Liking cljdoc? Tell your friends :D
Clojure only.
- add-realm-roles-to-group!
- add-user-to-group!
- add-user-to-group-by-username!
- add-username-to-group-name!
- assert-all-realm-roles-exists
- client
- count-groups
- create-client!
- create-group!
- create-groups!
- create-or-update-client!
- create-protocol-mapper!
- create-realm!
- create-role!
- create-roles!
- create-subgroup!
- create-user!
- credential-representation
- delete-client!
- delete-group!
- delete-realm!
- delete-role!
- delete-user-by-id!
- extract-id
- find-client
- find-users
- first-letter-capitalize
- get-client
- get-client-resource
- get-client-secret
- get-group
- get-group-id
- get-group-id-by-path
- get-group-members
- get-group-resource
- get-mapper
- get-realm
- get-realm-roles-of-group
- get-role
- get-subgroup
- get-subgroup-id
- get-user
- get-user-by-username
- get-user-groups
- get-user-id
- group-membership-mapper
- group-representation
- ks->str
- list-groups
- list-realms
- list-roles
- list-subgroups
- list-users
- map-values-Long-to-Integer
- mapper
- memoized-get-realm-roles-representations
- oidc-address-mapper
- oidc-allowed-origins-mapper
- oidc-audience-mapper
- oidc-audience-resolve-mapper
- oidc-claims-param-token-mapper
- oidc-full-name-mapper
- oidc-group-membership-mapper
- oidc-hardcoded-claim-mapper
- oidc-hardcoded-role-mapper
- oidc-role-name-mapper
- oidc-usermodel-attribute-mapper
- oidc-usermodel-client-role-mapper
- oidc-usermodel-property-mapper
- oidc-usermodel-realm-role-mapper
- oidc-usersessionmodel-note-mapper
- protocol-mappers-default-config
- realm-representation
- realm-representation-from-map
- regenerate-secret
- remove-realm-roles-of-group!
- remove-user-from-group!
- role-representation
- set-all!
- set-realm-roles-of-group!
- setter
- update-client!
- update-realm!
- update-user!
- user-attribute-mapper
- user-representation
keycloak.admin
add-realm-roles-to-group!clj
(add-realm-roles-to-group! keycloak-client
realm-name
group-name-or-path
roles-to-add)Add roles to a group given its name or path
Add roles to a group given its name or path
add-user-to-group!clj
(add-user-to-group! keycloak-client realm-name group-id user-id)Make the user join group, return the group
Make the user join group, return the group
add-user-to-group-by-username!clj
(add-user-to-group-by-username! keycloak-client realm-name group-id username)add-username-to-group-name!clj
(add-username-to-group-name! keycloak-client realm-name group-name username)assert-all-realm-roles-existsclj
(assert-all-realm-roles-exists keycloak-client realm-name roles)clientclj
(client {:keys [client-id name public-client public? standard-flow-enabled
service-accounts-enabled authorization-services-enabled
redirect-uris web-origins direct-access-grants-enabled root-url
base-url admin-url attributes client-authenticator-type]
:as client})(client name public?)(client name public? redirect-uris web-origins)Create a ClientRepresentation object to be used with create-client!, update-client! or create-or-update-client! functions.
client argument is a map. Different arities are proposed for convenience with default value for the rest of the client's map keys:
client-id: client-id as a string, client identifier for OIDC requests. Optional: default value is the name of the client.name: display name for the client whenever it is displayed in a Keycloak UI screen.name. Mandatory.public?orpublic-client: boolean,trueif the client is of thepublicAccess Type,falseif the client is of theconfidentialAccess Type.- confidential: Confidential access type is for server-side clients that need to perform a browser login and require a client secret when they turn an access code into an access token, (see Access Token Request in the OAuth 2.0 spec for more details). This type should be used for server-side applications. public
- public: Public access type is for client-side clients that need to perform a browser login. With a client-side application there is no way to keep a secret safe. Instead it is very important to restrict access by configuring correct redirect URIs for the client.
standard-flow-enabled: boolean, iftrueclients are allowed to use the OIDC Authorization Code Flow. Default totrue.direct-access-grants-enabled: boolean, iftrue, clients are allowed to use the OIDC Direct Access Grants . Default to true.service-accounts-enabled: boolean, iftrue, Service account is enabled for this client, only forconfidentialclient. See Service Accounts. Default to the logical expression:(not (public?)).authorization-services-enabled: boolean, iftrueauthorization services are enabled for this client.redirect-uris: vector of String representing URL Patterns. Required ifpublic?. Wildcards () are only allowed at the end of a URI, i.e. http://host.com/root-url: String, If Keycloak uses any configured relative URLs, this value is prepended to them.base-url: String, If Keycloak needs to link to the client, this URL is used.admin-url: String, For Keycloak specific client adapters, this is the callback endpoint for the client. The Keycloak server will use this URI to make callbacks like pushing revocation policies, performing backchannel logout, and other administrative operations. For Keycloak servlet adapters, this can be the root URL of the servlet application. For more information see Securing Applications and Services Guide.web-origins: vector of String representing domains. The domains listed in the Web Origins setting for the client are embedded within the access token sent to the client application. The client application can then use this information to decide whether or not to allow a CORS request to be invoked on it. This is an extension to the OIDC protocol so only Keycloak client adapters support this feature. See Securing Applications and Services Guide for more information.attributes: map with keys and values as String. Transformed to ajava.util.Map<String, String>. Some attributes for the client are passed in this map, an attribute of interest is theaccess.token.lifespanthat override the Access Token lifespan of the realm for that client.
Create a [ClientRepresentation](https://www.keycloak.org/docs-api/11.0/javadocs/org/keycloak/representations/idm/ClientRepresentation.html) object to be used with [[create-client!]], [[update-client!]] or [[create-or-update-client!]] functions.
`client` argument is a map. Different arities are proposed for convenience with default value for the rest of the client's map keys:
- `client-id`: client-id as a string, client identifier for OIDC requests. Optional: default value is the name of the client.
- `name`: display name for the client whenever it is displayed in a Keycloak UI screen.name. Mandatory.
- `public?` or `public-client`: boolean, `true` if the client is of the `public` _Access Type_, `false` if the client is of the `confidential` _Access Type_.
- _confidential_: Confidential access type is for server-side clients that need to perform a browser login and require a client secret when they turn an access code into an access token, (see Access Token Request in the OAuth 2.0 spec for more details). This type should be used for server-side applications.
public
- _public_: Public access type is for client-side clients that need to perform a browser login. With a client-side application there is no way to keep a secret safe. Instead it is very important to restrict access by configuring correct redirect URIs for the client.
- `standard-flow-enabled`: boolean, if `true` clients are allowed to use the OIDC [Authorization Code Flow](https://www.keycloak.org/docs/latest/server_admin/#_oidc-auth-flows). Default to `true`.
- `direct-access-grants-enabled`: boolean, if `true`, clients are allowed to use the OIDC [Direct Access Grants](https://www.keycloak.org/docs/latest/server_admin/#_oidc-auth-flows) . Default to true.
- `service-accounts-enabled`: boolean, if `true`, Service account is enabled for this client, only for `confidential` client. See [Service Accounts](https://www.keycloak.org/docs/latest/server_admin/#_service_accounts). Default to the logical expression: `(not (public?))`.
- `authorization-services-enabled`: boolean, if `true` [authorization services](https://www.keycloak.org/docs/latest/authorization_services/) are enabled for this client.
- `redirect-uris`: vector of String representing URL Patterns. Required if `public?`. Wildcards (*) are only allowed at the end of a URI, i.e. http://host.com/*
- `root-url`: String, If Keycloak uses any configured relative URLs, this value is prepended to them.
- `base-url`: String, If Keycloak needs to link to the client, this URL is used.
- `admin-url`: String, For Keycloak specific client adapters, this is the callback endpoint for the client. The Keycloak server will use this URI to make callbacks like pushing revocation policies, performing backchannel logout, and other administrative operations. For Keycloak servlet adapters, this can be the root URL of the servlet application. For more information see [Securing Applications and Services Guide](https://www.keycloak.org/docs/latest/securing_apps/).
- `web-origins`: vector of String representing domains. The domains listed in the Web Origins setting for the client are embedded within the access token sent to the client application. The client application can then use this information to decide whether or not to allow a CORS request to be invoked on it. This is an extension to the OIDC protocol so only Keycloak client adapters support this feature. See [Securing Applications and Services Guide](https://www.keycloak.org/docs/latest/securing_apps/) for more information.
- `attributes`: map with keys and values as String. Transformed to a `java.util.Map<String, String>`. Some attributes for the client are passed in this map, an attribute of interest is the `access.token.lifespan` that override the _Access Token lifespan_ of the realm for that client.
create-client!clj
(create-client! keycloak-client realm-name client)(create-client! keycloak-client realm-name client-id public?)Creates a client with its 'realm-name' and a ClientRepresentation object, obtained with 'client' function.
Creates a client with its 'realm-name' and a [ClientRepresentation](https://www.keycloak.org/docs-api/11.0/javadocs/org/keycloak/representations/idm/ClientRepresentation.html) object, obtained with 'client' function.
create-protocol-mapper!clj
(create-protocol-mapper! keycloak-client realm-name client-id mapper)create-realm!clj
(create-realm! keycloak-client realm-rep-map-or-name)(create-realm! keycloak-client realm-name themes login tokens smtp)create-role!clj
(create-role! keycloak-client realm-name role-name)Create the realm role role-name in realm realm-name
Create the realm role `role-name` in realm `realm-name`
create-roles!clj
(create-roles! keycloak-client realm-name role-names)Create the realm roles role-names, accept also a seq of role-name in realm realm-name
Create the realm roles `role-names`, accept also a seq of role-name in realm `realm-name`
create-subgroup!clj
(create-subgroup! keycloak-client realm-name group-id subgroup-name)(create-subgroup! keycloak-client realm-name group-id subgroup-name attributes)create-user!clj
(create-user! keycloak-client
realm-name
{:keys [username first-name last-name email password is-manager
group in-subgroups]
:as person})(create-user! keycloak-client realm-name username password)delete-role!clj
(delete-role! keycloak-client realm-name role-name)Delete the realm role role-name in realm realm-name
Delete the realm role `role-name` in realm `realm-name`
delete-user-by-id!clj
(delete-user-by-id! keycloak-client realm-name user-id)delete user by its id
delete user by its id
find-clientclj
(find-client keycloak-client realm-name client-name)Find client from its name, provide a keycloak-client and realm-name, return a collection
Find client from its `name`, provide a `keycloak-client` and `realm-name`, return a collection
get-clientclj
(get-client keycloak-client realm-name client-id)Get a Client from a client-id (caution: it's not the client-name). Return a ClientRepresentation object. It's the Client concept of Keycloak, not the Keycloak admin client used to interact with the API SDK and given as a first argument of every function in that namespace.
keycloak-client and realm-name
Fist argument is an admin client's Keycloak object obtained with:
(require 'keycloak.deployment)
(keycloak.deployment/keycloak-client (keycloak.deployment/client-conf "http://localhost:8090" "master" "admin-cli") admin-login admin-password)
Second argument is the Realm name as a String.
Get a _Client_ from a `client-id` (caution: it's not the `client-name`). Return a [ClientRepresentation](https://www.keycloak.org/docs-api/11.0/javadocs/org/keycloak/representations/idm/ClientRepresentation.html) object. It's the _Client_ concept of Keycloak, not the Keycloak admin client used to interact with the API SDK and given as a first argument of every function in that namespace. **keycloak-client and realm-name** Fist argument is an [admin client's _Keycloak_ object](https://www.keycloak.org/docs-api/11.0/javadocs/org/keycloak/admin/client/Keycloak.html) obtained with: ```clojure (require 'keycloak.deployment) (keycloak.deployment/keycloak-client (keycloak.deployment/client-conf "http://localhost:8090" "master" "admin-cli") admin-login admin-password) ``` Second argument is the _Realm_ name as a String.
get-client-resourceclj
(get-client-resource keycloak-client realm-name client-id)Return a org.keycloak.admin.client.resource.ClientResource
given a keycloak-client, realm-name and id. Be careful the id is the UUID attributed by Keycloak during the creation of the client and not the clientId given by the user
Return a [org.keycloak.admin.client.resource.ClientResource](https://www.keycloak.org/docs-api/11.0/javadocs/org/keycloak/admin/client/resource/ClientResource.html) given a `keycloak-client`, `realm-name` and `id`. Be careful the id is the UUID attributed by Keycloak during the creation of the client and not the `clientId` given by the user
get-realm-roles-of-groupclj
(get-realm-roles-of-group keycloak-client realm-name group-name-or-path)group-representationclj
(group-representation group-name)create a GroupRepresentation object
create a GroupRepresentation object
ks->strclj
(ks->str m)convert all keys and values of the map to string
convert all keys and values of the map to string
list-groupsclj
(list-groups keycloak-client realm-name)(list-groups keycloak-client realm-name s)mapperclj
(mapper name mapper custom-config)Create a mapper with name and mapper among the one provided
Create a mapper with name and mapper among the one provided
realm-representationclj
(realm-representation realm-name)(realm-representation realm-name themes login tokens smtp)regenerate-secretclj
(regenerate-secret keycloak-client realm-name id)Regenerate a client secret, must be invoked once a client is created as the secret is null.. the id is obtained with (.getId client) from a ClientRepresentation
Regenerate a client secret, must be invoked once a client is created as the secret is null.. the id is obtained with `(.getId client)` from a ClientRepresentation
remove-realm-roles-of-group!clj
(remove-realm-roles-of-group! keycloak-client
realm-name
group-name-or-path
roles-to-remove)remove-user-from-group!clj
(remove-user-from-group! keycloak-client realm-name group-id user-id)role-representationclj
(role-representation name)create a RoleRepresentation object
create a RoleRepresentation object
set-realm-roles-of-group!clj
(set-realm-roles-of-group! keycloak-client
realm-name
group-name-or-path
roles-to-set)update-user!clj
(update-user! keycloak-client
realm-name
user-id
{:keys [username first-name last-name email password group
in-subgroups]
:as person})cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close