CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-keycloak--keycloak-admin-client

A comprehensive TypeScript client library for interacting with Keycloak's Administration API.

Pending
Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SecuritybySnyk

Pending

The risk profile of this skill

Overview
Eval results
Files

client-scopes.mddocs/

Client Scopes

Client scopes define sets of protocol mappers and roles that can be applied to clients for OpenID Connect and SAML protocols. They provide a way to manage claims, scopes, and roles in a reusable manner across multiple clients.

Capabilities

Client Scope Management

Core CRUD operations for managing client scopes.

/**
 * List all client scopes in the realm
 * @returns Array of client scope representations
 */
find(): Promise<ClientScopeRepresentation[]>;

/**
 * Create a new client scope
 * @param clientScope - Client scope representation to create
 * @returns Object containing the new client scope ID
 */
create(clientScope: ClientScopeRepresentation): Promise<{ id: string }>;

/**
 * Find a client scope by ID
 * @param params - Parameters containing the client scope ID
 * @returns Client scope representation or undefined if not found
 */
findOne(params: { id: string }): Promise<ClientScopeRepresentation | undefined>;

/**
 * Update a client scope
 * @param query - Parameters containing the client scope ID
 * @param clientScope - Updated client scope representation
 * @returns void
 */
update(query: { id: string }, clientScope: ClientScopeRepresentation): Promise<void>;

/**
 * Delete a client scope
 * @param params - Parameters containing the client scope ID
 * @returns void
 */
del(params: { id: string }): Promise<void>;

/**
 * Find client scope by name
 * @param payload - Parameters containing realm and name
 * @returns Client scope representation or undefined if not found
 */
findOneByName(payload: { realm?: string; name: string }): Promise<ClientScopeRepresentation | undefined>;

/**
 * Delete client scope by name
 * @param payload - Parameters containing realm and name
 * @returns void
 */
delByName(payload: { realm?: string; name: string }): Promise<void>;

Default Client Scopes

Manage default client scopes that are automatically applied to all clients.

/**
 * List all default client scopes
 * @returns Array of default client scope representations
 */
listDefaultClientScopes(): Promise<ClientScopeRepresentation[]>;

/**
 * Add a client scope to default scopes
 * @param params - Parameters containing the client scope ID
 * @returns void
 */
addDefaultClientScope(params: { id: string }): Promise<void>;

/**
 * Remove a client scope from default scopes
 * @param params - Parameters containing the client scope ID
 * @returns void
 */
delDefaultClientScope(params: { id: string }): Promise<void>;

Default Optional Client Scopes

Manage optional client scopes that are available but not automatically applied.

/**
 * List all default optional client scopes
 * @returns Array of optional client scope representations
 */
listDefaultOptionalClientScopes(): Promise<ClientScopeRepresentation[]>;

/**
 * Add a client scope to default optional scopes
 * @param params - Parameters containing the client scope ID
 * @returns void
 */
addDefaultOptionalClientScope(params: { id: string }): Promise<void>;

/**
 * Remove a client scope from default optional scopes
 * @param params - Parameters containing the client scope ID
 * @returns void
 */
delDefaultOptionalClientScope(params: { id: string }): Promise<void>;

Protocol Mappers

Manage protocol mappers that define how user information is mapped to tokens and assertions.

/**
 * Add multiple protocol mappers to a client scope
 * @param query - Parameters containing the client scope ID
 * @param mappers - Array of protocol mapper representations
 * @returns void
 */
addMultipleProtocolMappers(query: { id: string }, mappers: ProtocolMapperRepresentation[]): Promise<void>;

/**
 * Add a single protocol mapper to a client scope
 * @param query - Parameters containing the client scope ID
 * @param mapper - Protocol mapper representation
 * @returns void
 */
addProtocolMapper(query: { id: string }, mapper: ProtocolMapperRepresentation): Promise<void>;

/**
 * List all protocol mappers for a client scope
 * @param params - Parameters containing the client scope ID
 * @returns Array of protocol mapper representations
 */
listProtocolMappers(params: { id: string }): Promise<ProtocolMapperRepresentation[]>;

/**
 * Find a specific protocol mapper by ID
 * @param params - Parameters containing client scope ID and mapper ID
 * @returns Protocol mapper representation or undefined if not found
 */
findProtocolMapper(params: { id: string; mapperId: string }): Promise<ProtocolMapperRepresentation | undefined>;

/**
 * Find protocol mappers by protocol type
 * @param params - Parameters containing client scope ID and protocol
 * @returns Array of protocol mapper representations
 */
findProtocolMappersByProtocol(params: { id: string; protocol: string }): Promise<ProtocolMapperRepresentation[]>;

/**
 * Update a protocol mapper
 * @param query - Parameters containing client scope ID and mapper ID
 * @param mapper - Updated protocol mapper representation
 * @returns void
 */
updateProtocolMapper(query: { id: string; mapperId: string }, mapper: ProtocolMapperRepresentation): Promise<void>;

/**
 * Delete a protocol mapper
 * @param params - Parameters containing client scope ID and mapper ID
 * @returns void
 */
delProtocolMapper(params: { id: string; mapperId: string }): Promise<void>;

/**
 * Find protocol mapper by name
 * @param payload - Parameters containing client scope ID, realm, and mapper name
 * @returns Protocol mapper representation or undefined if not found
 */
findProtocolMapperByName(payload: { realm?: string; id: string; name: string }): Promise<ProtocolMapperRepresentation | undefined>;

Scope Mappings

Manage role mappings for client scopes.

/**
 * List all scope mappings for a client scope
 * @param params - Parameters containing the client scope ID
 * @returns Mappings representation containing realm and client mappings
 */
listScopeMappings(params: { id: string }): Promise<MappingsRepresentation>;

/**
 * Add client role mappings to a client scope
 * @param query - Parameters containing client scope ID and client ID
 * @param roles - Array of roles to add
 * @returns void
 */
addClientScopeMappings(query: { id: string; client: string }, roles: RoleRepresentation[]): Promise<void>;

/**
 * List client role mappings for a client scope
 * @param params - Parameters containing client scope ID and client ID
 * @returns Array of role representations
 */
listClientScopeMappings(params: { id: string; client: string }): Promise<RoleRepresentation[]>;

/**
 * Add realm role mappings to a client scope
 * @param query - Parameters containing the client scope ID
 * @param roles - Array of roles to add
 * @returns void
 */
addRealmScopeMappings(query: { id: string }, roles: RoleRepresentation[]): Promise<void>;

/**
 * List realm role mappings for a client scope
 * @param params - Parameters containing the client scope ID
 * @returns Array of role representations
 */
listRealmScopeMappings(params: { id: string }): Promise<RoleRepresentation[]>;

Usage Examples

import KeycloakAdminClient from "@keycloak/keycloak-admin-client";

const kcAdminClient = new KeycloakAdminClient({
  baseUrl: 'http://localhost:8080',
  realmName: 'myrealm',
});

await kcAdminClient.auth({
  username: 'admin',
  password: 'admin',
  grantType: 'password',
  clientId: 'admin-cli',
});

// Create a client scope
const { id } = await kcAdminClient.clientScopes.create({
  name: 'custom-scope',
  description: 'Custom claims scope',
  protocol: 'openid-connect',
});

// Add a protocol mapper
await kcAdminClient.clientScopes.addProtocolMapper(
  { id },
  {
    name: 'department-mapper',
    protocol: 'openid-connect',
    protocolMapper: 'oidc-usermodel-attribute-mapper',
    config: {
      'user.attribute': 'department',
      'claim.name': 'department',
      'claim.value.type': 'String',
      'access.token.claim': 'true',
      'id.token.claim': 'true'
    }
  }
);

// Make it a default optional scope
await kcAdminClient.clientScopes.addDefaultOptionalClientScope({ id });

// List all client scopes
const scopes = await kcAdminClient.clientScopes.find();

Types

interface ClientScopeRepresentation {
  id?: string;
  name?: string;
  description?: string;
  protocol?: string;
  attributes?: Record<string, string>;
  protocolMappers?: ProtocolMapperRepresentation[];
}

interface ProtocolMapperRepresentation {
  id?: string;
  name?: string;
  protocol?: string;
  protocolMapper?: string;
  consentRequired?: boolean;
  config?: Record<string, string>;
}

interface MappingsRepresentation {
  realmMappings?: RoleRepresentation[];
  clientMappings?: Record<string, ClientMappingsRepresentation>;
}

interface ClientMappingsRepresentation {
  id?: string;
  client?: string;
  mappings?: RoleRepresentation[];
}

docs

attack-detection.md

authentication-management.md

cache-management.md

client-configuration.md

client-management.md

client-policies.md

client-scopes.md

components.md

group-management.md

identity-providers.md

index.md

organization-management.md

realm-management.md

role-management.md

server-info.md

user-management.md

user-storage-provider.md

utility-functions.md

whoami.md

tile.json