npm:@amazeeio/keycloak-admin

README

keycloak-admin

Node.js Keycloak admin client

Features

TypeScript supported
Keycloak latest version (v4.1) supported
Complete resource definitions
Well-tested for supported APIs

Install

yarn add keycloak-admin

Usage

import KcAdminClient from 'keycloak-admin';

// To configure the client, pass an object to override any of these  options:
// {
//   baseUrl: 'http://127.0.0.1:8080/auth',
//   realmName: 'master',
//   requestConfig: {
//     /* Axios request config options https://github.com/axios/axios#request-config */
//   },
// }
const kcAdminClient = new KcAdminClient();

// Authorize with username / password
await kcAdminClient.auth({
  username: 'wwwy3y3',
  password: 'wwwy3y3',
  grantType: 'password',
  clientId: 'admin-cli'
});

// List all users
const users = await kcAdminClient.users.find();

// Override client configuration for all further requests:
kcAdminClient.setConfig({
  realmName: 'another-realm',
});

// This operation will now be performed in 'another-realm' if the user has access.
const groups = await kcAdminClient.groups.find();

// Set a `realm` property to override the realm for only a single operation.
// For example, creating a user in another realm:
await this.kcAdminClient.users.create({
  realm: 'a-third-realm',
  username: 'username',
  email: 'user@example.com'
});

Supported APIs

Realm admin

Demo code: https://github.com/Canner/keycloak-admin/blob/master/test/realms.spec.ts

Import a realm from a full representation of that realm (POST /)
Get the top-level representation of the realm (GET /{realm})
Update the top-level information of the realm (PUT /{realm})
Delete the realm (DELETE /{realm})

Role

Demo code: https://github.com/Canner/keycloak-admin/blob/master/test/roles.spec.ts

Create a new role for the realm (POST /{realm}/roles)
Get all roles for the realm (GET /{realm}/roles)
Get a role by name (GET /{realm}/roles/{role-name})
Update a role by name (PUT /{realm}/roles/{role-name})
Delete a role by name (DELETE /{realm}/roles/{role-name})

Roles (by ID)

Get a specific role (GET /{realm}/roles-by-id/{role-id})
Update the role (PUT /{realm}/roles-by-id/{role-id})
Delete the role (DELETE /{realm}/roles-by-id/{role-id})

User

Demo code: https://github.com/Canner/keycloak-admin/blob/master/test/users.spec.ts

Create a new user (POST /{realm}/users)
Get users Returns a list of users, filtered according to query parameters (GET /{realm}/users)
Get representation of the user (GET /{realm}/users/{id})
Update the user (PUT /{realm}/users/{id})
Delete the user (DELETE /{realm}/users/{id})
Send a update account email to the user An email contains a link the user can click to perform a set of required actions. (PUT /{realm}/users/{id}/execute-actions-email)
Get user groups (GET /{realm}/users/{id}/groups)
Add user to group (PUT /{realm}/users/{id}/groups/{groupId})
Delete user from group (DELETE /{realm}/users/{id}/groups/{groupId})
Remove TOTP from the user (PUT /{realm}/users/{id}/remove-totp)
Set up a temporary password for the user User will have to reset the temporary password next time they log in. (PUT /{realm}/users/{id}/reset-password)
Send an email-verification email to the user An email contains a link the user can click to verify their email address. (PUT /{realm}/users/{id}/send-verify-email)

User role-mapping

Demo code: https://github.com/Canner/keycloak-admin/blob/master/test/users.spec.ts#L143

Get user role-mappings (GET /{realm}/users/{id}/role-mappings)
Add realm-level role mappings to the user (POST /{realm}/users/{id}/role-mappings/realm)
Get realm-level role mappings (GET /{realm}/users/{id}/role-mappings/realm)
Delete realm-level role mappings (DELETE /{realm}/users/{id}/role-mappings/realm)
Get realm-level roles that can be mapped (GET /{realm}/users/{id}/role-mappings/realm/available)

Group

Demo code: https://github.com/Canner/keycloak-admin/blob/master/test/groups.spec.ts

Create (POST /{realm}/groups)
List (GET /{realm}/groups)
Get one (GET /{realm}/groups/{id})
Update (PUT /{realm}/groups/{id})
Delete (DELETE /{realm}/groups/{id})
List members (GET /{realm}/groups/{id}/members)

Group role-mapping

Demo code: https://github.com/Canner/keycloak-admin/blob/master/test/groups.spec.ts#L76

Get group role-mappings (GET /{realm}/groups/{id}/role-mappings)
Add realm-level role mappings to the group (POST /{realm}/groups/{id}/role-mappings/realm)
Get realm-level role mappings (GET /{realm}/groups/{id}/role-mappings/realm)
Delete realm-level role mappings (DELETE /{realm}/groups/{id}/role-mappings/realm)
Get realm-level roles that can be mapped (GET /{realm}/groups/{id}/role-mappings/realm/available)

Client

Demo code: https://github.com/Canner/keycloak-admin/blob/master/test/clients.spec.ts

Create a new client (POST /{realm}/clients)
Get clients belonging to the realm (GET /{realm}/clients)
Get representation of the client (GET /{realm}/clients/{id})
Update the client (PUT /{realm}/clients/{id})
Delete the client (DELETE /{realm}/clients/{id})

Client roles

Demo code: https://github.com/Canner/keycloak-admin/blob/master/test/clients.spec.ts

Create a new role for the client (POST /{realm}/clients/{id}/roles)
Get all roles for the client (GET /{realm}/clients/{id}/roles)
Get a role by name (GET /{realm}/clients/{id}/roles/{role-name})
Update a role by name (PUT /{realm}/clients/{id}/roles/{role-name})
Delete a role by name (DELETE /{realm}/clients/{id}/roles/{role-name})

Client role-mapping for group

Demo code: https://github.com/Canner/keycloak-admin/blob/master/test/groups.spec.ts#L150

Add client-level roles to the group role mapping (POST /{realm}/groups/{id}/role-mappings/clients/{client})
Get client-level role mappings for the group (GET /{realm}/groups/{id}/role-mappings/clients/{client})
Delete client-level roles from group role mapping (DELETE /{realm}/groups/{id}/role-mappings/clients/{client})
Get available client-level roles that can be mapped to the group (GET /{realm}/groups/{id}/role-mappings/clients/{client}/available)

Client role-mapping for user

Demo code: https://github.com/Canner/keycloak-admin/blob/master/test/users.spec.ts#L217

Add client-level roles to the user role mapping (POST /{realm}/users/{id}/role-mappings/clients/{client})
Get client-level role mappings for the user (GET /{realm}/users/{id}/role-mappings/clients/{client})
Delete client-level roles from user role mapping (DELETE /{realm}/users/{id}/role-mappings/clients/{client})
Get available client-level roles that can be mapped to the user (GET /{realm}/users/{id}/role-mappings/clients/{client}/available)

Identity Providers

Demo code: https://github.com/Canner/keycloak-admin/blob/master/test/idp.spec.ts

Create a new identity provider (POST /{realm}/identity-provider/instances)
Get identity providers (GET /{realm}/identity-provider/instances)
Get the identity provider (GET /{realm}/identity-provider/instances/{alias})
Update the identity provider (PUT /{realm}/identity-provider/instances/{alias})
Delete the identity provider (DELETE /{realm}/identity-provider/instances/{alias})

Component

Supported for user federation. Demo code: https://github.com/Canner/keycloak-admin/blob/master/test/components.spec.ts

Create (POST /{realm}/components)
List (GET /{realm}/components)
Get (GET /{realm}/components/{id})
Update (PUT /{realm}/components/{id})
Delete (DELETE /{realm}/components/{id})

@amazeeio/keycloak-admin

Usage no npm install needed!

README

keycloak-admin

Features

Install

Usage

Supported APIs

Realm admin

Role

Roles (by ID)

User

User role-mapping

Group

Group role-mapping

Client

Client roles

Client role-mapping for group

Client role-mapping for user

Identity Providers

Component

Not yet supported