keycloak.admin

add-user-to-group!

(add-user-to-group! keycloak-client realm-name group-id user-id)

Make the user join group, return the group

add-user-to-group-by-username!

(add-user-to-group-by-username! keycloak-client realm-name group-id username)

add-username-to-group-name!

(add-username-to-group-name! keycloak-client realm-name group-name username)

client

(client {:keys [client-id name public-client public? standard-flow-enabled service-accounts-enabled authorization-services-enabled redirect-uris web-origins direct-access-grants-enabled root-url base-url admin-url attributes], :as client})(client name public? redirect-uris web-origins)(client name public?)

Create a ClientRepresentation object to be used with create-client!, update-client! or create-or-update-client! functions. client argument is a map. Different arities are proposed for convenience with default value for the rest of the client’s map keys:

  • client-id: client-id as a string, client identifier for OIDC requests. Optional: default value is the name of the client.
  • name: display name for the client whenever it is displayed in a Keycloak UI screen.name. Mandatory.
  • public? or public-client: boolean, true if the client is of the public Access Type, false if the client is of the confidential Access Type.
    • confidential: Confidential access type is for server-side clients that need to perform a browser login and require a client secret when they turn an access code into an access token, (see Access Token Request in the OAuth 2.0 spec for more details). This type should be used for server-side applications. public
    • public: Public access type is for client-side clients that need to perform a browser login. With a client-side application there is no way to keep a secret safe. Instead it is very important to restrict access by configuring correct redirect URIs for the client.
  • standard-flow-enabled: boolean, if true clients are allowed to use the OIDC Authorization Code Flow. Default to true.
  • direct-access-grants-enabled: boolean, if true, clients are allowed to use the OIDC Direct Access Grants . Default to true.
  • service-accounts-enabled: boolean, if true, Service account is enabled for this client, only for confidential client. See Service Accounts. Default to the logical expression: (not (public?)).
  • authorization-services-enabled: boolean, if true authorization services are enabled for this client.
  • redirect-uris: vector of String representing URL Patterns. Required if public?. Wildcards (*) are only allowed at the end of a URI, i.e. http://host.com/*
  • root-url: String, If Keycloak uses any configured relative URLs, this value is prepended to them.
  • base-url: String, If Keycloak needs to link to the client, this URL is used.
  • admin-url: String, For Keycloak specific client adapters, this is the callback endpoint for the client. The Keycloak server will use this URI to make callbacks like pushing revocation policies, performing backchannel logout, and other administrative operations. For Keycloak servlet adapters, this can be the root URL of the servlet application. For more information see Securing Applications and Services Guide.
  • web-origins: vector of String representing domains. The domains listed in the Web Origins setting for the client are embedded within the access token sent to the client application. The client application can then use this information to decide whether or not to allow a CORS request to be invoked on it. This is an extension to the OIDC protocol so only Keycloak client adapters support this feature. See Securing Applications and Services Guide for more information.
  • attributes: map with keys and values as String. Transformed to a java.util.Map<String, String>. Some attributes for the client are passed in this map, an attribute of interest is the access.token.lifespan that override the Access Token lifespan of the realm for that client.

create-client!

(create-client! keycloak-client realm-name client)(create-client! keycloak-client realm-name client-id public?)

create-group!

(create-group! keycloak-client realm-name group-name)

create-or-update-client!

(create-or-update-client! keycloak-client realm-name client)

create-protocol-mapper!

(create-protocol-mapper! keycloak-client realm-name client-id mapper)

create-realm!

(create-realm! keycloak-client realm-rep-map-or-name)(create-realm! keycloak-client realm-name themes login tokens smtp)

create-role!

(create-role! keycloak-client realm-name role-name)

create-subgroup!

(create-subgroup! keycloak-client realm-name group-id subgroup-name)(create-subgroup! keycloak-client realm-name group-id subgroup-name attributes)

create-user!

(create-user! keycloak-client realm-name username password)

credential-representation

(credential-representation type value)

delete-client!

(delete-client! keycloak-client realm-name client-id)

delete-group!

(delete-group! keycloak-client realm-name group-id)

delete-realm!

(delete-realm! keycloak-client realm-name)

delete-user-by-id!

(delete-user-by-id! keycloak-client realm-name user-id)

delete user by its id

extract-id

(extract-id resp)

find-client

(find-client keycloak-client realm-name client-name)

Find client from its name, provide a keycloak-client and realm-name, return a collection

find-users

(find-users keycloak-client realm-name s)

first-letter-capitalize

(first-letter-capitalize s)

get-client

(get-client keycloak-client realm-name client-id)

Get a Client from a client-id (caution: it’s not the client-name). Return a ClientRepresentation object. It’s the Client concept of Keycloak, not the Keycloak admin client used to interact with the API SDK and given as a first argument of every function in that namespace.

keycloak-client and realm-name

Fist argument is an admin client’s Keycloak object obtained with:

(require 'keycloak.deployment)
(keycloak.deployment/keycloak-client (keycloak.deployment/client-conf "http://localhost:8090" "master"  "admin-cli") admin-login admin-password)

Second argument is the Realm name as a String.

get-client-resource

(get-client-resource keycloak-client realm-name client-id)

Return a org.keycloak.admin.client.resource.ClientResource given a keycloak-client, realm-name and id. Be careful the id is the UUID attributed by Keycloak during the creation of the client and not the clientId given by the user

get-client-secret

(get-client-secret keycloak-client realm-name client-id)

get-group

(get-group keycloak-client realm-name group-id)

get-group-id

(get-group-id keycloak-client realm-name group-name)

get-group-members

(get-group-members keycloak-client realm-name group-id)

get-mapper

(get-mapper keycloak-client realm-name client-id mapper-id)

get-realm

(get-realm keycloak-client realm-name)

get-role

(get-role keycloak-client realm-name role-name)

get-subgroup

(get-subgroup keycloak-client realm-name group-id subgroup-id)

get-subgroup-id

(get-subgroup-id keycloak-client realm-name group-id subgroup-name)

get-user

(get-user keycloak-client realm-name user-id)

get-user-by-username

(get-user-by-username keycloak-client realm-name username)

get-user-groups

(get-user-groups keycloak-client realm-name user-id)

get-user-id

deprecated

(get-user-id keycloak-client realm-name username)

group-membership-mapper

(group-membership-mapper name claim-name)

group-representation

(group-representation group-name)

create a GroupRepresentation object

ks->str

(ks->str m)

convert all keys and values of the map to string

list-groups

(list-groups keycloak-client realm-name)(list-groups keycloak-client realm-name s)

list-realms

(list-realms keycloak-client)

list-roles

(list-roles keycloak-client realm-name)

list-subgroups

(list-subgroups keycloak-client realm-name group-id)

list-users

(list-users keycloak-client realm-name)

realm-representation

(realm-representation realm-name)(realm-representation realm-name themes login tokens smtp)

realm-representation-from-map

(realm-representation-from-map m)

remove-user-from-group!

(remove-user-from-group! keycloak-client realm-name group-id user-id)

role-representation

(role-representation name)

create a RoleRepresentation object

set-all!

(set-all! obj m)

setter

(setter k)

update-client!

(update-client! keycloak-client realm-name client)

update-realm!

(update-realm! keycloak-client realm-name themes login tokens smtp)

user-attribute-mapper

(user-attribute-mapper name user-attribute claim-name json-type)

user-representation

(user-representation username)(user-representation username password)