UNPKG

keycloak-api-manager

Version:

Keycloak-api-manager is a lightweight Node.js wrapper for the Keycloak Admin REST API. It provides an easy-to-use functional methods and functions to manage realms, users, roles, clients, groups, and permissions directly from your application code — just

github.com/smartenv-crs4/keycloak-api-manager

smartenv-crs4/keycloak-api-manager

294 lines (251 loc) 13.4 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
const Keycloak = require("keycloak-connect"); /** * ************************************************************************************************** * ************************************************************************************************** * The groups entity allows you to manage groups in a Keycloak realm. * Groups are collections of users and can have roles and attributes assigned to them. * Groups help organize users and assign permissions in a scalable way * ************************************************************************************************** * ************************************************************************************************** */ let kcAdminClientHandler=null; exports.setKcAdminClient=function(kcAdminClient){ kcAdminClientHandler=kcAdminClient; } /** * ***************************** - CREATE - ******************************* * Create a new group in the current realme * @parameters: * - groupRepresentation:An object representing the new state of the group. You can update properties such as: * - name: [optional] New name of the group * - attributes: [optional] Custom attributes up field * - path: [optional] full path of the group * - subGroups: [optional] List of child groups (can also be updated separately) * - description: [optional] the new group Description * - {other [optional] group description fields} */ exports.create=function(groupRappresentation){ return (kcAdminClientHandler.groups.create(groupRappresentation)); } /** * ***************************** - find - ******************************* * find method is used to retrieve a list of groups in a specific realm. * It supports optional filtering parameters. * Searching by attributes is only available from Keycloak > 15 * @parameters: * - filter: parameter provided as a JSON object that accepts the following filter: * - {builtin attribute}: To find groups by builtin attributes such as name, id * - max: A pagination parameter used to define the maximum number of groups to return (limit). * - first: A pagination parameter used to define the number of groups to skip before starting to return results (offset/limit). */ exports.find=function(filter){ return (kcAdminClientHandler.groups.find(filter)); } /** * ***************************** - findOne - ******************************* * findOne is method used to retrieve a specific group's details by their unique identifier (id) within a given realm. * It returns the full group representation if the group exists. * @parameters * - filter: parameter provided as a JSON object that accepts the following filter: * -id: the group id */ exports.findOne=function(filter){ return (kcAdminClientHandler.groups.findOne(filter)); } /** * ***************************** - del - ******************************* * Deletes a group from the realm. * Return a promise that resolves when the group is successfully deleted. No content is returned on success. * @parameters: * - filter: parameter provided as a JSON object that accepts the following filter: * - id: The ID of the group to delete */ exports.del=function(filter){ return (kcAdminClientHandler.groups.del(filter)); } /** * ***************************** - count - ******************************* * Retrieves the total number of groups present in the specified realm. * This is useful for pagination, reporting, or general statistics regarding group usage in a Keycloak realm. * @parameters: * - filter: parameter provided as a JSON object that accepts the following filter: * - realm: [optional] The name of the realm. If omitted, the default realm is used. * - search: [optional] A text string to filter the group count by name */ exports.count=function(filter){ return (kcAdminClientHandler.groups.count(filter)); } /** * ***************************** - update - ******************************* * Updates an existing group’s information in a Keycloak realm. * You can modify the group’s name, attributes, or hierarchy by providing the group ID and the updated data. * @parameters: * - filter: parameter provided as a JSON object that accepts the following filter: * - id: [required] The unique ID of the group you want to update. * - realm: [optional] The realm name * - groupRepresentation:An object representing the new state of the group. You can update properties such as: * - name: [optional] New name of the group * - attributes: [optional] Custom attributes up field * - path: [optional] full path of the group * - subGroups: [optional] List of child groups (can also be updated separately) * - description: [optional] the new group Description * - {other [optional] group description fields} */ exports.update=function(filter,groupRepresentation){ return (kcAdminClientHandler.groups.update(filter,groupRepresentation)); } /** * ***************************** - listSubGroups - ******************************* * Retrieves a paginated list of direct subgroups for a specified parent group. * This method is useful when navigating hierarchical group structures within a Keycloak realm. * @parameters: * - filter: parameter provided as a JSON object that accepts the following filter: * - parentId: [required] ID of the parent group whose subgroups you want to list. * - first: [optional] Index of the first result for pagination (default is 0). * - max: [optional] Maximum number of results to return. * - briefRepresentation: [optional] If true, returns a lightweight version of each group (default is true). * - realm: [optional] Realm name */ exports.listSubGroups=function(filter){ return (kcAdminClientHandler.groups.listSubGroups(filter)); } /** * ***************************** - addRealmRoleMappings - ******************************* * Adds one or more realm-level roles to a specific group. * This operation grants all users within that group the associated realm roles, * effectively assigning permissions at a group level. * @parameters: * - role_mapping: parameter provided as a JSON object that accepts the following parameters: * - id: [required] The ID of the group to which roles will be added. * - roles: [required] An array of role(RoleRepresentation) objects to assign. */ exports.addRealmRoleMappings=function(role_mapping){ return (kcAdminClientHandler.groups.addRealmRoleMappings(role_mapping)); } /** * ***************************** - listAvailableRealmRoleMappings - ******************************* * Retrieves all available realm-level roles that can be assigned to a specific group but are not yet assigned. * This helps in identifying which roles are still eligible for addition to the group. * Return an array of RoleRepresentation objects representing the assignable realm roles for the group. * @parameters: * - filters: parameter provided as a JSON object that accepts the following parameters: * - id: [required] The ID of the group you want to inspect. */ exports.listAvailableRealmRoleMappings=function(filters){ return (kcAdminClientHandler.groups.listAvailableRealmRoleMappings(filters)); } /** * ***************************** - listRoleMappings - ******************************* * Retrieves all role mappings for a specific group, including both realm roles and client roles. * This method is useful for understanding the complete set of roles that are assigned to a group. * Return an object with two arrays: * - realmMappings: realm-level roles assigned to the group. * - clientMappings: a map of client IDs to the client-level roles assigned for each client. * * @parameters: * - filters: parameter provided as a JSON object that accepts the following parameters: * - id: [required] The ID of the group whose roles to fetch */ exports.listRoleMappings=function(filters){ return (kcAdminClientHandler.groups.listRoleMappings(filters)); } /** * ***************************** - listRealmRoleMappings - ******************************* * Returns the list of realm-level roles that are directly assigned to a specific group. * These roles are defined at the realm level and are not tied to any specific client. * Return An array of RoleRepresentation objects * @parameters: * - filters: parameter provided as a JSON object that accepts the following parameters: * - id: [required] TThe ID of the group to retrieve roles for */ exports.listRealmRoleMappings=function(filters){ return (kcAdminClientHandler.groups.listRealmRoleMappings(filters)); } /** * ***************************** - listCompositeRealmRoleMappings - ******************************* * Retrieves all composite realm-level roles assigned to a group. * This includes both directly assigned roles and those inherited through composite roles. * Return An array of RoleRepresentation objects that includes all realm roles, both directly assigned and inherited via composite roles. * @parameters: * - filters: parameter provided as a JSON object that accepts the following parameters: * - id: [required] TThe ID of the group to retrieve roles for */ exports.listCompositeRealmRoleMappings=function(filters){ return (kcAdminClientHandler.groups.listCompositeRealmRoleMappings(filters)); } /** * ***************************** - delRealmRoleMappings - ******************************* * Removes one or more realm-level roles from a group's role mappings. * This operation only affects roles that are directly assigned. * Composite roles inherited indirectly will not be removed. * @parameters: * - filters: parameter provided as a JSON object that accepts the following parameters: * - id: [required] TThe ID of the group to retrieve roles for * - roles: [required] Array of roles to be removed */ exports.delRealmRoleMappings=function(filters){ return (kcAdminClientHandler.groups.delRealmRoleMappings(filters)); } /** * ***************************** - addClientRoleMappings - ******************************* * Assigns one or more client-level roles to a specific group. * This allows all users belonging to that group to inherit the specified roles for a given client. * @parameters: * - filters: parameter provided as a JSON object that accepts the following parameters: * - id: [required] The ID of the group * - clientUniqueId: [required] The internal ID of the client * - roles: [required] Array of client roles to assign to the group */ exports.addClientRoleMappings=function(filters){ return (kcAdminClientHandler.groups.addClientRoleMappings(filters)); } /** * ***************************** - listAvailableClientRoleMappings - ******************************* * Retrieves the list of client roles that are available to be assigned to a specific group but are not currently mapped. * This is useful when you want to show assignable roles for a group in a specific client context. * @parameters: * - filters: parameter provided as a JSON object that accepts the following parameters: * - id: [required] The ID of the group * - clientUniqueId: [required] The internal ID of the client */ exports.listAvailableClientRoleMappings=function(filters){ return (kcAdminClientHandler.groups.listAvailableClientRoleMappings(filters)); } /** * ***************************** - listClientRoleMappings - ******************************* * Retrieves the list of client roles that are currently assigned (mapped) to a specific group for a given client. * This allows you to see which roles from a client the group already has. * @parameters: * - filters: parameter provided as a JSON object that accepts the following parameters: * - id: [required] The ID of the group * - clientUniqueId: [required] The internal ID of the client */ exports.listClientRoleMappings=function(filters){ return (kcAdminClientHandler.groups.listClientRoleMappings(filters)); } /** * ***************************** - listCompositeClientRoleMappings - ******************************* * Retrieves the list of composite client roles assigned to a specific group. * Composite roles are roles that aggregate other roles, so this method returns client roles that include one or more roles grouped under a composite role assigned to the group. * @parameters: * - filters: parameter provided as a JSON object that accepts the following parameters: * - id: [required] The ID of the group * - clientUniqueId: [required] The internal ID of the client */ exports.listCompositeClientRoleMappings=function(filters){ return (kcAdminClientHandler.groups.listCompositeClientRoleMappings(filters)); } /** * ***************************** - delClientRoleMappings - ******************************* * Removes specific client role mappings from a group. * This function deletes one or more client roles that were assigned to the group, effectively * revoking those client roles from the group. * @parameters: * - filters: parameter provided as a JSON object that accepts the following parameters: * - id: [required] The ID of the group * - clientUniqueId: [required] The internal ID of the client * - roles: An array of role objects(RoleRepresentation) representing the client roles to be removed */ exports.delClientRoleMappings=function(filters){ return (kcAdminClientHandler.groups.delClientRoleMappings(filters)); }