ui/tree/main/libs/keycloak-admin-client/src/defs)
|
||
- [Well-tested for supported APIs](https://github.com/keycloak/keycloak-ui/tree/main/libs/keycloak-admin-client/test)
|
||
|
||
## Install
|
||
|
||
```sh
|
||
npm install @keycloak/keycloak-admin-client
|
||
```
|
||
|
||
## Usage
|
||
|
||
```js
|
||
import KcAdminClient from '@keycloak/keycloak-admin-client';
|
||
|
||
// To configure the client, pass an object to override any of these options:
|
||
// {
|
||
// baseUrl: 'http://127.0.0.1:8080',
|
||
// realmName: 'master',
|
||
// requestOptions: {
|
||
// /* Fetch request options https://developer.mozilla.org/en-US/docs/Web/API/fetch#options */
|
||
// },
|
||
// }
|
||
const kcAdminClient = new KcAdminClient();
|
||
|
||
// Authorize with username / password
|
||
await kcAdminClient.auth({
|
||
username: 'admin',
|
||
password: 'admin',
|
||
grantType: 'password',
|
||
clientId: 'admin-cli',
|
||
totp: '123456', // optional Time-based One-time Password if OTP is required in authentication flow
|
||
});
|
||
|
||
// List all users
|
||
const users = await kcAdminClient.users.find();
|
||
|
||
// Override client configuration for all further requests:
|
||
kcAdminClient.setConfig({
|
||
realmName: 'another-realm',
|
||
});
|
||
|
||
// This operation will now be performed in 'another-realm' if the user has access.
|
||
const groups = await kcAdminClient.groups.find();
|
||
|
||
// Set a `realm` property to override the realm for only a single operation.
|
||
// For example, creating a user in another realm:
|
||
await this.kcAdminClient.users.create({
|
||
realm: 'a-third-realm',
|
||
username: 'username',
|
||
email: 'user@example.com',
|
||
});
|
||
```
|
||
|
||
To refresh the access token provided by Keycloak, an OpenID client like [panva/node-openid-client](https://github.com/panva/node-openid-client) can be used like this:
|
||
|
||
```js
|
||
import {Issuer} from 'openid-client';
|
||
|
||
const keycloakIssuer = await Issuer.discover(
|
||
'http://localhost:8080/realms/master',
|
||
);
|
||
|
||
const client = new keycloakIssuer.Client({
|
||
client_id: 'admin-cli', // Same as `clientId` passed to client.auth()
|
||
token_endpoint_auth_method: 'none', // to send only client_id in the header
|
||
});
|
||
|
||
// Use the grant type 'password'
|
||
let tokenSet = await client.grant({
|
||
grant_type: 'password',
|
||
username: 'admin',
|
||
password: 'admin',
|
||
});
|
||
|
||
// Periodically using refresh_token grant flow to get new access token here
|
||
setInterval(async () => {
|
||
const refreshToken = tokenSet.refresh_token;
|
||
tokenSet = await client.refresh(refreshToken);
|
||
kcAdminClient.setAccessToken(tokenSet.access_token);
|
||
}, 58 * 1000); // 58 seconds
|
||
```
|
||
|
||
In cases where you don't have a refresh token, eg. in a client credentials flow, you can simply call `kcAdminClient.auth` to get a new access token, like this:
|
||
|
||
```js
|
||
const credentials = {
|
||
grantType: 'client_credentials',
|
||
clientId: 'clientId',
|
||
clientSecret: 'some-client-secret-uuid',
|
||
};
|
||
await kcAdminClient.auth(credentials);
|
||
|
||
setInterval(() => kcAdminClient.auth(credentials), 58 * 1000); // 58 seconds
|
||
```
|
||
|
||
## Building and running the tests
|
||
|
||
To build the source do a build:
|
||
|
||
```bash
|
||
npm run build
|
||
```
|
||
|
||
Start the Keycloak server:
|
||
|
||
```bash
|
||
npm run server:start
|
||
```
|
||
|
||
If you started your container manually make sure there is an admin user named 'admin' with password 'admin'.
|
||
Then start the tests with:
|
||
|
||
```bash
|
||
npm test
|
||
```
|
||
|
||
## Supported APIs
|
||
|
||
### [Realm admin](https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_realms_admin_resource)
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/realms.spec.ts
|
||
|
||
- Import a realm from a full representation of that realm (`POST /`)
|
||
- Get the top-level representation of the realm (`GET /{realm}`)
|
||
- Update the top-level information of the realm (`PUT /{realm}`)
|
||
- Delete the realm (`DELETE /{realm}`)
|
||
- Partial export of existing realm into a JSON file (`POST /{realm}/partial-export`)
|
||
- Get users management permissions (`GET /{realm}/users-management-permissions`)
|
||
- Enable users management permissions (`PUT /{realm}/users-management-permissions`)
|
||
- Get events (`GET /{realm}/events`)
|
||
- Get admin events (`GET /{realm}/admin-events`)
|
||
- Remove all user sessions (`POST /{realm}/logout-all`)
|
||
- Remove a specific user session (`DELETE /{realm}/sessions/{session}`)
|
||
- Get client policies policies (`GET /{realm}/client-policies/policies`)
|
||
- Update client policies policies (`PUT /{realm}/client-policies/policies`)
|
||
- Get client policies profiles (`GET /{realm}/client-policies/profiles`)
|
||
- Update client policies profiles (`PUT /{realm}/client-policies/profiles`)
|
||
- Get a group by path (`GET /{realm}/group-by-path/{path}`)
|
||
### [Role](https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_roles_resource)
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/roles.spec.ts
|
||
|
||
- Create a new role for the realm (`POST /{realm}/roles`)
|
||
- Get all roles for the realm (`GET /{realm}/roles`)
|
||
- Get a role by name (`GET /{realm}/roles/{role-name}`)
|
||
- Update a role by name (`PUT /{realm}/roles/{role-name}`)
|
||
- Delete a role by name (`DELETE /{realm}/roles/{role-name}`)
|
||
- Get all users in a role by name for the realm (`GET /{realm}/roles/{role-name}/users`)
|
||
|
||
### [Roles (by ID)](https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_roles_by_id_resource)
|
||
|
||
- Get a specific role (`GET /{realm}/roles-by-id/{role-id}`)
|
||
- Update the role (`PUT /{realm}/roles-by-id/{role-id}`)
|
||
- Delete the role (`DELETE /{realm}/roles-by-id/{role-id}`)
|
||
- Make the role a composite role by associating some child roles(`POST /{realm}/roles-by-id/{role-id}/composites`)
|
||
- Get role’s children Returns a set of role’s children provided the role is a composite. (`GET /{realm}/roles-by-id/{role-id}/composites`)
|
||
- Remove a set of roles from the role’s composite (`DELETE /{realm}/roles-by-id/{role-id}/composites`)
|
||
- Get client-level roles for the client that are in the role’s composite (`GET /{realm}/roles-by-id/{role-id}/composites/clients/{client}`)
|
||
- Get realm-level roles that are in the role’s composite (`GET /{realm}/roles-by-id/{role-id}/composites/realm`)
|
||
|
||
### [User](https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_users_resource)
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/users.spec.ts
|
||
|
||
- Create a new user (`POST /{realm}/users`)
|
||
- Get users Returns a list of users, filtered according to query parameters (`GET /{realm}/users`)
|
||
- Get representation of the user (`GET /{realm}/users/{id}`)
|
||
- Update the user (`PUT /{realm}/users/{id}`)
|
||
- Delete the user (`DELETE /{realm}/users/{id}`)
|
||
- Count users (`GET /{realm}/users/count`)
|
||
- Send a update account email to the user An email contains a link the user can click to perform a set of required actions. (`PUT /{realm}/users/{id}/execute-actions-email`)
|
||
- Get user groups (`GET /{realm}/users/{id}/groups`)
|
||
- Add user to group (`PUT /{realm}/users/{id}/groups/{groupId}`)
|
||
- Delete user from group (`DELETE /{realm}/users/{id}/groups/{groupId}`)
|
||
- Remove TOTP from the user (`PUT /{realm}/users/{id}/remove-totp`)
|
||
- Set up a temporary password for the user User will have to reset the temporary password next time they log in. (`PUT /{realm}/users/{id}/reset-password`)
|
||
- Send an email-verification email to the user An email contains a link the user can click to verify their email address. (`PUT /{realm}/users/{id}/send-verify-email`)
|
||
- Update a credential label for a user (`PUT /{realm}/users/{id}/credentials/{credentialId}/userLabel`)
|
||
- Move a credential to a position behind another credential (`POST /{realm}/users/{id}/credentials/{credentialId}/moveAfter/{newPreviousCredentialId}`)
|
||
- Move a credential to a first position in the credentials list of the user (`PUT /{realm}/users/{id}/credentials/{credentialId}/moveToFirst`)
|
||
|
||
### User group-mapping
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/users.spec.ts#L178
|
||
|
||
- Add user to group (`PUT /{id}/groups/{groupId}`)
|
||
- List all user groups (`GET /{id}/groups`)
|
||
- Count user groups (`GET /{id}/groups/count`)
|
||
- Remove user from group (`DELETE /{id}/groups/{groupId}`)
|
||
|
||
### User role-mapping
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/users.spec.ts#L143
|
||
|
||
- Get user role-mappings (`GET /{realm}/users/{id}/role-mappings`)
|
||
- Add realm-level role mappings to the user (`POST /{realm}/users/{id}/role-mappings/realm`)
|
||
- Get realm-level role mappings (`GET /{realm}/users/{id}/role-mappings/realm`)
|
||
- Delete realm-level role mappings (`DELETE /{realm}/users/{id}/role-mappings/realm`)
|
||
- Get realm-level roles that can be mapped (`GET /{realm}/users/{id}/role-mappings/realm/available`)
|
||
- Get effective realm-level role mappings This will recurse all composite roles to get the result. (`GET /{realm}/users/{id}/role-mappings/realm/composite`)
|
||
|
||
### [Group](https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_groups_resource)
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/groups.spec.ts
|
||
|
||
- Create (`POST /{realm}/groups`)
|
||
- List (`GET /{realm}/groups`)
|
||
- Get one (`GET /{realm}/groups/{id}`)
|
||
- Update (`PUT /{realm}/groups/{id}`)
|
||
- Delete (`DELETE /{realm}/groups/{id}`)
|
||
- Count (`GET /{realm}/groups/count`)
|
||
- List members (`GET /{realm}/groups/{id}/members`)
|
||
- Set or create child (`POST /{realm}/groups/{id}/children`)
|
||
|
||
### Group role-mapping
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/groups.spec.ts#L76
|
||
|
||
- Get group role-mappings (`GET /{realm}/groups/{id}/role-mappings`)
|
||
- Add realm-level role mappings to the group (`POST /{realm}/groups/{id}/role-mappings/realm`)
|
||
- Get realm-level role mappings (`GET /{realm}/groups/{id}/role-mappings/realm`)
|
||
- Delete realm-level role mappings (`DELETE /{realm}/groups/{id}/role-mappings/realm`)
|
||
- Get realm-level roles that can be mapped (`GET /{realm}/groups/{id}/role-mappings/realm/available`)
|
||
- Get effective realm-level role mappings This will recurse all composite roles to get the result. (`GET /{realm}/groups/{id}/role-mappings/realm/composite`)
|
||
|
||
### [Client](https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_clients_resource)
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/clients.spec.ts
|
||
|
||
- Create a new client (`POST /{realm}/clients`)
|
||
- Get clients belonging to the realm (`GET /{realm}/clients`)
|
||
- Get representation of the client (`GET /{realm}/clients/{id}`)
|
||
- Update the client (`PUT /{realm}/clients/{id}`)
|
||
- Delete the client (`DELETE /{realm}/clients/{id}`)
|
||
|
||
### [Client roles](https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_roles_resource)
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/clients.spec.ts
|
||
|
||
- Create a new role for the client (`POST /{realm}/clients/{id}/roles`)
|
||
- Get all roles for the client (`GET /{realm}/clients/{id}/roles`)
|
||
- Get a role by name (`GET /{realm}/clients/{id}/roles/{role-name}`)
|
||
- Update a role by name (`PUT /{realm}/clients/{id}/roles/{role-name}`)
|
||
- Delete a role by name (`DELETE /{realm}/clients/{id}/roles/{role-name}`)
|
||
|
||
### [Client role-mapping for group](https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_client_role_mappings_resource)
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/groups.spec.ts#L150
|
||
|
||
- Add client-level roles to the group role mapping (`POST /{realm}/groups/{id}/role-mappings/clients/{client}`)
|
||
- Get client-level role mappings for the group (`GET /{realm}/groups/{id}/role-mappings/clients/{client}`)
|
||
- Delete client-level roles from group role mapping (`DELETE /{realm}/groups/{id}/role-mappings/clients/{client}`)
|
||
- Get available client-level roles that can be mapped to the group (`GET /{realm}/groups/{id}/role-mappings/clients/{client}/available`)
|
||
- Get effective client-level role mappings This will recurse all composite roles to get the result. (`GET /{realm}/groups/{id}/role-mappings/clients/{client}/composite`)
|
||
|
||
### [Client role-mapping for user](https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_client_role_mappings_resource)
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/users.spec.ts#L217
|
||
|
||
- Add client-level roles to the user role mapping (`POST /{realm}/users/{id}/role-mappings/clients/{client}`)
|
||
- Get client-level role mappings for the user (`GET /{realm}/users/{id}/role-mappings/clients/{client}`)
|
||
- Delete client-level roles from user role mapping (`DELETE /{realm}/users/{id}/role-mappings/clients/{client}`)
|
||
- Get available client-level roles that can be mapped to the user (`GET /{realm}/users/{id}/role-mappings/clients/{client}/available`)
|
||
- Get effective client-level role mappings This will recurse all composite roles to get the result. (`GET /{realm}/users/{id}/role-mappings/clients/{client}/composite`)
|
||
|
||
### [Client Attribute Certificate](https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_client_attribute_certificate_resource)
|
||
|
||
- Get key info (`GET /{realm}/clients/{id}/certificates/{attr}`)
|
||
- Get a keystore file for the client, containing private key and public certificate (`POST /{realm}/clients/{id}/certificates/{attr}/download`)
|
||
- Generate a new certificate with new key pair (`POST /{realm}/clients/{id}/certificates/{attr}/generate`)
|
||
- Generate a new keypair and certificate, and get the private key file Generates a keypair and certificate and serves the private key in a specified keystore format. (`POST /{realm}/clients/{id}/certificates/{attr}/generate-and-download`)
|
||
- Upload certificate and eventually private key (`POST /{realm}/clients/{id}/certificates/{attr}/upload`)
|
||
- Upload only certificate, not private key (`POST /{realm}/clients/{id}/certificates/{attr}/upload-certificate`)
|
||
|
||
### [Identity Providers](https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_identity_providers_resource)
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/idp.spec.ts
|
||
|
||
- Create a new identity provider (`POST /{realm}/identity-provider/instances`)
|
||
- Get identity providers (`GET /{realm}/identity-provider/instances`)
|
||
- Get the identity provider (`GET /{realm}/identity-provider/instances/{alias}`)
|
||
- Update the identity provider (`PUT /{realm}/identity-provider/instances/{alias}`)
|
||
- Delete the identity provider (`DELETE /{realm}/identity-provider/instances/{alias}`)
|
||
- Find identity provider factory (`GET /{realm}/identity-provider/providers/{providerId}`)
|
||
- Create a new identity provider mapper (`POST /{realm}/identity-provider/instances/{alias}/mappers`)
|
||
- Get identity provider mappers (`GET /{realm}/identity-provider/instances/{alias}/mappers`)
|
||
- Get the identity provider mapper (`GET /{realm}/identity-provider/instances/{alias}/mappers/{id}`)
|
||
- Update the identity provider mapper (`PUT /{realm}/identity-provider/instances/{alias}/mappers/{id}`)
|
||
- Delete the identity provider mapper (`DELETE /{realm}/identity-provider/instances/{alias}/mappers/{id}`)
|
||
- Find the identity provider mapper types (`GET /{realm}/identity-provider/instances/{alias}/mapper-types`)
|
||
|
||
### [Client Scopes](https://www.keycloak.org/docs-api/6.0/rest-api/index.html#_client_scopes_resource)
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/clientScopes.spec.ts
|
||
|
||
- Create a new client scope (`POST /{realm}/client-scopes`)
|
||
- Get client scopes belonging to the realm (`GET /{realm}/client-scopes`)
|
||
- Get representation of the client scope (`GET /{realm}/client-scopes/{id}`)
|
||
- Update the client scope (`PUT /{realm}/client-scopes/{id}`)
|
||
- Delete the client scope (`DELETE /{realm}/client-scopes/{id}`)
|
||
|
||
### [Client Scopes for realm](https://www.keycloak.org/docs-api/6.0/rest-api/index.html#_client_scopes_resource)
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/clientScopes.spec.ts
|
||
|
||
- Get realm default client scopes (`GET /{realm}/default-default-client-scopes`)
|
||
- Add realm default client scope (`PUT /{realm}/default-default-client-scopes/{id}`)
|
||
- Delete realm default client scope (`DELETE /{realm}/default-default-client-scopes/{id}`)
|
||
- Get realm optional client scopes (`GET /{realm}/default-optional-client-scopes`)
|
||
- Add realm optional client scope (`PUT /{realm}/default-optional-client-scopes/{id}`)
|
||
- Delete realm optional client scope (`DELETE /{realm}/default-optional-client-scopes/{id}`)
|
||
|
||
### [Client Scopes for client](https://www.keycloak.org/docs-api/6.0/rest-api/index.html#_client_scopes_resource)
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/clientScopes.spec.ts
|
||
|
||
- Get default client scopes (`GET /{realm}/clients/{id}/default-client-scopes`)
|
||
- Add default client scope (`PUT /{realm}/clients/{id}/default-client-scopes/{clientScopeId}`)
|
||
- Delete default client scope (`DELETE /{realm}/clients/{id}/default-client-scopes/{clientScopeId}`)
|
||
- Get optional client scopes (`GET /{realm}/clients/{id}/optional-client-scopes`)
|
||
- Add optional client scope (`PUT /{realm}/clients/{id}/optional-client-scopes/{clientScopeId}`)
|
||
- Delete optional client scope (`DELETE /{realm}/clients/{id}/optional-client-scopes/{clientScopeId}`)
|
||
|
||
### [Scope Mappings for client scopes](https://www.keycloak.org/docs-api/6.0/rest-api/index.html#_scope_mappings_resource)
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/clientScopes.spec.ts
|
||
|
||
- Get all scope mappings for the client (`GET /{realm}/client-scopes/{id}/scope-mappings`)
|
||
- Add client-level roles to the client’s scope (`POST /{realm}/client-scopes/{id}/scope-mappings/clients/{client}`)
|
||
- Get the roles associated with a client’s scope (`GET /{realm}/client-scopes/{id}/scope-mappings/clients/{client}`)
|
||
- The available client-level roles (`GET /{realm}/client-scopes/{id}/scope-mappings/clients/{client}/available`)
|
||
- Get effective client roles (`GET /{realm}/client-scopes/{id}/scope-mappings/clients/{client}/composite`)
|
||
- Remove client-level roles from the client’s scope. (`DELETE /{realm}/client-scopes/{id}/scope-mappings/clients/{client}`)
|
||
- Add a set of realm-level roles to the client’s scope (`POST /{realm}/client-scopes/{id}/scope-mappings/realm`)
|
||
- Get realm-level roles associated with the client’s scope (`GET /{realm}/client-scopes/{id}/scope-mappings/realm`)
|
||
- Remove a set of realm-level roles from the client’s scope (`DELETE /{realm}/client-scopes/{id}/scope-mappings/realm`)
|
||
- Get realm-level roles that are available to attach to this client’s scope (`GET /{realm}/client-scopes/{id}/scope-mappings/realm/available`)
|
||
- Get effective realm-level roles associated with the client’s scope (`GET /{realm}/client-scopes/{id}/scope-mappings/realm/composite`)
|
||
|
||
### [Scope Mappings for clients](https://www.keycloak.org/docs-api/6.0/rest-api/index.html#_scope_mappings_resource)
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/clientScopes.spec.ts
|
||
|
||
- Get all scope mappings for the client (`GET /{realm}/clients/{id}/scope-mappings`)
|
||
- Add client-level roles to the client’s scope (`POST /{realm}/clients/{id}/scope-mappings/clients/{client}`)
|
||
- Get the roles associated with a client’s scope (`GET /{realm}/clients/{id}/scope-mappings/clients/{client}`)
|
||
- Remove client-level roles from the client’s scope. (`DELETE /{realm}/clients/{id}/scope-mappings/clients/{client}`)
|
||
- The available client-level roles (`GET /{realm}/clients/{id}/scope-mappings/clients/{client}/available`)
|
||
- Get effective client roles (`GET /{realm}/clients/{id}/scope-mappings/clients/{client}/composite`)
|
||
- Add a set of realm-level roles to the client’s scope (`POST /{realm}/clients/{id}/scope-mappings/realm`)
|
||
- Get realm-level roles associated with the client’s scope (`GET /{realm}/clients/{id}/scope-mappings/realm`)
|
||
- Remove a set of realm-level roles from the client’s scope (`DELETE /{realm}/clients/{id}/scope-mappings/realm`)
|
||
- Get realm-level roles that are available to attach to this client’s scope (`GET /{realm}/clients/{id}/scope-mappings/realm/available`)
|
||
- Get effective realm-level roles associated with the client’s scope (`GET /{realm}/clients/{id}/scope-mappings/realm/composite`)
|
||
|
||
### [Protocol Mappers for client scopes](https://www.keycloak.org/docs-api/6.0/rest-api/index.html#_protocol_mappers_resource)
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/clientScopes.spec.ts
|
||
|
||
- Create multiple mappers (`POST /{realm}/client-scopes/{id}/protocol-mappers/add-models`)
|
||
- Create a mapper (`POST /{realm}/client-scopes/{id}/protocol-mappers/models`)
|
||
- Get mappers (`GET /{realm}/client-scopes/{id}/protocol-mappers/models`)
|
||
- Get mapper by id (`GET /{realm}/client-scopes/{id}/protocol-mappers/models/{mapperId}`)
|
||
- Update the mapper (`PUT /{realm}/client-scopes/{id}/protocol-mappers/models/{mapperId}`)
|
||
- Delete the mapper (`DELETE /{realm}/client-scopes/{id}/protocol-mappers/models/{mapperId}`)
|
||
- Get mappers by name for a specific protocol (`GET /{realm}/client-scopes/{id}/protocol-mappers/protocol/{protocol}`)
|
||
|
||
### [Protocol Mappers for clients](https://www.keycloak.org/docs-api/6.0/rest-api/index.html#_protocol_mappers_resource)
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/clients.spec.ts
|
||
|
||
- Create multiple mappers (`POST /{realm}/clients/{id}/protocol-mappers/add-models`)
|
||
- Create a mapper (`POST /{realm}/clients/{id}/protocol-mappers/models`)
|
||
- Get mappers (`GET /{realm}/clients/{id}/protocol-mappers/models`)
|
||
- Get mapper by id (`GET /{realm}/clients/{id}/protocol-mappers/models/{mapperId}`)
|
||
- Update the mapper (`PUT /{realm}/clients/{id}/protocol-mappers/models/{mapperId}`)
|
||
- Delete the mapper (`DELETE /{realm}/clients/{id}/protocol-mappers/models/{mapperId}`)
|
||
- Get mappers by name for a specific protocol (`GET /{realm}/clients/{id}/protocol-mappers/protocol/{protocol}`)
|
||
|
||
### [Component]()
|
||
|
||
Supported for [user federation](https://www.keycloak.org/docs/latest/server_admin/index.html#_user-storage-federation). Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/components.spec.ts
|
||
|
||
- Create (`POST /{realm}/components`)
|
||
- List (`GET /{realm}/components`)
|
||
- Get (`GET /{realm}/components/{id}`)
|
||
- Update (`PUT /{realm}/components/{id}`)
|
||
- Delete (`DELETE /{realm}/components/{id}`)
|
||
|
||
### [Sessions for clients]()
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/clients.spec.ts
|
||
|
||
- List user sessions for a specific client (`GET /{realm}/clients/{id}/user-sessions`)
|
||
- List offline sessions for a specific client (`GET /{realm}/clients/{id}/offline-sessions`)
|
||
- Get user session count for a specific client (`GET /{realm}/clients/{id}/session-count`)
|
||
- List offline session count for a specific client (`GET /{realm}/clients/{id}/offline-session-count`)
|
||
|
||
### [Authentication Management: Required actions](https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_authentication_management_resource)
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/authenticationManagement.spec.ts
|
||
|
||
- Register a new required action (`POST /{realm}/authentication/register-required-action`)
|
||
- Get required actions. Returns a list of required actions. (`GET /{realm}/authentication/required-actions`)
|
||
- Get required action for alias (`GET /{realm}/authentication/required-actions/{alias}`)
|
||
- Update required action (`PUT /{realm}/authentication/required-actions/{alias}`)
|
||
- Delete required action (`DELETE /{realm}/authentication/required-actions/{alias}`)
|
||
- Lower required action’s priority (`POST /{realm}/authentication/required-actions/{alias}/lower-priority`)
|
||
- Raise required action’s priority (`POST /{realm}/authentication/required-actions/{alias}/raise-priority`)
|
||
- Get unregistered required actions Returns a list of unregistered required actions. (`GET /{realm}/authentication/unregistered-required-actions`)
|
||
|
||
### [Authorization: Permission](https://www.keycloak.org/docs/8.0/authorization_services/#_overview)
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/clients.spec.ts
|
||
|
||
- Create permission (`POST /{realm}/clients/{id}/authz/resource-server/permission/{type}`)
|
||
- Get permission (`GET /{realm}/clients/{id}/authz/resource-server/permission/{type}/{permissionId}`)
|
||
- Update permission (`PUT /{realm}/clients/{id}/authz/resource-server/permission/{type}/{permissionId}`)
|
||
- Delete permission (`DELETE /{realm}/clients/{id}/authz/resource-server/permission/{type}/{permissionId}`)
|
||
|
||
### [Authorization: Policy](https://www.keycloak.org/docs/8.0/authorization_services/#_overview)
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/clients.spec.ts
|
||
|
||
- Create policy (`POST /{realm}/clients/{id}/authz/resource-server/policy/{type}`)
|
||
- Get policy (`GET /{realm}/clients/{id}/authz/resource-server/policy/{type}/{policyId}`)
|
||
- Get policy by name (`GET /{realm}/clients/{id}/authz/resource-server/policy/search`)
|
||
- Update policy (`PUT /{realm}/clients/{id}/authz/resource-server/policy/{type}/{policyId}`)
|
||
- Delete policy (`DELETE /{realm}/clients/{id}/authz/resource-server/policy/{policyId}`)
|
||
|
||
### [Attack Detection](https://www.keycloak.org/docs-api/5.0/rest-api/index.html#_attack_detection_resource)
|
||
|
||
Demo code: https://github.com/keycloak/keycloak-nodejs-admin-client/blob/main/libs/keycloak-admin-client/test/attackDetection.spec.ts
|
||
|
||
- Clear any user login failures for all users This can release temporary disabled users (`DELETE /{realm}/attack-detection/brute-force/users`)
|
||
- Get status of a username in brute force detection (`GET /{realm}/attack-detection/brute-force/users/{userId}`)
|
||
- Clear any user login failures for the user This can release temporary disabled user (`DELETE /{realm}/attack-detection/brute-force/users/{userId}`)
|
||
|
||
## Not yet supported
|
||
|
||
- [Authentication Management](https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_authentication_management_resource)
|
||
- [Client Initial Access](https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_client_initial_access_resource)
|
||
- [Client Registration Policy](https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_client_registration_policy_resource)
|
||
- [Key](https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_key_resource)
|
||
- [User Storage Provider](https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_user_storage_provider_resource)
|
||
|
||
## Maintainers
|
||
|
||
This repo is originally developed by [Canner](https://www.cannercms.com) and [InfuseAI](https://infuseai.io) before being transferred under keycloak organization.
|