@keycloak/keycloak-admin-client 21.1.2 → 22.0.0

package/README.md

@@ -107,20 +107,20 @@ setInterval(() => kcAdminClient.auth(credentials), 58 * 1000); // 58 seconds
 To build the source do a build:
 
 ```bash
-npm run build
+pnpm run build
 ```
 
 Start the Keycloak server:
 
 ```bash
-npm run server:start
+pnpm run server:start
 ```
 
 If you started your container manually make sure there is an admin user named 'admin' with password 'admin'.
 Then start the tests with:
 
 ```bash
-npm test
+pnpm test
 ```
 
 ## Supported APIs

package/lib/defs/policyRepresentation.js

@@ -6,14 +6,14 @@ export var DecisionStrategy;
     DecisionStrategy["AFFIRMATIVE"] = "AFFIRMATIVE";
     DecisionStrategy["UNANIMOUS"] = "UNANIMOUS";
     DecisionStrategy["CONSENSUS"] = "CONSENSUS";
-})(DecisionStrategy = DecisionStrategy || (DecisionStrategy = {}));
+})(DecisionStrategy || (DecisionStrategy = {}));
 export var DecisionEffect;
 (function (DecisionEffect) {
     DecisionEffect["Permit"] = "PERMIT";
     DecisionEffect["Deny"] = "DENY";
-})(DecisionEffect = DecisionEffect || (DecisionEffect = {}));
+})(DecisionEffect || (DecisionEffect = {}));
 export var Logic;
 (function (Logic) {
     Logic["POSITIVE"] = "POSITIVE";
     Logic["NEGATIVE"] = "NEGATIVE";
-})(Logic = Logic || (Logic = {}));
+})(Logic || (Logic = {}));

package/lib/defs/requiredActionProviderRepresentation.js

@@ -8,4 +8,4 @@ export var RequiredActionAlias;
     RequiredActionAlias["CONFIGURE_TOTP"] = "CONFIGURE_TOTP";
     RequiredActionAlias["UPDATE_PASSWORD"] = "UPDATE_PASSWORD";
     RequiredActionAlias["TERMS_AND_CONDITIONS"] = "TERMS_AND_CONDITIONS";
-})(RequiredActionAlias = RequiredActionAlias || (RequiredActionAlias = {}));
+})(RequiredActionAlias || (RequiredActionAlias = {}));

package/lib/defs/serverInfoRepesentation.d.ts

@@ -87,4 +87,6 @@ export interface ProtocolMapperTypeRepresentation {
 export interface CryptoInfoRepresentation {
     cryptoProvider: string;
     supportedKeystoreTypes: string[];
+    clientSignatureSymmetricAlgorithms: string[];
+    clientSignatureAsymmetricAlgorithms: string[];
 }

package/lib/resources/agent.js

@@ -20,17 +20,17 @@ export class Agent {
         return async (payload = {}, options) => {
             const baseParams = this.getBaseParams?.() ?? {};
             // Filter query parameters by queryParamKeys
-            const queryParams = queryParamKeys
-                ? pick(payload, queryParamKeys)
-                : undefined;
+            const queryParams = queryParamKeys.length > 0 ? pick(payload, queryParamKeys) : undefined;
             // Add filtered payload parameters to base parameters
             const allUrlParamKeys = [...Object.keys(baseParams), ...urlParamKeys];
             const urlParams = { ...baseParams, ...pick(payload, allUrlParamKeys) };
-            // Omit url parameters and query parameters from payload
-            const omittedKeys = ignoredKeys
-                ? [...allUrlParamKeys, ...queryParamKeys].filter((key) => !ignoredKeys.includes(key))
-                : [...allUrlParamKeys, ...queryParamKeys];
-            payload = omit(payload, omittedKeys);
+            if (!(payload instanceof FormData)) {
+                // Omit url parameters and query parameters from payload
+                const omittedKeys = ignoredKeys
+                    ? [...allUrlParamKeys, ...queryParamKeys].filter((key) => !ignoredKeys.includes(key))
+                    : [...allUrlParamKeys, ...queryParamKeys];
+                payload = omit(payload, omittedKeys);
+            }
             // Transform keys of both payload and queryParams
             if (keyTransform) {
                 this.transformKey(payload, keyTransform);

package/lib/resources/groups.d.ts

@@ -27,6 +27,9 @@ export declare class Groups extends Resource<{
     }) | undefined, options?: Pick<import("./agent.js").RequestArgs, "catchNotFound"> | undefined) => Promise<{
         id: string;
     }>;
+    updateRoot: (payload?: (GroupRepresentation & {
+        realm?: string | undefined;
+    }) | undefined, options?: Pick<import("./agent.js").RequestArgs, "catchNotFound"> | undefined) => Promise<void>;
     /**
      * Single user
      */
@@ -53,6 +56,7 @@ export declare class Groups extends Resource<{
     /**
      * Set or create child.
      * This will just set the parent if it exists. Create it and set the parent if the group doesn’t exist.
+     * @deprecated Use `createChildGroup` or `updateChildGroup` instead.
      */
     setOrCreateChild: (query: {
         id: string;
@@ -61,6 +65,25 @@ export declare class Groups extends Resource<{
     }, payload: GroupRepresentation) => Promise<{
         id: string;
     }>;
+    /**
+     * Creates a child group on the specified parent group. If the group already exists, then an error is returned.
+     */
+    createChildGroup: (query: {
+        id: string;
+    } & {
+        realm?: string | undefined;
+    }, payload: Omit<GroupRepresentation, "id">) => Promise<{
+        id: string;
+    }>;
+    /**
+     * Updates a child group on the specified parent group. If the group doesn’t exist, then an error is returned.
+     * Can be used to move a group from one parent to another.
+     */
+    updateChildGroup: (query: {
+        id: string;
+    } & {
+        realm?: string | undefined;
+    }, payload: GroupRepresentation) => Promise<void>;
     /**
      * Members
      */

package/lib/resources/groups.js

@@ -7,6 +7,9 @@ export class Groups extends Resource {
         method: "POST",
         returnResourceIdInLocationHeader: { field: "id" },
     });
+    updateRoot = this.makeRequest({
+        method: "POST",
+    });
     /**
      * Single user
      */
@@ -33,6 +36,7 @@ export class Groups extends Resource {
     /**
      * Set or create child.
      * This will just set the parent if it exists. Create it and set the parent if the group doesn’t exist.
+     * @deprecated Use `createChildGroup` or `updateChildGroup` instead.
      */
     setOrCreateChild = this.makeUpdateRequest({
         method: "POST",
@@ -40,6 +44,24 @@ export class Groups extends Resource {
         urlParamKeys: ["id"],
         returnResourceIdInLocationHeader: { field: "id" },
     });
+    /**
+     * Creates a child group on the specified parent group. If the group already exists, then an error is returned.
+     */
+    createChildGroup = this.makeUpdateRequest({
+        method: "POST",
+        path: "/{id}/children",
+        urlParamKeys: ["id"],
+        returnResourceIdInLocationHeader: { field: "id" },
+    });
+    /**
+     * Updates a child group on the specified parent group. If the group doesn’t exist, then an error is returned.
+     * Can be used to move a group from one parent to another.
+     */
+    updateChildGroup = this.makeUpdateRequest({
+        method: "POST",
+        path: "/{id}/children",
+        urlParamKeys: ["id"],
+    });
     /**
      * Members
      */

package/lib/resources/identityProviders.d.ts

@@ -75,10 +75,10 @@ export declare class IdentityProviders extends Resource<{
     } & {
         realm?: string | undefined;
     }) | undefined, options?: Pick<import("./agent.js").RequestArgs, "catchNotFound"> | undefined) => Promise<Record<string, IdentityProviderMapperTypeRepresentation>>;
-    importFromUrl: (payload?: ({
+    importFromUrl: (payload?: ((FormData | {
         fromUrl: string;
         providerId: string;
-    } & {
+    }) & {
         realm?: string | undefined;
     }) | undefined, options?: Pick<import("./agent.js").RequestArgs, "catchNotFound"> | undefined) => Promise<Record<string, string>>;
     updatePermission: (query: {

package/lib/resources/realms.js

@@ -122,8 +122,8 @@ export class Realms extends Resource {
      */
     removeSession = this.makeRequest({
         method: "DELETE",
-        path: "/{realm}/sessions/{session}",
-        urlParamKeys: ["realm", "session"],
+        path: "/{realm}/sessions/{sessionId}",
+        urlParamKeys: ["realm", "sessionId"],
         catchNotFound: true,
     });
     /**

package/lib/utils/auth.js

@@ -2,6 +2,14 @@ import camelize from "camelize-ts";
 import { defaultBaseUrl, defaultRealm } from "./constants.js";
 import { fetchWithError } from "./fetchWithError.js";
 import { stringifyQueryParams } from "./stringifyQueryParams.js";
+// See: https://developer.mozilla.org/en-US/docs/Glossary/Base64
+const bytesToBase64 = (bytes) => btoa(Array.from(bytes, (byte) => String.fromCodePoint(byte)).join(""));
+const toBase64 = (input) => bytesToBase64(new TextEncoder().encode(input));
+// See: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent#encoding_for_rfc3986
+const encodeRFC3986URIComponent = (input) => encodeURIComponent(input).replace(/[!'()*]/g, (c) => `%${c.charCodeAt(0).toString(16).toUpperCase()}`);
+// See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent
+// Specifically, the section on encoding `application/x-www-form-urlencoded`.
+const encodeFormURIComponent = (data) => encodeRFC3986URIComponent(data).replaceAll("%20", "+");
 export const getToken = async (settings) => {
     // Construct URL
     const baseUrl = settings.baseUrl || defaultBaseUrl;
@@ -28,7 +36,11 @@ export const getToken = async (settings) => {
     const options = settings.requestOptions ?? {};
     const headers = new Headers(options.headers);
     if (credentials.clientSecret) {
-        headers.set("Authorization", `Basic ${btoa(`${credentials.clientId}:${credentials.clientSecret}`)}`);
+        // See: https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1
+        const username = encodeFormURIComponent(credentials.clientId);
+        const password = encodeFormURIComponent(credentials.clientSecret);
+        // See: https://datatracker.ietf.org/doc/html/rfc2617#section-2
+        headers.set("authorization", `Basic ${toBase64(`${username}:${password}`)}`);
     }
     headers.set("content-type", "application/x-www-form-urlencoded");
     const response = await fetchWithError(url, {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@keycloak/keycloak-admin-client",
-  "version": "21.1.2",
+  "version": "22.0.0",
   "description": "A client to interact with Keycloak's Administration API",
   "type": "module",
   "main": "lib/index.js",
@@ -11,12 +11,6 @@
   "engines": {
     "node": ">=18"
   },
-  "scripts": {
-    "build": "wireit",
-    "lint": "wireit",
-    "test": "wireit",
-    "prepublishOnly": "npm run build"
-  },
   "wireit": {
     "build": {
       "command": "tsc --pretty",
@@ -37,17 +31,17 @@
     }
   },
   "dependencies": {
-    "camelize-ts": "^2.5.0",
+    "camelize-ts": "^3.0.0",
     "lodash-es": "^4.17.21",
     "url-join": "^5.0.0",
     "url-template": "^3.1.0"
   },
   "devDependencies": {
-    "@faker-js/faker": "^7.6.0",
-    "@types/chai": "^4.3.4",
+    "@faker-js/faker": "^8.0.2",
+    "@types/chai": "^4.3.5",
     "@types/lodash-es": "^4.17.7",
     "@types/mocha": "^10.0.1",
-    "@types/node": "^18.15.11",
+    "@types/node": "^20.4.1",
     "chai": "^4.3.7",
     "mocha": "^10.2.0",
     "ts-node": "^10.9.1"
@@ -61,5 +55,10 @@
     "type": "git",
     "url": "https://github.com/keycloak/keycloak.git"
   },
-  "homepage": "https://www.keycloak.org/"
-}
+  "homepage": "https://www.keycloak.org/",
+  "scripts": {
+    "build": "wireit",
+    "lint": "wireit",
+    "test": "wireit"
+  }
+}