0
# Client Policies
1

2
Client policies and profiles provide fine-grained control over client configuration and behavior in Keycloak, allowing administrators to enforce security policies and configuration standards across all registered clients.
3

4
## Capabilities
5

6
### Client Profiles
7

8
List and manage client profiles which define configurations and executors that can be applied to clients.
9

10
```typescript { .api }
11
/**
12
 * List client profiles with optional global profile inclusion
13
 * @param params - Query parameters for profile listing
14
 * @returns ClientProfilesRepresentation containing all profiles
15
 */
16
listProfiles(params?: { includeGlobalProfiles?: boolean }): Promise<ClientProfilesRepresentation>;
17

18
/**
19
 * Create or update client profiles
20
 * @param profiles - Client profiles representation to create/update
21
 * @returns void
22
 */
23
createProfiles(profiles: ClientProfilesRepresentation): Promise<void>;
24
```
25

26
### Client Policies
27

28
List and manage client policies which define conditions and apply profiles to matching clients.
29

30
```typescript { .api }
31
/**
32
 * List client policies with optional global policy inclusion
33
 * @param params - Query parameters for policy listing
34
 * @returns ClientPoliciesRepresentation containing all policies
35
 */
36
listPolicies(params?: { includeGlobalPolicies?: boolean }): Promise<ClientPoliciesRepresentation>;
37

38
/**
39
 * Update client policies
40
 * @param policies - Client policies representation to update
41
 * @returns void
42
 */
43
updatePolicy(policies: ClientPoliciesRepresentation): Promise<void>;
44
```
45

46
## Usage Examples
47

48
```typescript
49
import KeycloakAdminClient from "@keycloak/keycloak-admin-client";
50

51
const kcAdminClient = new KeycloakAdminClient({
52
  baseUrl: 'http://localhost:8080',
53
  realmName: 'myrealm',
54
});
55

56
await kcAdminClient.auth({
57
  username: 'admin',
58
  password: 'admin',
59
  grantType: 'password',
60
  clientId: 'admin-cli',
61
});
62

63
// List all client profiles including global ones
64
const profiles = await kcAdminClient.clientPolicies.listProfiles({
65
  includeGlobalProfiles: true
66
});
67

68
// List client policies
69
const policies = await kcAdminClient.clientPolicies.listPolicies({
70
  includeGlobalPolicies: true
71
});
72

73
// Update client policies
74
await kcAdminClient.clientPolicies.updatePolicy({
75
  policies: [
76
    {
77
      name: "secure-clients-policy",
78
      description: "Enforce security settings for all clients",
79
      enabled: true,
80
      conditions: [
81
        {
82
          condition: "any-client",
83
          configuration: {}
84
        }
85
      ],
86
      profiles: ["security-profile"]
87
    }
88
  ]
89
});
90
```
91

92
## Types
93

94
```typescript { .api }
95
interface ClientProfilesRepresentation {
96
  profiles?: ClientProfileRepresentation[];
97
  globalProfiles?: ClientProfileRepresentation[];
98
}
99

100
interface ClientPoliciesRepresentation {
101
  policies?: ClientPolicyRepresentation[];
102
  globalPolicies?: ClientPolicyRepresentation[];
103
}
104

105
interface ClientProfileRepresentation {
106
  name?: string;
107
  description?: string;
108
  executors?: ClientPolicyExecutorRepresentation[];
109
}
110

111
interface ClientPolicyRepresentation {
112
  name?: string;
113
  description?: string;
114
  enabled?: boolean;
115
  conditions?: ClientPolicyConditionRepresentation[];
116
  profiles?: string[];
117
}
118

119
interface ClientPolicyExecutorRepresentation {
120
  executor?: string;
121
  configuration?: Record<string, any>;
122
}
123

124
interface ClientPolicyConditionRepresentation {
125
  condition?: string;
126
  configuration?: Record<string, any>;
127
}
128
```