js/libs/keycloak-admin-client/README.md
npm install @keycloak/keycloak-admin-client
import KcAdminClient from '@keycloak/keycloak-admin-client';
// To configure the client, pass an object to override any of these options:
// {
// baseUrl: 'http://127.0.0.1:8080',
// realmName: 'master',
// requestOptions: {
// /* Fetch request options https://developer.mozilla.org/en-US/docs/Web/API/fetch#options */
// },
// }
const kcAdminClient = new KcAdminClient();
// Authorize with username / password
await kcAdminClient.auth({
username: 'admin',
password: 'admin',
grantType: 'password',
clientId: 'admin-cli',
totp: '123456', // optional Time-based One-time Password if OTP is required in authentication flow
});
// List first page of users
const users = await kcAdminClient.users.find({ first: 0, max: 10 });
// find users by attributes
const users = await kcAdminClient.users.find({ q: "phone:123" });
// Override client configuration for all further requests:
kcAdminClient.setConfig({
realmName: 'another-realm',
});
// This operation will now be performed in 'another-realm' if the user has access.
const groups = await kcAdminClient.groups.find();
// Set a `realm` property to override the realm for only a single operation.
// For example, creating a user in another realm:
await kcAdminClient.users.create({
realm: 'a-third-realm',
username: 'username',
email: '[email protected]',
});
To refresh the access token provided by Keycloak, an OpenID client like panva/node-openid-client can be used like this:
import {Issuer} from 'openid-client';
const keycloakIssuer = await Issuer.discover(
'http://localhost:8080/realms/master',
);
const client = new keycloakIssuer.Client({
client_id: 'admin-cli', // Same as `clientId` passed to client.auth()
token_endpoint_auth_method: 'none', // to send only client_id in the header
});
// Use the grant type 'password'
let tokenSet = await client.grant({
grant_type: 'password',
username: 'admin',
password: 'admin',
});
// Periodically using refresh_token grant flow to get new access token here
setInterval(async () => {
const refreshToken = tokenSet.refresh_token;
tokenSet = await client.refresh(refreshToken);
kcAdminClient.setAccessToken(tokenSet.access_token);
}, 58 * 1000); // 58 seconds
In cases where you don't have a refresh token, eg. in a client credentials flow, you can simply call kcAdminClient.auth to get a new access token, like this:
const credentials = {
grantType: 'client_credentials',
clientId: 'clientId',
clientSecret: 'some-client-secret-uuid',
};
await kcAdminClient.auth(credentials);
setInterval(() => kcAdminClient.auth(credentials), 58 * 1000); // 58 seconds
To build the source do a build:
pnpm build
Start the Keycloak server in development mode using port 8180. See the instructions in the Keycloak server app.
cd ../../apps/keycloak-server
pnpm start --http-port 8180
If you started your container manually make sure there is an admin user named admin with password admin, the server is started in development mode using port 8180 and the required features are enabled.
./kc.sh start-dev --http-port 8180 --features transient-users,oid4vc-vci,declarative-ui,quick-theme,spiffe,kubernetes-service-accounts,workflows,client-auth-federated,jwt-authorization-grant
Then start the tests with:
pnpm test
Demo code: https://github.com/keycloak/keycloak/blob/main/js/libs/keycloak-admin-client/test/realms.spec.ts
POST /)GET /{realm})PUT /{realm})DELETE /{realm})POST /{realm}/partial-export)GET /{realm}/users-management-permissions)PUT /{realm}/users-management-permissions)GET /{realm}/events)GET /{realm}/admin-events)POST /{realm}/logout-all)DELETE /{realm}/sessions/{session})GET /{realm}/client-policies/policies)PUT /{realm}/client-policies/policies)GET /{realm}/client-policies/profiles)PUT /{realm}/client-policies/profiles)GET /{realm}/group-by-path/{path})Demo code: https://github.com/keycloak/keycloak/blob/main/js/libs/keycloak-admin-client/test/roles.spec.ts
POST /{realm}/roles)GET /{realm}/roles)GET /{realm}/roles/{role-name})PUT /{realm}/roles/{role-name})DELETE /{realm}/roles/{role-name})GET /{realm}/roles/{role-name}/users)GET /{realm}/roles-by-id/{role-id})PUT /{realm}/roles-by-id/{role-id})DELETE /{realm}/roles-by-id/{role-id})POST /{realm}/roles-by-id/{role-id}/composites)GET /{realm}/roles-by-id/{role-id}/composites)DELETE /{realm}/roles-by-id/{role-id}/composites)GET /{realm}/roles-by-id/{role-id}/composites/clients/{client})GET /{realm}/roles-by-id/{role-id}/composites/realm)Demo code: https://github.com/keycloak/keycloak/blob/main/js/libs/keycloak-admin-client/test/users.spec.ts
POST /{realm}/users)GET /{realm}/users)GET /{realm}/users/{id})PUT /{realm}/users/{id})DELETE /{realm}/users/{id})GET /{realm}/users/count)PUT /{realm}/users/{id}/execute-actions-email)GET /{realm}/users/{id}/groups)PUT /{realm}/users/{id}/groups/{groupId})DELETE /{realm}/users/{id}/groups/{groupId})PUT /{realm}/users/{id}/remove-totp)PUT /{realm}/users/{id}/reset-password)PUT /{realm}/users/{id}/send-verify-email)PUT /{realm}/users/{id}/credentials/{credentialId}/userLabel)POST /{realm}/users/{id}/credentials/{credentialId}/moveAfter/{newPreviousCredentialId})PUT /{realm}/users/{id}/credentials/{credentialId}/moveToFirst)Demo code: https://github.com/keycloak/keycloak/blob/main/js/libs/keycloak-admin-client/test/users.spec.ts#L178
PUT /{id}/groups/{groupId})GET /{id}/groups)GET /{id}/groups/count)DELETE /{id}/groups/{groupId})Demo code: https://github.com/keycloak/keycloak/blob/main/js/libs/keycloak-admin-client/test/users.spec.ts#L352
GET /{realm}/users/{id}/role-mappings)POST /{realm}/users/{id}/role-mappings/realm)GET /{realm}/users/{id}/role-mappings/realm)DELETE /{realm}/users/{id}/role-mappings/realm)GET /{realm}/users/{id}/role-mappings/realm/available)GET /{realm}/users/{id}/role-mappings/realm/composite)Demo code: https://github.com/keycloak/keycloak/blob/main/js/libs/keycloak-admin-client/test/groups.spec.ts
POST /{realm}/groups)GET /{realm}/groups)GET /{realm}/groups/{id})PUT /{realm}/groups/{id})DELETE /{realm}/groups/{id})GET /{realm}/groups/count)GET /{realm}/groups/{id}/members)POST /{realm}/groups/{id}/children)GET /{realm}/groups/{id}/children)GET /{realm}/groups/{id}/role-mappings)POST /{realm}/groups/{id}/role-mappings/realm)GET /{realm}/groups/{id}/role-mappings/realm)DELETE /{realm}/groups/{id}/role-mappings/realm)GET /{realm}/groups/{id}/role-mappings/realm/available)GET /{realm}/groups/{id}/role-mappings/realm/composite)Demo code: https://github.com/keycloak/keycloak/blob/main/js/libs/keycloak-admin-client/test/clients.spec.ts
POST /{realm}/clients)GET /{realm}/clients)GET /{realm}/clients/{id})PUT /{realm}/clients/{id})DELETE /{realm}/clients/{id})Demo code: https://github.com/keycloak/keycloak/blob/main/js/libs/keycloak-admin-client/test/clients.spec.ts
POST /{realm}/clients/{id}/roles)GET /{realm}/clients/{id}/roles)GET /{realm}/clients/{id}/roles/{role-name})PUT /{realm}/clients/{id}/roles/{role-name})DELETE /{realm}/clients/{id}/roles/{role-name})POST /{realm}/groups/{id}/role-mappings/clients/{client})GET /{realm}/groups/{id}/role-mappings/clients/{client})DELETE /{realm}/groups/{id}/role-mappings/clients/{client})GET /{realm}/groups/{id}/role-mappings/clients/{client}/available)GET /{realm}/groups/{id}/role-mappings/clients/{client}/composite)Demo code: https://github.com/keycloak/keycloak/blob/main/js/libs/keycloak-admin-client/test/users.spec.ts#L352
POST /{realm}/users/{id}/role-mappings/clients/{client})GET /{realm}/users/{id}/role-mappings/clients/{client})DELETE /{realm}/users/{id}/role-mappings/clients/{client})GET /{realm}/users/{id}/role-mappings/clients/{client}/available)GET /{realm}/users/{id}/role-mappings/clients/{client}/composite)GET /{realm}/clients/{id}/certificates/{attr})POST /{realm}/clients/{id}/certificates/{attr}/download)POST /{realm}/clients/{id}/certificates/{attr}/generate)POST /{realm}/clients/{id}/certificates/{attr}/generate-and-download)POST /{realm}/clients/{id}/certificates/{attr}/upload)POST /{realm}/clients/{id}/certificates/{attr}/upload-certificate)Demo code: https://github.com/keycloak/keycloak/blob/main/js/libs/keycloak-admin-client/test/idp.spec.ts
POST /{realm}/identity-provider/instances)GET /{realm}/identity-provider/instances)GET /{realm}/identity-provider/instances/{alias})PUT /{realm}/identity-provider/instances/{alias})DELETE /{realm}/identity-provider/instances/{alias})GET /{realm}/identity-provider/providers/{providerId})POST /{realm}/identity-provider/instances/{alias}/mappers)GET /{realm}/identity-provider/instances/{alias}/mappers)GET /{realm}/identity-provider/instances/{alias}/mappers/{id})PUT /{realm}/identity-provider/instances/{alias}/mappers/{id})DELETE /{realm}/identity-provider/instances/{alias}/mappers/{id})GET /{realm}/identity-provider/instances/{alias}/mapper-types)POST /{realm}/client-scopes)GET /{realm}/client-scopes)GET /{realm}/client-scopes/{id})PUT /{realm}/client-scopes/{id})DELETE /{realm}/client-scopes/{id})GET /{realm}/default-default-client-scopes)PUT /{realm}/default-default-client-scopes/{id})DELETE /{realm}/default-default-client-scopes/{id})GET /{realm}/default-optional-client-scopes)PUT /{realm}/default-optional-client-scopes/{id})DELETE /{realm}/default-optional-client-scopes/{id})GET /{realm}/clients/{id}/default-client-scopes)PUT /{realm}/clients/{id}/default-client-scopes/{clientScopeId})DELETE /{realm}/clients/{id}/default-client-scopes/{clientScopeId})GET /{realm}/clients/{id}/optional-client-scopes)PUT /{realm}/clients/{id}/optional-client-scopes/{clientScopeId})DELETE /{realm}/clients/{id}/optional-client-scopes/{clientScopeId})GET /{realm}/client-scopes/{id}/scope-mappings)POST /{realm}/client-scopes/{id}/scope-mappings/clients/{client})GET /{realm}/client-scopes/{id}/scope-mappings/clients/{client})GET /{realm}/client-scopes/{id}/scope-mappings/clients/{client}/available)GET /{realm}/client-scopes/{id}/scope-mappings/clients/{client}/composite)DELETE /{realm}/client-scopes/{id}/scope-mappings/clients/{client})POST /{realm}/client-scopes/{id}/scope-mappings/realm)GET /{realm}/client-scopes/{id}/scope-mappings/realm)DELETE /{realm}/client-scopes/{id}/scope-mappings/realm)GET /{realm}/client-scopes/{id}/scope-mappings/realm/available)GET /{realm}/client-scopes/{id}/scope-mappings/realm/composite)GET /{realm}/clients/{id}/scope-mappings)POST /{realm}/clients/{id}/scope-mappings/clients/{client})GET /{realm}/clients/{id}/scope-mappings/clients/{client})DELETE /{realm}/clients/{id}/scope-mappings/clients/{client})GET /{realm}/clients/{id}/scope-mappings/clients/{client}/available)GET /{realm}/clients/{id}/scope-mappings/clients/{client}/composite)POST /{realm}/clients/{id}/scope-mappings/realm)GET /{realm}/clients/{id}/scope-mappings/realm)DELETE /{realm}/clients/{id}/scope-mappings/realm)GET /{realm}/clients/{id}/scope-mappings/realm/available)GET /{realm}/clients/{id}/scope-mappings/realm/composite)POST /{realm}/client-scopes/{id}/protocol-mappers/add-models)POST /{realm}/client-scopes/{id}/protocol-mappers/models)GET /{realm}/client-scopes/{id}/protocol-mappers/models)GET /{realm}/client-scopes/{id}/protocol-mappers/models/{mapperId})PUT /{realm}/client-scopes/{id}/protocol-mappers/models/{mapperId})DELETE /{realm}/client-scopes/{id}/protocol-mappers/models/{mapperId})GET /{realm}/client-scopes/{id}/protocol-mappers/protocol/{protocol})Demo code: https://github.com/keycloak/keycloak/blob/main/js/libs/keycloak-admin-client/test/clients.spec.ts
POST /{realm}/clients/{id}/protocol-mappers/add-models)POST /{realm}/clients/{id}/protocol-mappers/models)GET /{realm}/clients/{id}/protocol-mappers/models)GET /{realm}/clients/{id}/protocol-mappers/models/{mapperId})PUT /{realm}/clients/{id}/protocol-mappers/models/{mapperId})DELETE /{realm}/clients/{id}/protocol-mappers/models/{mapperId})GET /{realm}/clients/{id}/protocol-mappers/protocol/{protocol})Supported for user federation. Demo code: https://github.com/keycloak/keycloak/blob/main/js/libs/keycloak-admin-client/test/components.spec.ts
POST /{realm}/components)GET /{realm}/components)GET /{realm}/components/{id})PUT /{realm}/components/{id})DELETE /{realm}/components/{id})Demo code: https://github.com/keycloak/keycloak/blob/main/js/libs/keycloak-admin-client/test/clients.spec.ts
GET /{realm}/clients/{id}/user-sessions)GET /{realm}/clients/{id}/offline-sessions)GET /{realm}/clients/{id}/session-count)GET /{realm}/clients/{id}/offline-session-count)POST /{realm}/authentication/register-required-action)GET /{realm}/authentication/required-actions)GET /{realm}/authentication/required-actions/{alias})PUT /{realm}/authentication/required-actions/{alias})DELETE /{realm}/authentication/required-actions/{alias})POST /{realm}/authentication/required-actions/{alias}/lower-priority)POST /{realm}/authentication/required-actions/{alias}/raise-priority)GET /{realm}/authentication/unregistered-required-actions)Demo code: https://github.com/keycloak/keycloak/blob/main/js/libs/keycloak-admin-client/test/clients.spec.ts
POST /{realm}/clients/{id}/authz/resource-server/permission/{type})GET /{realm}/clients/{id}/authz/resource-server/permission/{type}/{permissionId})PUT /{realm}/clients/{id}/authz/resource-server/permission/{type}/{permissionId})DELETE /{realm}/clients/{id}/authz/resource-server/permission/{type}/{permissionId})Demo code: https://github.com/keycloak/keycloak/blob/main/js/libs/keycloak-admin-client/test/clients.spec.ts
POST /{realm}/clients/{id}/authz/resource-server/policy/{type})GET /{realm}/clients/{id}/authz/resource-server/policy/{type}/{policyId})GET /{realm}/clients/{id}/authz/resource-server/policy/search)PUT /{realm}/clients/{id}/authz/resource-server/policy/{type}/{policyId})DELETE /{realm}/clients/{id}/authz/resource-server/policy/{policyId})DELETE /{realm}/attack-detection/brute-force/users)GET /{realm}/attack-detection/brute-force/users/{userId})DELETE /{realm}/attack-detection/brute-force/users/{userId})This repo is originally developed by Canner and InfuseAI before being transferred under keycloak organization.