keycloak-admin 1.1.4 → 1.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a699842f0de47c278828c7874187d0249313d7ff871642a6f26bef4aa202999e
-  data.tar.gz: 6cd358f9db2f837705326e35b6bc00064575ca41e41e08a0fbf04d71d7a76dd1
+  metadata.gz: db97e606c0a299c2daff7be37a2df4a1c2a7261d2430b62dd196b8d29dc9117d
+  data.tar.gz: a1581e41e26b30d576273036ccf87abf463db0e4a80cd1f3a0961b87f874c373
 SHA512:
-  metadata.gz: 849ddd89962850c4e7b541591072e50f34d639b1c2d6dc0fe5e189d4f64ed9e2aa3354d20ffec8097fe5737d6aa0b7117aeb7dd9c0fd93f23ca2a6e6cf0ac2b3
-  data.tar.gz: 2d6057ebd0fea9d52c096be0c8bd4ecfc209cabad8b5e9d7edb95d5fddcd391c7bba3ddde127a51ff313ba42a7ccd213ff9abdf1fafdf57640f5fdc013aa66a7
+  metadata.gz: 33416a0ad66f8f054a2192f560fbd72d6d68d1a29101521d8bfa2be5bd705888f46740d325ee265ef0e983bbd611901e7902db2a14f5693bd066c250692bb417
+  data.tar.gz: 6e17f0a84457d4bf8ce7332b756b0892fbe51a606a8895e5434fca458d9b936594006057820fb3e753d1713b5fdd895fe546f82f90a60fea948f3065e4905bed

data/.github/workflows/Dockerfile

@@ -1,24 +1,24 @@
-### Dockerfile for: tillawy/keycloak-github-actions
-##
-## To build & push
-# docker buildx build . --platform linux/amd64 -t tillawy/keycloak-github-actions:25.0.1
-# docker push tillawy/keycloak-github-actions:25.0.1
-#
-## To Run Locally
-# docker run \
-#        --rm \
-#        -p 8080:8080 \
-#        -e KEYCLOAK_ADMIN="admin" \
-#        -e KEYCLOAK_ADMIN_PASSWORD="admin" \
-#        -e KC_HOSTNAME="http://localhost:8080" \
-#        -e KC_HOSTNAME_ADMIN="http://localhost:8080" \
-#        -e KC_HTTP_ENABLED="true" \
-#        -e KC_DB="dev-file" \
-#        tillawy/keycloak-github-actions:25.0.1
-
-FROM quay.io/keycloak/keycloak:25.0.1
-
-ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
-
-CMD ["start-dev", "--hostname=http://localhost:8080" , "--hostname-admin=http://localhost:8080" , "--http-enabled=true", "--verbose"]
-
+### Dockerfile for: tillawy/keycloak-github-actions
+##
+## To build & push
+# docker buildx build . --platform linux/amd64 -t tillawy/keycloak-github-actions:25.0.1
+# docker push tillawy/keycloak-github-actions:25.0.1
+#
+## To Run Locally
+# docker run \
+#        --rm \
+#        -p 8080:8080 \
+#        -e KEYCLOAK_ADMIN="admin" \
+#        -e KEYCLOAK_ADMIN_PASSWORD="admin" \
+#        -e KC_HOSTNAME="http://localhost:8080" \
+#        -e KC_HOSTNAME_ADMIN="http://localhost:8080" \
+#        -e KC_HTTP_ENABLED="true" \
+#        -e KC_DB="dev-file" \
+#        tillawy/keycloak-github-actions:25.0.1
+
+FROM quay.io/keycloak/keycloak:25.0.1
+
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
+
+CMD ["start-dev", "--hostname=http://localhost:8080" , "--hostname-admin=http://localhost:8080" , "--http-enabled=true", "--verbose"]
+

data/.github/workflows/ci.yml

@@ -1,80 +1,80 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
-# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
-
-name: Ruby
-
-on:
-  push:
-    branches: [ "main" ]
-  pull_request:
-    branches: [ "main" ]
-
-permissions:
-  contents: read
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    services:
-      keycloak:
-        image: tillawy/keycloak-github-actions:25.0.1
-        ports:
-          - 8080:8080
-        options: '--health-cmd "exec 3<>/dev/tcp/localhost/8080" --health-interval 5s --health-timeout 5s --health-retries 10 --health-start-period 100s'
-        env:
-          KEYCLOAK_ADMIN: "admin"
-          KEYCLOAK_ADMIN_PASSWORD: "admin"
-          KC_HOSTNAME: "http://localhost:8080"
-          KC_HOSTNAME_ADMIN: "http://localhost:8080"
-          KC_HTTP_ENABLED: "true"
-          KC_DB: "dev-file"
-
-    strategy:
-      matrix:
-        ruby-version: ['3.2']
-
-    steps:
-    - name: create realm
-      run: |
-         TOKEN=$(curl --silent --location --request POST "http://localhost:8080/realms/master/protocol/openid-connect/token" \
-            --header 'Content-Type: application/x-www-form-urlencoded' \
-            --data-urlencode 'grant_type=password' \
-            --data-urlencode 'username=admin' \
-            --data-urlencode 'password=admin' \
-            --data-urlencode 'client_id=admin-cli' | jq -r '.access_token')
-          
-         curl --silent --show-error -L -X POST "http://localhost:8080/admin/realms" \
-            --header "Content-Type: application/json" \
-            --header "Authorization: Bearer ${TOKEN}" \
-            --data '{"realm":"dummy","enabled":true}'
-        
-         curl --silent --show-error --request POST 'http://localhost:8080/admin/realms/dummy/clients' \
-           --header 'Authorization: Bearer '$TOKEN \
-           --header 'Content-Type: application/json' \
-           --data-raw '{
-             "clientId":"dummy-client",
-             "enabled":true,
-             "consentRequired": false,
-             "attributes":{},
-             "serviceAccountsEnabled": true,
-             "protocol":"openid-connect",
-             "publicClient":false,
-             "authorizationServicesEnabled": true,
-             "clientAuthenticatorType":"client-secret",
-             "redirectUris":["http://localhost:8180/demo"]
-           }'
-
-    - uses: actions/checkout@v4
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: ${{ matrix.ruby-version }}
-        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
-    - name: Run tests
-      run: bundle exec rspec
-      env:
-        GITHUB_ACTIONS: true
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: Ruby
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    services:
+      keycloak:
+        image: tillawy/keycloak-github-actions:25.0.1
+        ports:
+          - 8080:8080
+        options: '--health-cmd "exec 3<>/dev/tcp/localhost/8080" --health-interval 5s --health-timeout 5s --health-retries 10 --health-start-period 100s'
+        env:
+          KEYCLOAK_ADMIN: "admin"
+          KEYCLOAK_ADMIN_PASSWORD: "admin"
+          KC_HOSTNAME: "http://localhost:8080"
+          KC_HOSTNAME_ADMIN: "http://localhost:8080"
+          KC_HTTP_ENABLED: "true"
+          KC_DB: "dev-file"
+
+    strategy:
+      matrix:
+        ruby-version: ['3.2']
+
+    steps:
+    - name: create realm
+      run: |
+         TOKEN=$(curl --silent --location --request POST "http://localhost:8080/realms/master/protocol/openid-connect/token" \
+            --header 'Content-Type: application/x-www-form-urlencoded' \
+            --data-urlencode 'grant_type=password' \
+            --data-urlencode 'username=admin' \
+            --data-urlencode 'password=admin' \
+            --data-urlencode 'client_id=admin-cli' | jq -r '.access_token')
+          
+         curl --silent --show-error -L -X POST "http://localhost:8080/admin/realms" \
+            --header "Content-Type: application/json" \
+            --header "Authorization: Bearer ${TOKEN}" \
+            --data '{"realm":"dummy","enabled":true}'
+        
+         curl --silent --show-error --request POST 'http://localhost:8080/admin/realms/dummy/clients' \
+           --header 'Authorization: Bearer '$TOKEN \
+           --header 'Content-Type: application/json' \
+           --data-raw '{
+             "clientId":"dummy-client",
+             "enabled":true,
+             "consentRequired": false,
+             "attributes":{},
+             "serviceAccountsEnabled": true,
+             "protocol":"openid-connect",
+             "publicClient":false,
+             "authorizationServicesEnabled": true,
+             "clientAuthenticatorType":"client-secret",
+             "redirectUris":["http://localhost:8180/demo"]
+           }'
+
+    - uses: actions/checkout@v4
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+    - name: Run tests
+      run: bundle exec rspec
+      env:
+        GITHUB_ACTIONS: true

data/.gitignore

@@ -1,10 +1,10 @@
-.bundle/
-log/*.log
-pkg/
-test/dummy/db/*.sqlite3
-test/dummy/db/*.sqlite3-journal
-test/dummy/log/*.log
-test/dummy/tmp/
-*.gem
-.idea/
+.bundle/
+log/*.log
+pkg/
+test/dummy/db/*.sqlite3
+test/dummy/db/*.sqlite3-journal
+test/dummy/log/*.log
+test/dummy/tmp/
+*.gem
+.idea/
 .byebug_history

data/.rspec

@@ -1,2 +1,2 @@
---color
---require spec_helper
+--color
+--require spec_helper

data/CHANGELOG.md

@@ -5,6 +5,29 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.1.6] - 2026-01-05
+
+* [Feature] Support for Organizations (Multi-tenancy):
+    * **Organization Management**:
+        * Supported operations: `create!`, `update`, `get`, `delete`, `list`, and `count`.
+        * Supported searching and filtering via `exact`, `query`, and `search` parameters.
+    * **Member Management**:
+        * Added ability to list organization members with pagination and filtering (`members`).
+        * Added `members_count` to retrieve the total number of members.
+        * Added `get_member`, `add_member` (by user ID), and `delete_member`.
+        * Added helper to find all organizations associated with a specific user: `associated_with_member`.
+    * **Invitations**:
+        * Added `invite_user`: Invites a new user via email/name.
+        * Added `invite_existing_user`: Invites an existing Keycloak user to the organization by ID.
+    * **Identity Provider (IdP) Linking**:
+        * Added methods to manage IdPs linked to an organization: `identity_providers`, `get_identity_provider`, `add_identity_provider`, and `delete_identity_provider`.
+
+## [1.1.5] - 2026-01-05
+
+* [Feature] Added the ability to list credentials for a given user.
+* [Fix] Implemented safe parsing for nested JSON elements within `CredentialRepresentation` (handling both `credentialData` and `secretData` fields). Please refer to [the official documentation](https://www.keycloak.org/docs-api/latest/rest-api/index.html#CredentialRepresentation).
+* [Breaking] Renamed `CredentialRepresentation` attribute `created_date` $\rightarrow$ `createdDate` to align with the Keycloak Admin API.
+
 ## [1.1.4] - 2025-11-08
 
 * Add remove_realm_level_role_name! action on a GroupClient (thanks to @mkrawc)

data/Dockerfile

@@ -1,13 +1,13 @@
-FROM ruby:3.2.2-slim-bullseye
-
-RUN apt-get update -qq && apt-get install -y build-essential git ruby-dev && apt-get clean && \
-  mkdir -p /usr/src/app/lib/keycloak-admin
-WORKDIR /usr/src/app
-
-COPY Gemfile /usr/src/app/
-COPY Gemfile.lock /usr/src/app/
-COPY keycloak-admin.gemspec /usr/src/app/
-COPY lib/keycloak-admin/version.rb /usr/src/app/lib/keycloak-admin/
-RUN bundle install
-COPY . /usr/src/app
+FROM ruby:3.2.2-slim-bullseye
+
+RUN apt-get update -qq && apt-get install -y build-essential git ruby-dev && apt-get clean && \
+  mkdir -p /usr/src/app/lib/keycloak-admin
+WORKDIR /usr/src/app
+
+COPY Gemfile /usr/src/app/
+COPY Gemfile.lock /usr/src/app/
+COPY keycloak-admin.gemspec /usr/src/app/
+COPY lib/keycloak-admin/version.rb /usr/src/app/lib/keycloak-admin/
+RUN bundle install
+COPY . /usr/src/app
 RUN bundle install

data/Gemfile

@@ -1,3 +1,3 @@
-source 'https://rubygems.org'
-
-gemspec
+source 'https://rubygems.org'
+
+gemspec

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    keycloak-admin (1.1.4)
+    keycloak-admin (1.1.6)
       http-cookie (~> 1.0, >= 1.0.3)
       rest-client (~> 2.0)
 

data/MIT-LICENSE

@@ -1,20 +1,20 @@
-Copyright 2018 
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+Copyright 2018 
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -12,7 +12,7 @@ This gem *does not* require Rails.
 For example, using `bundle`, add this line to your Gemfile.
 
 ```ruby
-gem "keycloak-admin", "1.1.4"
+gem "keycloak-admin", "1.1.6"
 ```
 
 ## Login
@@ -112,6 +112,7 @@ All options have a default value. However, all of them can be changed in your in
 * Get an access token
 * Create/update/get/delete a user
 * Get list of users, search for user(s)
+* List credentials of a user
 * Reset credentials
 * Impersonate a user
 * Exchange a configurable token
@@ -134,6 +135,11 @@ All options have a default value. However, all of them can be changed in your in
 * Execute actions emails
 * Send forgot passsword mail
 * Client Authorization, create, update, get, delete Resource, Scope, Policy, Permission, Policy Enforcer
+* Get list of organizations, create/update/get/delete an organization
+* Get list of members of an organization, add/remove members
+* Invite new or existing users to an organization
+* List, add, and remove Identity Providers for an organization
+* Get list of organizations associated with a specific user
 
 ### Get an access token
 
@@ -226,6 +232,13 @@ new_password = "coco"
 KeycloakAdmin.realm("a_realm").users.update_password(user_id, new_password)
 ```
 
+### List credentials
+
+```ruby
+user_id      = "95985b21-d884-4bbd-b852-cb8cd365afc2"
+KeycloakAdmin.realm("a_realm").users.credentials(user_id)
+```
+
 ### Impersonate a password directly
 
 Returns an instance of `KeycloakAdmin::ImpersonationRepresentation`.
@@ -244,6 +257,12 @@ user_id = "95985b21-d884-4bbd-b852-cb8cd365afc2"
 KeycloakAdmin.realm("a_realm").users.get_redirect_impersonation(user_id)
 ```
 
+### List all the organizations of a realm
+
+```ruby
+KeycloakAdmin.realm("a_realm").organizations.list
+```
+
 ### Exchange a configurable token
 
 *Requires your Keycloak server to have deployed the Custom REST API `configurable-token`* (https://github.com/looorent/keycloak-configurable-token-api)

data/bin/console

@@ -1,9 +1,9 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-
-require "bundler/setup"
-require "keycloak-admin"
-require "byebug"
-
-require "irb"
-IRB.start
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "keycloak-admin"
+require "byebug"
+
+require "irb"
+IRB.start

data/keycloak-admin.gemspec

@@ -1,24 +1,24 @@
-$:.push File.expand_path("../lib", __FILE__)
-
-require "keycloak-admin/version"
-
-Gem::Specification.new do |spec|
-  spec.name        = "keycloak-admin"
-  spec.version     = KeycloakAdmin::VERSION
-  spec.authors     = ["Lorent Lempereur"]
-  spec.email       = ["lorent.lempereur.dev@gmail.com"]
-  spec.homepage    = "https://github.com/looorent/keycloak-admin-ruby"
-  spec.summary     = "Keycloak Admin REST API client written in Ruby"
-  spec.description = "Keycloak Admin REST API client written in Ruby"
-  spec.license     = "MIT"
-
-  spec.files = `git ls-files -z`.split("\x0")
-  spec.require_paths = ["lib"]
-
-  spec.required_ruby_version = '>= 2.3'
-
-  spec.add_dependency "http-cookie", "~> 1.0", ">= 1.0.3"
-  spec.add_dependency "rest-client", "~> 2.0"
-  spec.add_development_dependency "rspec",  "3.13.2"
-  spec.add_development_dependency "byebug", "12.0.0"
-end
+$:.push File.expand_path("../lib", __FILE__)
+
+require "keycloak-admin/version"
+
+Gem::Specification.new do |spec|
+  spec.name        = "keycloak-admin"
+  spec.version     = KeycloakAdmin::VERSION
+  spec.authors     = ["Lorent Lempereur"]
+  spec.email       = ["lorent.lempereur.dev@gmail.com"]
+  spec.homepage    = "https://github.com/looorent/keycloak-admin-ruby"
+  spec.summary     = "Keycloak Admin REST API client written in Ruby"
+  spec.description = "Keycloak Admin REST API client written in Ruby"
+  spec.license     = "MIT"
+
+  spec.files = `git ls-files -z`.split("\x0")
+  spec.require_paths = ["lib"]
+
+  spec.required_ruby_version = '>= 2.3'
+
+  spec.add_dependency "http-cookie", "~> 1.0", ">= 1.0.3"
+  spec.add_dependency "rest-client", "~> 2.0"
+  spec.add_development_dependency "rspec",  "3.13.2"
+  spec.add_development_dependency "byebug", "12.0.0"
+end

data/lib/keycloak-admin/client/attack_detection_client.rb

@@ -1,42 +1,42 @@
-module KeycloakAdmin
-  class AttackDetectionClient < Client
-    def initialize(configuration, realm_client)
-      super(configuration)
-      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
-      @realm_client = realm_client
-    end
-
-    def lock_status(user_id)
-      raise ArgumentError.new("user_id must be defined") if user_id.nil?
-
-      response = execute_http do
-        RestClient::Resource.new(brute_force_url(user_id), @configuration.rest_client_options).get(headers)
-      end
-      AttackDetectionRepresentation.from_hash(JSON.parse(response))
-    end
-
-    def unlock_user(user_id)
-      raise ArgumentError.new("user_id must be defined") if user_id.nil?
-
-      execute_http do
-        RestClient::Resource.new(brute_force_url(user_id), @configuration.rest_client_options).delete(headers)
-      end
-      true
-    end
-
-    def unlock_users
-      execute_http do
-        RestClient::Resource.new(brute_force_url, @configuration.rest_client_options).delete(headers)
-      end
-      true
-    end
-
-    def brute_force_url(user_id = nil)
-      if user_id
-        "#{@realm_client.realm_admin_url}/attack-detection/brute-force/users/#{user_id}"
-      else
-        "#{@realm_client.realm_admin_url}/attack-detection/brute-force/users"
-      end
-    end
-  end
+module KeycloakAdmin
+  class AttackDetectionClient < Client
+    def initialize(configuration, realm_client)
+      super(configuration)
+      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
+      @realm_client = realm_client
+    end
+
+    def lock_status(user_id)
+      raise ArgumentError.new("user_id must be defined") if user_id.nil?
+
+      response = execute_http do
+        RestClient::Resource.new(brute_force_url(user_id), @configuration.rest_client_options).get(headers)
+      end
+      AttackDetectionRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def unlock_user(user_id)
+      raise ArgumentError.new("user_id must be defined") if user_id.nil?
+
+      execute_http do
+        RestClient::Resource.new(brute_force_url(user_id), @configuration.rest_client_options).delete(headers)
+      end
+      true
+    end
+
+    def unlock_users
+      execute_http do
+        RestClient::Resource.new(brute_force_url, @configuration.rest_client_options).delete(headers)
+      end
+      true
+    end
+
+    def brute_force_url(user_id = nil)
+      if user_id
+        "#{@realm_client.realm_admin_url}/attack-detection/brute-force/users/#{user_id}"
+      else
+        "#{@realm_client.realm_admin_url}/attack-detection/brute-force/users"
+      end
+    end
+  end
 end