Liking cljdoc? Tell your friends :D
Clojure only.

keycloak.admin

add-realm-roles-to-group!clj

(add-realm-roles-to-group! keycloak-client
                           realm-name
                           group-name-or-path
                           roles-to-add)

Add roles to a group given its name or path

Add roles to a group given its name or path
raw docstring

add-user-to-group!clj

(add-user-to-group! keycloak-client realm-name group-id user-id)

Make the user join group, return the group

Make the user join group, return the group
raw docstring

add-user-to-group-by-username!clj

(add-user-to-group-by-username! keycloak-client realm-name group-id username)

add-username-to-group-name!clj

(add-username-to-group-name! keycloak-client realm-name group-name username)

assert-all-realm-roles-existsclj

(assert-all-realm-roles-exists keycloak-client realm-name roles)

clientclj

(client {:keys [client-id name public-client public? standard-flow-enabled
                service-accounts-enabled authorization-services-enabled
                redirect-uris web-origins direct-access-grants-enabled root-url
                base-url admin-url attributes client-authenticator-type]
         :as client})
(client name public?)
(client name public? redirect-uris web-origins)

Create a ClientRepresentation object to be used with create-client!, update-client! or create-or-update-client! functions. client argument is a map. Different arities are proposed for convenience with default value for the rest of the client's map keys:

  • client-id: client-id as a string, client identifier for OIDC requests. Optional: default value is the name of the client.
  • name: display name for the client whenever it is displayed in a Keycloak UI screen.name. Mandatory.
  • public? or public-client: boolean, true if the client is of the public Access Type, false if the client is of the confidential Access Type.
    • confidential: Confidential access type is for server-side clients that need to perform a browser login and require a client secret when they turn an access code into an access token, (see Access Token Request in the OAuth 2.0 spec for more details). This type should be used for server-side applications. public
    • public: Public access type is for client-side clients that need to perform a browser login. With a client-side application there is no way to keep a secret safe. Instead it is very important to restrict access by configuring correct redirect URIs for the client.
  • standard-flow-enabled: boolean, if true clients are allowed to use the OIDC Authorization Code Flow. Default to true.
  • direct-access-grants-enabled: boolean, if true, clients are allowed to use the OIDC Direct Access Grants . Default to true.
  • service-accounts-enabled: boolean, if true, Service account is enabled for this client, only for confidential client. See Service Accounts. Default to the logical expression: (not (public?)).
  • authorization-services-enabled: boolean, if true authorization services are enabled for this client.
  • redirect-uris: vector of String representing URL Patterns. Required if public?. Wildcards () are only allowed at the end of a URI, i.e. http://host.com/
  • root-url: String, If Keycloak uses any configured relative URLs, this value is prepended to them.
  • base-url: String, If Keycloak needs to link to the client, this URL is used.
  • admin-url: String, For Keycloak specific client adapters, this is the callback endpoint for the client. The Keycloak server will use this URI to make callbacks like pushing revocation policies, performing backchannel logout, and other administrative operations. For Keycloak servlet adapters, this can be the root URL of the servlet application. For more information see Securing Applications and Services Guide.
  • web-origins: vector of String representing domains. The domains listed in the Web Origins setting for the client are embedded within the access token sent to the client application. The client application can then use this information to decide whether or not to allow a CORS request to be invoked on it. This is an extension to the OIDC protocol so only Keycloak client adapters support this feature. See Securing Applications and Services Guide for more information.
  • attributes: map with keys and values as String. Transformed to a java.util.Map<String, String>. Some attributes for the client are passed in this map, an attribute of interest is the access.token.lifespan that override the Access Token lifespan of the realm for that client.
Create a [ClientRepresentation](https://www.keycloak.org/docs-api/11.0/javadocs/org/keycloak/representations/idm/ClientRepresentation.html) object to be used with [[create-client!]], [[update-client!]] or [[create-or-update-client!]] functions.
  `client` argument is a map. Different arities are proposed for convenience with default value for the rest of the client's map keys:

  - `client-id`: client-id as a string, client identifier for OIDC requests. Optional: default value is the name of the client.
  - `name`: display name for the client whenever it is displayed in a Keycloak UI screen.name. Mandatory.
  - `public?` or `public-client`: boolean, `true` if the client is of the `public` _Access Type_, `false` if the client is of the `confidential` _Access Type_.
    - _confidential_: Confidential access type is for server-side clients that need to perform a browser login and require a client secret when they turn an access code into an access token, (see Access Token Request in the OAuth 2.0 spec for more details). This type should be used for server-side applications.
public
    - _public_: Public access type is for client-side clients that need to perform a browser login. With a client-side application there is no way to keep a secret safe. Instead it is very important to restrict access by configuring correct redirect URIs for the client.
  - `standard-flow-enabled`: boolean, if `true` clients are allowed to use the OIDC [Authorization Code Flow](https://www.keycloak.org/docs/latest/server_admin/#_oidc-auth-flows). Default to `true`.
  - `direct-access-grants-enabled`: boolean, if `true`, clients are allowed to use the OIDC [Direct Access Grants](https://www.keycloak.org/docs/latest/server_admin/#_oidc-auth-flows) . Default to true.
  - `service-accounts-enabled`: boolean, if `true`, Service account is enabled for this client, only for `confidential` client. See [Service Accounts](https://www.keycloak.org/docs/latest/server_admin/#_service_accounts). Default to the logical expression: `(not (public?))`.
  - `authorization-services-enabled`: boolean, if `true` [authorization services](https://www.keycloak.org/docs/latest/authorization_services/) are enabled for this client.
  - `redirect-uris`: vector of String representing URL Patterns. Required if `public?`. Wildcards (*) are only allowed at the end of a URI, i.e. http://host.com/*
  - `root-url`: String, If Keycloak uses any configured relative URLs, this value is prepended to them.
  - `base-url`: String, If Keycloak needs to link to the client, this URL is used.
  - `admin-url`: String, For Keycloak specific client adapters, this is the callback endpoint for the client. The Keycloak server will use this URI to make callbacks like pushing revocation policies, performing backchannel logout, and other administrative operations. For Keycloak servlet adapters, this can be the root URL of the servlet application. For more information see [Securing Applications and Services Guide](https://www.keycloak.org/docs/latest/securing_apps/).
  - `web-origins`: vector of String representing domains. The domains listed in the Web Origins setting for the client are embedded within the access token sent to the client application. The client application can then use this information to decide whether or not to allow a CORS request to be invoked on it. This is an extension to the OIDC protocol so only Keycloak client adapters support this feature. See [Securing Applications and Services Guide](https://www.keycloak.org/docs/latest/securing_apps/) for more information.
  - `attributes`: map with keys and values as String. Transformed to a `java.util.Map<String, String>`. Some attributes for the client are passed in this map, an attribute of interest is the `access.token.lifespan` that override the _Access Token lifespan_ of the realm for that client.
raw docstring

count-groupsclj

(count-groups keycloak-client realm-name)

create-client!clj

(create-client! keycloak-client realm-name client)
(create-client! keycloak-client realm-name client-id public?)

Creates a client with its 'realm-name' and a ClientRepresentation object, obtained with 'client' function.

Creates a client with its 'realm-name' and a [ClientRepresentation](https://www.keycloak.org/docs-api/11.0/javadocs/org/keycloak/representations/idm/ClientRepresentation.html) object,
obtained with 'client' function.
raw docstring

create-group!clj

(create-group! keycloak-client realm-name group-name)

create-groups!clj

(create-groups! keycloak-client realm-name group-names)

create-or-update-client!clj

(create-or-update-client! keycloak-client realm-name client)

create-protocol-mapper!clj

(create-protocol-mapper! keycloak-client realm-name client-id mapper)

create-realm!clj

(create-realm! keycloak-client realm-rep-map-or-name)
(create-realm! keycloak-client realm-name themes login tokens smtp)

create-role!clj

(create-role! keycloak-client realm-name role-name)

Create the realm role role-name in realm realm-name

Create the realm role `role-name` in realm `realm-name`
raw docstring

create-roles!clj

(create-roles! keycloak-client realm-name role-names)

Create the realm roles role-names, accept also a seq of role-name in realm realm-name

Create the realm roles `role-names`, accept also a seq of role-name in realm `realm-name`
raw docstring

create-subgroup!clj

(create-subgroup! keycloak-client realm-name group-id subgroup-name)
(create-subgroup! keycloak-client realm-name group-id subgroup-name attributes)

create-user!clj

(create-user! keycloak-client
              realm-name
              {:keys [username first-name last-name email password is-manager
                      group in-subgroups]
               :as person})
(create-user! keycloak-client realm-name username password)

credential-representationclj

(credential-representation type value)

delete-client!clj

(delete-client! keycloak-client realm-name client-id)

delete-group!clj

(delete-group! keycloak-client realm-name group-id)

delete-realm!clj

(delete-realm! keycloak-client realm-name)

delete-role!clj

(delete-role! keycloak-client realm-name role-name)

Delete the realm role role-name in realm realm-name

Delete the realm role `role-name` in realm `realm-name`
raw docstring

delete-user-by-id!clj

(delete-user-by-id! keycloak-client realm-name user-id)

delete user by its id

delete user by its id
raw docstring

extract-idclj

(extract-id resp)

find-clientclj

(find-client keycloak-client realm-name client-name)

Find client from its name, provide a keycloak-client and realm-name, return a collection

Find client from its `name`, provide a `keycloak-client` and `realm-name`, return a collection
raw docstring

find-usersclj

(find-users keycloak-client realm-name s)

first-letter-capitalizeclj

(first-letter-capitalize s)

get-clientclj

(get-client keycloak-client realm-name client-id)

Get a Client from a client-id (caution: it's not the client-name). Return a ClientRepresentation object. It's the Client concept of Keycloak, not the Keycloak admin client used to interact with the API SDK and given as a first argument of every function in that namespace.

keycloak-client and realm-name

Fist argument is an admin client's Keycloak object obtained with:

(require 'keycloak.deployment)
(keycloak.deployment/keycloak-client (keycloak.deployment/client-conf "http://localhost:8090" "master"  "admin-cli") admin-login admin-password)

Second argument is the Realm name as a String.

Get a _Client_ from a `client-id` (caution: it's not the `client-name`). Return a [ClientRepresentation](https://www.keycloak.org/docs-api/11.0/javadocs/org/keycloak/representations/idm/ClientRepresentation.html) object. It's the _Client_ concept of Keycloak, not the Keycloak admin client used to interact with the API SDK and given as a first argument of every function in that namespace.

**keycloak-client and realm-name**

Fist argument is an [admin client's _Keycloak_ object](https://www.keycloak.org/docs-api/11.0/javadocs/org/keycloak/admin/client/Keycloak.html) obtained with:
```clojure
(require 'keycloak.deployment)
(keycloak.deployment/keycloak-client (keycloak.deployment/client-conf "http://localhost:8090" "master"  "admin-cli") admin-login admin-password)
```
Second argument is the _Realm_ name as a String.
raw docstring

get-client-resourceclj

(get-client-resource keycloak-client realm-name client-id)

Return a org.keycloak.admin.client.resource.ClientResource given a keycloak-client, realm-name and id. Be careful the id is the UUID attributed by Keycloak during the creation of the client and not the clientId given by the user

Return a [org.keycloak.admin.client.resource.ClientResource](https://www.keycloak.org/docs-api/11.0/javadocs/org/keycloak/admin/client/resource/ClientResource.html)
given a `keycloak-client`, `realm-name` and `id`. Be careful the id is the UUID attributed by Keycloak during the creation of the client and not the `clientId` given by the user
raw docstring

get-client-secretclj

(get-client-secret keycloak-client realm-name client-id)

get-groupclj

(get-group keycloak-client realm-name group-id)

get-group-idclj

(get-group-id keycloak-client realm-name group-name)

get-group-id-by-pathclj

(get-group-id-by-path keycloak-client realm-name path)

get-group-membersclj

(get-group-members keycloak-client realm-name group-id)

get-group-resourceclj

(get-group-resource keycloak-client realm-name group-id)

get-mapperclj

(get-mapper keycloak-client realm-name client-id mapper-id)

get-realmclj

(get-realm keycloak-client realm-name)

get-realm-roles-of-groupclj

(get-realm-roles-of-group keycloak-client realm-name group-name-or-path)

get-roleclj

(get-role keycloak-client realm-name role-name)

get-subgroupclj

(get-subgroup keycloak-client realm-name group-id subgroup-id)

get-subgroup-idclj

(get-subgroup-id keycloak-client realm-name group-id subgroup-name)

get-userclj

(get-user keycloak-client realm-name user-id)

get-user-by-usernameclj

(get-user-by-username keycloak-client realm-name username)

get-user-groupsclj

(get-user-groups keycloak-client realm-name user-id)

get-user-idcljdeprecated

(get-user-id keycloak-client realm-name username)

group-membership-mapperclj

(group-membership-mapper name claim-name)

group-representationclj

(group-representation group-name)

create a GroupRepresentation object

create a GroupRepresentation object
raw docstring

ks->strclj

(ks->str m)

convert all keys and values of the map to string

convert all keys and values of the map to string
raw docstring

list-groupsclj

(list-groups keycloak-client realm-name)
(list-groups keycloak-client realm-name s)

list-realmsclj

(list-realms keycloak-client)

list-rolesclj

(list-roles keycloak-client realm-name)

list-subgroupsclj

(list-subgroups keycloak-client realm-name group-id)

list-usersclj

(list-users keycloak-client realm-name)

map-values-Long-to-Integerclj

(map-values-Long-to-Integer m)

mapperclj

(mapper name mapper custom-config)

Create a mapper with name and mapper among the one provided

Create a mapper with name and mapper among the one provided
raw docstring

memoized-get-realm-roles-representationsclj

oidc-address-mapperclj

oidc-allowed-origins-mapperclj

oidc-audience-mapperclj

oidc-audience-resolve-mapperclj

oidc-claims-param-token-mapperclj

oidc-full-name-mapperclj

oidc-group-membership-mapperclj

oidc-hardcoded-claim-mapperclj

oidc-hardcoded-role-mapperclj

oidc-role-name-mapperclj

oidc-usermodel-attribute-mapperclj

oidc-usermodel-client-role-mapperclj

oidc-usermodel-property-mapperclj

oidc-usermodel-realm-role-mapperclj

oidc-usersessionmodel-note-mapperclj

protocol-mappers-default-configclj

realm-representationclj

(realm-representation realm-name)
(realm-representation realm-name themes login tokens smtp)

realm-representation-from-mapclj

(realm-representation-from-map m)

regenerate-secretclj

(regenerate-secret keycloak-client realm-name id)

Regenerate a client secret, must be invoked once a client is created as the secret is null.. the id is obtained with (.getId client) from a ClientRepresentation

Regenerate a client secret, must be invoked once a client is created as the secret is null.. the id is obtained with `(.getId client)` from a ClientRepresentation
raw docstring

remove-realm-roles-of-group!clj

(remove-realm-roles-of-group! keycloak-client
                              realm-name
                              group-name-or-path
                              roles-to-remove)

remove-user-from-group!clj

(remove-user-from-group! keycloak-client realm-name group-id user-id)

role-representationclj

(role-representation name)

create a RoleRepresentation object

create a RoleRepresentation object
raw docstring

set-all!clj

(set-all! obj m)

set-realm-roles-of-group!clj

(set-realm-roles-of-group! keycloak-client
                           realm-name
                           group-name-or-path
                           roles-to-set)

setterclj

(setter k)

update-client!clj

(update-client! keycloak-client realm-name client)

update-realm!clj

(update-realm! keycloak-client realm-name themes login tokens smtp)

update-user!clj

(update-user! keycloak-client
              realm-name
              user-id
              {:keys [username first-name last-name email password group
                      in-subgroups]
               :as person})

user-attribute-mapperclj

(user-attribute-mapper name user-attribute claim-name json-type)

user-representationclj

(user-representation username)
(user-representation username password)

cljdoc is a website building & hosting documentation for Clojure/Script libraries

Keyboard shortcutsReport a problemcljdoc on GitHub
× close