keycloak-admin 1.1.5 → 1.1.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dc70b33efe8f4293f7eb0f60eeb30f9468d7866a08e20180b6a3b66c35c96ea8
-  data.tar.gz: f9cfd0bec183db13053ecd034c4c0c180a8564c116fdb6ace4271a086622f18b
+  metadata.gz: 0e12885f5810b15fdc63cc227cb48c1e5a730b6328d3021e4de319d1859fb996
+  data.tar.gz: 5b691cf6498c9754c8778ed043501c94620ef0ca3a7649ae1e2d8ebf310047c8
 SHA512:
-  metadata.gz: a3a4bf1e49ea91c845458186565f68636244e515a7ad78d12e69c50ad190de94fd38050a3222ed16eb33f0b5a13d5e1aa65e496ebb48fb732a5248ff6c227953
-  data.tar.gz: b60ee39f400e84c57f1627042abbb07b0ca820471d3fe53448c09a2ef8b4cc1acb193ea4f11d63d4b60941f0ee9496ecb6a5fc89bc6007fa1c1eca69a5b37925
+  metadata.gz: 552d1b3896305cbe8799ca2627631f049fe8a526b3450fec6c4a360dd9ac2139185b91e642973acf2ee9c1af2bdf49073e5cf66c2eafbc3d5a72c8749331cb53
+  data.tar.gz: 2fbd6f1e6034c0654ac56b856d67fc975fab74a6642071e0bb6f5e8fcdd0b2989042ee2a6aef735e767ca6a9ba53d471870e58b97d1cd71df68b62036677eea4

data/.github/workflows/ci.yml

@@ -68,7 +68,7 @@ jobs:
              "redirectUris":["http://localhost:8180/demo"]
            }'
 
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:

data/CHANGELOG.md

@@ -5,6 +5,28 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.1.7] - 2026-03-27
+
+* [Feature] Client scopes - supported operations:  `create!`, `get`, `delete`, `list`, and `search`.
+* [Feature] Client scopes protocol mappers - supported operations:  `create!`,  `get`, `delete`, `list`, and `search`.
+
+## [1.1.6] - 2026-01-05
+
+* [Feature] Support for Organizations (Multi-tenancy):
+    * **Organization Management**:
+        * Supported operations: `create!`, `update`, `get`, `delete`, `list`, and `count`.
+        * Supported searching and filtering via `exact`, `query`, and `search` parameters.
+    * **Member Management**:
+        * Added ability to list organization members with pagination and filtering (`members`).
+        * Added `members_count` to retrieve the total number of members.
+        * Added `get_member`, `add_member` (by user ID), and `delete_member`.
+        * Added helper to find all organizations associated with a specific user: `associated_with_member`.
+    * **Invitations**:
+        * Added `invite_user`: Invites a new user via email/name.
+        * Added `invite_existing_user`: Invites an existing Keycloak user to the organization by ID.
+    * **Identity Provider (IdP) Linking**:
+        * Added methods to manage IdPs linked to an organization: `identity_providers`, `get_identity_provider`, `add_identity_provider`, and `delete_identity_provider`.
+
 ## [1.1.5] - 2026-01-05
 
 * [Feature] Added the ability to list credentials for a given user.

data/Gemfile.lock

@@ -1,25 +1,29 @@
 PATH
   remote: .
   specs:
-    keycloak-admin (1.1.5)
+    keycloak-admin (1.1.7)
       http-cookie (~> 1.0, >= 1.0.3)
       rest-client (~> 2.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    byebug (12.0.0)
+    byebug (13.0.0)
+      reline (>= 0.6.0)
     diff-lcs (1.6.2)
     domain_name (0.6.20240107)
     http-accept (1.7.0)
     http-cookie (1.1.0)
       domain_name (~> 0.5)
+    io-console (0.8.2)
     logger (1.7.0)
     mime-types (3.7.0)
       logger
       mime-types-data (~> 3.2025, >= 3.2025.0507)
-    mime-types-data (3.2025.0924)
+    mime-types-data (3.2026.0317)
     netrc (0.11.0)
+    reline (0.6.3)
+      io-console (~> 0.5)
     rest-client (2.1.0)
       http-accept (>= 1.7.0, < 2.0)
       http-cookie (>= 1.0.2, < 2.0)
@@ -34,16 +38,16 @@ GEM
     rspec-expectations (3.13.5)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-mocks (3.13.7)
+    rspec-mocks (3.13.8)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-support (3.13.6)
+    rspec-support (3.13.7)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  byebug (= 12.0.0)
+  byebug (= 13.0.0)
   keycloak-admin!
   rspec (= 3.13.2)
 

data/README.md

@@ -12,7 +12,7 @@ This gem *does not* require Rails.
 For example, using `bundle`, add this line to your Gemfile.
 
 ```ruby
-gem "keycloak-admin", "1.1.5"
+gem "keycloak-admin", "1.1.6"
 ```
 
 ## Login
@@ -135,6 +135,13 @@ All options have a default value. However, all of them can be changed in your in
 * Execute actions emails
 * Send forgot passsword mail
 * Client Authorization, create, update, get, delete Resource, Scope, Policy, Permission, Policy Enforcer
+* Get list of client scopes, create/save/get/delete/search a client scope
+* Get list of protocol mappers for a client scope, create/save/get/delete a protocol mapper
+* Get list of organizations, create/update/get/delete an organization
+* Get list of members of an organization, add/remove members
+* Invite new or existing users to an organization
+* List, add, and remove Identity Providers for an organization
+* Get list of organizations associated with a specific user
 
 ### Get an access token
 
@@ -252,6 +259,12 @@ user_id = "95985b21-d884-4bbd-b852-cb8cd365afc2"
 KeycloakAdmin.realm("a_realm").users.get_redirect_impersonation(user_id)
 ```
 
+### List all the organizations of a realm
+
+```ruby
+KeycloakAdmin.realm("a_realm").organizations.list
+```
+
 ### Exchange a configurable token
 
 *Requires your Keycloak server to have deployed the Custom REST API `configurable-token`* (https://github.com/looorent/keycloak-configurable-token-api)
@@ -746,6 +759,120 @@ KeycloakAdmin.realm("realm_a").authz_permissions(client.id, 'scope').delete(scop
  KeycloakAdmin.realm("realm_a").authz_permissions(client.id, 'resource').delete(resource_permission.id)
 ```
 
+### Manage Client Scopes
+
+### List all client scopes in a realm
+
+Returns an array of `KeycloakAdmin::ClientScopeRepresentation`.
+
+```ruby
+KeycloakAdmin.realm("a_realm").client_scopes.list
+```
+
+### Get a client scope by its id
+
+Returns an instance of `KeycloakAdmin::ClientScopeRepresentation`.
+
+```ruby
+client_scope_id = "7686af34-204c-4515-8122-78d19febbf6e"
+KeycloakAdmin.realm("a_realm").client_scopes.get(client_scope_id)
+```
+
+### Search for client scopes by name
+
+Returns an array of `KeycloakAdmin::ClientScopeRepresentation` whose names contain the given substring.
+
+```ruby
+KeycloakAdmin.realm("a_realm").client_scopes.search("my-scope")
+```
+
+### Create a client scope
+
+Takes `scope_representation` of type `KeycloakAdmin::ClientScopeRepresentation`. Returns `true` on success.
+
+```ruby
+scope             = KeycloakAdmin::ClientScopeRepresentation.new
+scope.name        = "my-scope"
+scope.description = "My custom scope"
+scope.protocol    = "openid-connect"
+scope.attributes  = { "display.on.consent.screen" => "true", "include.in.token.scope" => "true" }
+KeycloakAdmin.realm("a_realm").client_scopes.create!(scope)
+```
+
+### Save (update) a client scope
+
+Takes `scope_representation` of type `KeycloakAdmin::ClientScopeRepresentation` (must include its `id`). Returns `true` on success.
+
+```ruby
+client_scope_id = "7686af34-204c-4515-8122-78d19febbf6e"
+scope           = KeycloakAdmin.realm("a_realm").client_scopes.get(client_scope_id)
+scope.description = "Updated description"
+KeycloakAdmin.realm("a_realm").client_scopes.save(scope)
+```
+
+### Delete a client scope
+
+```ruby
+client_scope_id = "7686af34-204c-4515-8122-78d19febbf6e"
+KeycloakAdmin.realm("a_realm").client_scopes.delete(client_scope_id)
+```
+
+### Manage Protocol Mappers for a Client Scope
+
+Protocol mappers allow you to transform tokens and assertions. The following operations are available on the protocol mappers of a given client scope.
+
+### List protocol mappers for a client scope
+
+Returns an array of `KeycloakAdmin::ProtocolMapperRepresentation`.
+
+```ruby
+client_scope_id = "7686af34-204c-4515-8122-78d19febbf6e"
+KeycloakAdmin.realm("a_realm").client_scope_protocol_mappers(client_scope_id).list
+```
+
+### Get a protocol mapper by its id
+
+Returns an instance of `KeycloakAdmin::ProtocolMapperRepresentation`.
+
+```ruby
+client_scope_id = "7686af34-204c-4515-8122-78d19febbf6e"
+mapper_id       = "95985b21-d884-4bbd-b852-cb8cd365afc2"
+KeycloakAdmin.realm("a_realm").client_scope_protocol_mappers(client_scope_id).get(mapper_id)
+```
+
+### Create a protocol mapper for a client scope
+
+Takes `mapper_representation` of type `KeycloakAdmin::ProtocolMapperRepresentation`. Returns `true` on success.
+
+```ruby
+client_scope_id     = "7686af34-204c-4515-8122-78d19febbf6e"
+mapper              = KeycloakAdmin::ProtocolMapperRepresentation.new
+mapper.name         = "my-mapper"
+mapper.protocol     = "openid-connect"
+mapper.protocolMapper = "oidc-usermodel-attribute-mapper"
+mapper.config       = { "user.attribute" => "locale", "claim.name" => "locale", "jsonType.label" => "String", "id.token.claim" => "true", "access.token.claim" => "true", "userinfo.token.claim" => "true" }
+KeycloakAdmin.realm("a_realm").client_scope_protocol_mappers(client_scope_id).create!(mapper)
+```
+
+### Save (update) a protocol mapper for a client scope
+
+Takes `mapper_representation` of type `KeycloakAdmin::ProtocolMapperRepresentation` (must include its `id`). Returns `true` on success.
+
+```ruby
+client_scope_id    = "7686af34-204c-4515-8122-78d19febbf6e"
+mapper             = KeycloakAdmin.realm("a_realm").client_scope_protocol_mappers(client_scope_id).get(mapper_id)
+mapper.config["claim.name"] = "updated_claim"
+KeycloakAdmin.realm("a_realm").client_scope_protocol_mappers(client_scope_id).save(mapper)
+```
+
+### Delete a protocol mapper from a client scope
+
+```ruby
+client_scope_id = "7686af34-204c-4515-8122-78d19febbf6e"
+mapper_id       = "95985b21-d884-4bbd-b852-cb8cd365afc2"
+KeycloakAdmin.realm("a_realm").client_scope_protocol_mappers(client_scope_id).delete(mapper_id)
+```
+
 ## How to execute library tests
 
 From the `keycloak-admin-api` directory:

data/keycloak-admin.gemspec

@@ -20,5 +20,5 @@ Gem::Specification.new do |spec|
   spec.add_dependency "http-cookie", "~> 1.0", ">= 1.0.3"
   spec.add_dependency "rest-client", "~> 2.0"
   spec.add_development_dependency "rspec",  "3.13.2"
-  spec.add_development_dependency "byebug", "12.0.0"
+  spec.add_development_dependency "byebug", "13.0.0"
 end

data/lib/keycloak-admin/client/client_scope_client.rb

@@ -0,0 +1,65 @@
+module KeycloakAdmin
+  class ClientScopeClient < Client
+    def initialize(configuration, realm_client)
+      super(configuration)
+
+      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
+
+      @realm_client = realm_client
+    end
+
+    def list
+      response = execute_http do
+        RestClient::Resource.new(client_scopes_url, @configuration.rest_client_options).get(headers)
+      end
+
+      JSON.parse(response).map { |h| ClientScopeRepresentation.from_hash(h) }
+    end
+
+    def get(client_scope_id)
+      response = execute_http do
+        RestClient::Resource.new(client_scopes_url(client_scope_id), @configuration.rest_client_options).get(headers)
+      end
+
+      ClientScopeRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def create!(client_scope_representation)
+      execute_http do
+        RestClient::Resource.new(client_scopes_url, @configuration.rest_client_options).post(
+          create_payload(client_scope_representation), headers
+        )
+      end
+
+      true
+    end
+
+    def save(client_scope_representation)
+      execute_http do
+        RestClient::Resource.new(client_scopes_url(client_scope_representation.id), @configuration.rest_client_options).put(
+          create_payload(client_scope_representation), headers
+        )
+      end
+
+      true
+    end
+
+    def search(name)
+      list.select { |scope| scope&.name&.include?(name) }
+    end
+
+    def delete(client_scope_id)
+      execute_http do
+        RestClient::Resource.new(client_scopes_url(client_scope_id), @configuration.rest_client_options).delete(headers)
+      end
+
+      true
+    end
+
+    def client_scopes_url(client_scope_id = nil)
+      base = "#{@realm_client.realm_admin_url}/client-scopes"
+
+      client_scope_id ? "#{base}/#{client_scope_id}" : base
+    end
+  end
+end

data/lib/keycloak-admin/client/client_scope_protocol_mapper_client.rb

@@ -0,0 +1,62 @@
+module KeycloakAdmin
+  class ClientScopeProtocolMapperClient < Client
+    def initialize(configuration, realm_client, client_scope_id)
+      super(configuration)
+
+      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
+
+      @realm_client    = realm_client
+      @client_scope_id = client_scope_id
+    end
+
+    def list
+      response = execute_http do
+        RestClient::Resource.new(protocol_mappers_url, @configuration.rest_client_options).get(headers)
+      end
+
+      JSON.parse(response).map { |h| ProtocolMapperRepresentation.from_hash(h) }
+    end
+
+    def get(mapper_id)
+      response = execute_http do
+        RestClient::Resource.new(protocol_mappers_url(mapper_id), @configuration.rest_client_options).get(headers)
+      end
+
+      ProtocolMapperRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def create!(mapper_representation)
+      execute_http do
+        RestClient::Resource.new(protocol_mappers_url, @configuration.rest_client_options).post(
+          create_payload(mapper_representation), headers
+        )
+      end
+
+      true
+    end
+
+    def save(mapper_representation)
+      execute_http do
+        RestClient::Resource.new(protocol_mappers_url(mapper_representation.id), @configuration.rest_client_options).put(
+          create_payload(mapper_representation), headers
+        )
+      end
+
+      true
+    end
+
+    def delete(mapper_id)
+      execute_http do
+        RestClient::Resource.new(protocol_mappers_url(mapper_id), @configuration.rest_client_options).delete(headers)
+      end
+
+      true
+    end
+
+    def protocol_mappers_url(mapper_id = nil)
+      base = "#{@realm_client.realm_admin_url}/client-scopes/#{@client_scope_id}/protocol-mappers/models"
+
+      mapper_id ? "#{base}/#{mapper_id}" : base
+    end
+  end
+end

data/lib/keycloak-admin/client/organization_client.rb

@@ -0,0 +1,245 @@
+module KeycloakAdmin
+  class OrganizationClient < Client
+    def initialize(configuration, realm_client)
+      super(configuration)
+      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
+      @realm_client = realm_client
+    end
+
+    # This endpoint does not return members
+    def list(brief_representation=true, exact=nil, first=nil, max=nil, query=nil, search=nil)
+      response = execute_http do
+        RestClient::Resource.new(organizations_url_with_parameters(brief_representation, exact, first, max, query, search), @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |organization_as_hash| OrganizationRepresentation.from_hash(organization_as_hash) }
+    end
+
+    def count(exact=nil, query=nil, search=nil)
+      response = execute_http do
+        RestClient::Resource.new(count_url(exact, query, search), @configuration.rest_client_options).get(headers)
+      end
+      response.to_i
+    end
+
+    def delete(organization_id)
+      execute_http do
+        RestClient::Resource.new(organization_url(organization_id), @configuration.rest_client_options).delete(headers)
+      end
+      true
+    end
+
+    def update(organization_representation)
+      execute_http do
+        RestClient::Resource.new(organization_url(organization_representation.id), @configuration.rest_client_options).put(
+          create_payload(organization_representation), headers
+        )
+      end
+
+      get(organization_representation.id)
+    end
+
+    def create!(name, alias_name, enabled, description, redirect_url=nil, domains=[], attributes={})
+      save(build(name, alias_name, enabled, description, redirect_url, domains, attributes))
+    end
+
+    # This operation does not associate members and identity providers
+    def save(organization_representation)
+      execute_http do
+        RestClient::Resource.new(organizations_url, @configuration.rest_client_options).post(
+          create_payload(organization_representation), headers
+        )
+      end
+      true
+    end
+
+    def get(organization_id)
+      response = execute_http do
+        RestClient::Resource.new(organization_url(organization_id), @configuration.rest_client_options).get(headers)
+      end
+      OrganizationRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def identity_providers(organization_id)
+      response = execute_http do
+        RestClient::Resource.new(identity_providers_url(organization_id), @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |idp_as_hash| IdentityProviderRepresentation.from_hash(idp_as_hash) }
+    end
+
+    def get_identity_provider(organization_id, identity_provider_alias)
+      raise ArgumentError.new("identity_provider_alias must be defined") if identity_provider_alias.nil?
+      response = execute_http do
+        RestClient::Resource.new("#{identity_providers_url(organization_id)}/#{identity_provider_alias}", @configuration.rest_client_options).get(headers)
+      end
+      IdentityProviderRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def add_identity_provider(organization_id, identity_provider_alias)
+      raise ArgumentError.new("identity_provider_alias must be defined") if identity_provider_alias.nil?
+      execute_http do
+        RestClient::Resource.new(identity_providers_url(organization_id), @configuration.rest_client_options).post(identity_provider_alias, headers)
+      end
+      true
+    end
+
+    def delete_identity_provider(organization_id, identity_provider_alias)
+      execute_http do
+        RestClient::Resource.new(identity_provider_url(organization_id, identity_provider_alias), @configuration.rest_client_options).delete(headers)
+      end
+      true
+    end
+
+    def members_count(organization_id)
+      response = execute_http do
+        RestClient::Resource.new(members_count_url(organization_id), @configuration.rest_client_options).get(headers)
+      end
+      response.to_i
+    end
+
+    def members(organization_id, exact=nil, first=nil, max=nil, membership_type=nil, search=nil)
+      response = execute_http do
+        RestClient::Resource.new(members_url_with_query_parameters(organization_id, exact, first, max, membership_type, search), @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |member_as_hash| MemberRepresentation.from_hash(member_as_hash) }
+    end
+
+    def invite_existing_user(organization_id, user_id)
+      raise ArgumentError.new("user_id must be defined") if user_id.nil?
+      execute_http do
+        RestClient::Resource.new(invite_existing_user_url(organization_id), @configuration.rest_client_options).post({id: user_id}, headers.merge(content_type: "application/x-www-form-urlencoded"))
+      end
+      true
+    end
+
+    def invite_user(organization_id, email, first_name, last_name)
+      execute_http do
+        RestClient::Resource.new(invite_user_url(organization_id), @configuration.rest_client_options).post({
+          email: email,
+          firstName: first_name,
+          lastName: last_name
+        }, headers.merge(content_type: "application/x-www-form-urlencoded"))
+      end
+      true
+    end
+
+    def add_member(organization_id, user_id)
+      raise ArgumentError.new("user_id must be defined") if user_id.nil?
+      execute_http do
+        RestClient::Resource.new(members_url(organization_id), @configuration.rest_client_options).post(user_id, headers)
+      end
+      true
+    end
+
+    def delete_member(organization_id, member_id)
+      execute_http do
+        RestClient::Resource.new(member_url(organization_id, member_id), @configuration.rest_client_options).delete(headers)
+      end
+      true
+    end
+
+    def get_member(organization_id, member_id)
+      response = execute_http do
+        RestClient::Resource.new(member_url(organization_id, member_id), @configuration.rest_client_options).get(headers)
+      end
+      MemberRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def associated_with_member(member_id, brief_representation=true)
+      response = execute_http do
+        RestClient::Resource.new(associated_with_member_url(member_id, brief_representation), @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |organization_as_hash| OrganizationRepresentation.from_hash(organization_as_hash) }
+    end
+
+    def organizations_url
+      "#{@realm_client.realm_admin_url}/organizations"
+    end
+
+    def organization_url(organization_id)
+      raise ArgumentError.new("organization_id must be defined") if organization_id.nil?
+      "#{organizations_url}/#{organization_id}"
+    end
+
+    def identity_providers_url(organization_id)
+      "#{organization_url(organization_id)}/identity-providers"
+    end
+
+    def identity_provider_url(organization_id, identity_provider_alias)
+      raise ArgumentError.new("identity_provider_alias must be defined") if identity_provider_alias.nil?
+      "#{identity_providers_url(organization_id)}/#{identity_provider_alias}"
+    end
+
+    def count_url(exact, query, search)
+      query_parameters = {exact: exact, q: query, search: search}.compact.to_a.map { |e| "#{e[0]}=#{e[1]}" }.join("&")
+      "#{organizations_url}/count?#{query_parameters}"
+    end
+
+    def organizations_url_with_parameters(brief_representation, exact, first, max, query, search)
+      query_parameters = {
+        briefRepresentation: brief_representation,
+        exact: exact,
+        first: first,
+        max: max,
+        q: query,
+        search: search
+      }.compact.to_a.map { |e| "#{e[0]}=#{e[1]}" }.join("&")
+      "#{organizations_url}?#{query_parameters}"
+    end
+
+    def associated_with_member_url(member_id, brief_representation=true)
+      "#{organizations_url}/members/#{member_id}/organizations?briefRepresentation=#{brief_representation}"
+    end
+
+    def members_count_url(organization_id)
+      "#{organization_url(organization_id)}/members/count"
+    end
+
+    def member_url(organization_id, member_id)
+      raise ArgumentError.new("member_id must be defined") if member_id.nil?
+      "#{organization_url(organization_id)}/members/#{member_id}"
+    end
+
+    def invite_existing_user_url(organization_id)
+      "#{organization_url(organization_id)}/members/invite-existing-user"
+    end
+
+    def invite_user_url(organization_id)
+      "#{organization_url(organization_id)}/members/invite-user"
+    end
+
+    def members_url(organization_id)
+      "#{organization_url(organization_id)}/members"
+    end
+
+    def members_url_with_query_parameters(organization_id, exact, first, max, membership_type, search)
+      query_parameters = {
+        exact: exact,
+        first: first,
+        max: max,
+        membershipType: membership_type,
+        search: search
+      }.compact.to_a.map { |e| "#{e[0]}=#{e[1]}" }.join("&")
+      "#{organization_url(organization_id)}/members?#{query_parameters}"
+    end
+
+    def build(name, alias_name, enabled, description, redirect_url=nil, domains=[], attributes={})
+      unless domains.is_a?(Array)
+        raise ArgumentError.new("domains must be an Array, got #{new_domains.class}")
+      end
+
+      unless domains.all? { |domain| domain.is_a?(KeycloakAdmin::OrganizationDomainRepresentation) }
+        raise ArgumentError.new("All items in domains must be of type OrganizationDomainRepresentation")
+      end
+
+      organization              = OrganizationRepresentation.new
+      organization.name         = name
+      organization.alias        = alias_name
+      organization.enabled      = enabled
+      organization.description  = description
+      organization.redirect_url = redirect_url
+      organization.domains      = domains
+      organization.attributes   = attributes
+      organization
+    end
+  end
+end

data/lib/keycloak-admin/client/realm_client.rb

@@ -95,10 +95,22 @@ module KeycloakAdmin
       IdentityProviderClient.new(@configuration, self)
     end
 
+    def organizations
+      OrganizationClient.new(@configuration, self)
+    end
+
     def user(user_id)
       UserResource.new(@configuration, self, user_id)
     end
 
+    def client_scopes
+      ClientScopeClient.new(@configuration, self)
+    end
+
+    def client_scope_protocol_mappers(client_scope_id)
+      ClientScopeProtocolMapperClient.new(@configuration, self, client_scope_id)
+    end
+
     def authz_scopes(client_id, resource_id = nil)
       ClientAuthzScopeClient.new(@configuration, self, client_id, resource_id)
     end

data/lib/keycloak-admin/representation/client_scope_representation.rb

@@ -0,0 +1,21 @@
+module KeycloakAdmin
+  class ClientScopeRepresentation < Representation
+    attr_accessor :id,
+                  :name,
+                  :description,
+                  :protocol,
+                  :attributes,
+                  :protocol_mappers
+
+    def self.from_hash(hash)
+      rep                  = new
+      rep.id               = hash["id"]
+      rep.name             = hash["name"]
+      rep.description      = hash["description"]
+      rep.protocol         = hash["protocol"]
+      rep.attributes       = hash["attributes"]
+      rep.protocol_mappers = (hash["protocolMappers"] || []).map { |m| ProtocolMapperRepresentation.from_hash(m) }
+      rep
+    end
+  end
+end