npm - @pawells/nestjs-auth - Versions diffs - 1.0.0-dev.4c8c698 - Mend

@pawells/nestjs-auth 1.0.0-dev.4c8c698

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (194) hide show

package/LICENSE +21 -0
package/README.md +602 -0
package/build/LICENSE +21 -0
package/build/README.md +602 -0
package/build/admin/client/client.d.ts +82 -0
package/build/admin/client/client.d.ts.map +1 -0
package/build/admin/client/client.js +157 -0
package/build/admin/client/client.js.map +1 -0
package/build/admin/client/errors/base-error.d.ts +58 -0
package/build/admin/client/errors/base-error.d.ts.map +1 -0
package/build/admin/client/errors/base-error.js +100 -0
package/build/admin/client/errors/base-error.js.map +1 -0
package/build/admin/client/errors/index.d.ts +2 -0
package/build/admin/client/errors/index.d.ts.map +1 -0
package/build/admin/client/errors/index.js +2 -0
package/build/admin/client/errors/index.js.map +1 -0
package/build/admin/client/index.d.ts +6 -0
package/build/admin/client/index.d.ts.map +1 -0
package/build/admin/client/index.js +11 -0
package/build/admin/client/index.js.map +1 -0
package/build/admin/client/services/authentication.service.d.ts +54 -0
package/build/admin/client/services/authentication.service.d.ts.map +1 -0
package/build/admin/client/services/authentication.service.js +99 -0
package/build/admin/client/services/authentication.service.js.map +1 -0
package/build/admin/client/services/base-service.d.ts +39 -0
package/build/admin/client/services/base-service.d.ts.map +1 -0
package/build/admin/client/services/base-service.js +107 -0
package/build/admin/client/services/base-service.js.map +1 -0
package/build/admin/client/services/client.service.d.ts +86 -0
package/build/admin/client/services/client.service.d.ts.map +1 -0
package/build/admin/client/services/client.service.js +193 -0
package/build/admin/client/services/client.service.js.map +1 -0
package/build/admin/client/services/event.service.d.ts +84 -0
package/build/admin/client/services/event.service.d.ts.map +1 -0
package/build/admin/client/services/event.service.js +155 -0
package/build/admin/client/services/event.service.js.map +1 -0
package/build/admin/client/services/federated-identity.service.d.ts +89 -0
package/build/admin/client/services/federated-identity.service.d.ts.map +1 -0
package/build/admin/client/services/federated-identity.service.js +120 -0
package/build/admin/client/services/federated-identity.service.js.map +1 -0
package/build/admin/client/services/group.service.d.ts +52 -0
package/build/admin/client/services/group.service.d.ts.map +1 -0
package/build/admin/client/services/group.service.js +105 -0
package/build/admin/client/services/group.service.js.map +1 -0
package/build/admin/client/services/identity-provider.service.d.ts +47 -0
package/build/admin/client/services/identity-provider.service.d.ts.map +1 -0
package/build/admin/client/services/identity-provider.service.js +86 -0
package/build/admin/client/services/identity-provider.service.js.map +1 -0
package/build/admin/client/services/index.d.ts +11 -0
package/build/admin/client/services/index.d.ts.map +1 -0
package/build/admin/client/services/index.js +11 -0
package/build/admin/client/services/index.js.map +1 -0
package/build/admin/client/services/realm.service.d.ts +41 -0
package/build/admin/client/services/realm.service.d.ts.map +1 -0
package/build/admin/client/services/realm.service.js +80 -0
package/build/admin/client/services/realm.service.js.map +1 -0
package/build/admin/client/services/role.service.d.ts +45 -0
package/build/admin/client/services/role.service.d.ts.map +1 -0
package/build/admin/client/services/role.service.js +92 -0
package/build/admin/client/services/role.service.js.map +1 -0
package/build/admin/client/services/user.service.d.ts +84 -0
package/build/admin/client/services/user.service.d.ts.map +1 -0
package/build/admin/client/services/user.service.js +216 -0
package/build/admin/client/services/user.service.js.map +1 -0
package/build/admin/client/types/config.types.d.ts +59 -0
package/build/admin/client/types/config.types.d.ts.map +1 -0
package/build/admin/client/types/config.types.js +13 -0
package/build/admin/client/types/config.types.js.map +1 -0
package/build/admin/client/types/event.types.d.ts +176 -0
package/build/admin/client/types/event.types.d.ts.map +1 -0
package/build/admin/client/types/event.types.js +2 -0
package/build/admin/client/types/event.types.js.map +1 -0
package/build/admin/client/types/index.d.ts +4 -0
package/build/admin/client/types/index.d.ts.map +1 -0
package/build/admin/client/types/index.js +4 -0
package/build/admin/client/types/index.js.map +1 -0
package/build/admin/client/types/keycloak.types.d.ts +169 -0
package/build/admin/client/types/keycloak.types.d.ts.map +1 -0
package/build/admin/client/types/keycloak.types.js +2 -0
package/build/admin/client/types/keycloak.types.js.map +1 -0
package/build/admin/client/utils/index.d.ts +2 -0
package/build/admin/client/utils/index.d.ts.map +1 -0
package/build/admin/client/utils/index.js +2 -0
package/build/admin/client/utils/index.js.map +1 -0
package/build/admin/client/utils/retry.d.ts +40 -0
package/build/admin/client/utils/retry.d.ts.map +1 -0
package/build/admin/client/utils/retry.js +72 -0
package/build/admin/client/utils/retry.js.map +1 -0
package/build/admin/config/keycloak.config.d.ts +33 -0
package/build/admin/config/keycloak.config.d.ts.map +1 -0
package/build/admin/config/keycloak.config.js +2 -0
package/build/admin/config/keycloak.config.js.map +1 -0
package/build/admin/config/keycloak.defaults.d.ts +11 -0
package/build/admin/config/keycloak.defaults.d.ts.map +1 -0
package/build/admin/config/keycloak.defaults.js +60 -0
package/build/admin/config/keycloak.defaults.js.map +1 -0
package/build/admin/health/keycloak.health.d.ts +13 -0
package/build/admin/health/keycloak.health.d.ts.map +1 -0
package/build/admin/health/keycloak.health.js +54 -0
package/build/admin/health/keycloak.health.js.map +1 -0
package/build/admin/index.d.ts +10 -0
package/build/admin/index.d.ts.map +1 -0
package/build/admin/index.js +9 -0
package/build/admin/index.js.map +1 -0
package/build/admin/keycloak-admin.interfaces.d.ts +45 -0
package/build/admin/keycloak-admin.interfaces.d.ts.map +1 -0
package/build/admin/keycloak-admin.interfaces.js +2 -0
package/build/admin/keycloak-admin.interfaces.js.map +1 -0
package/build/admin/keycloak-admin.module.d.ts +23 -0
package/build/admin/keycloak-admin.module.d.ts.map +1 -0
package/build/admin/keycloak-admin.module.js +101 -0
package/build/admin/keycloak-admin.module.js.map +1 -0
package/build/admin/keycloak.constants.d.ts +16 -0
package/build/admin/keycloak.constants.d.ts.map +1 -0
package/build/admin/keycloak.constants.js +16 -0
package/build/admin/keycloak.constants.js.map +1 -0
package/build/admin/permissions/index.d.ts +2 -0
package/build/admin/permissions/index.d.ts.map +1 -0
package/build/admin/permissions/index.js +2 -0
package/build/admin/permissions/index.js.map +1 -0
package/build/admin/permissions/keycloak-admin.permissions.d.ts +45 -0
package/build/admin/permissions/keycloak-admin.permissions.d.ts.map +1 -0
package/build/admin/permissions/keycloak-admin.permissions.js +68 -0
package/build/admin/permissions/keycloak-admin.permissions.js.map +1 -0
package/build/admin/services/keycloak-admin.service.d.ts +64 -0
package/build/admin/services/keycloak-admin.service.d.ts.map +1 -0
package/build/admin/services/keycloak-admin.service.js +152 -0
package/build/admin/services/keycloak-admin.service.js.map +1 -0
package/build/decorators/auth-decorators.d.ts +217 -0
package/build/decorators/auth-decorators.d.ts.map +1 -0
package/build/decorators/auth-decorators.js +251 -0
package/build/decorators/auth-decorators.js.map +1 -0
package/build/decorators/context-utils.d.ts +101 -0
package/build/decorators/context-utils.d.ts.map +1 -0
package/build/decorators/context-utils.js +178 -0
package/build/decorators/context-utils.js.map +1 -0
package/build/decorators/graphql-auth-decorators.d.ts +144 -0
package/build/decorators/graphql-auth-decorators.d.ts.map +1 -0
package/build/decorators/graphql-auth-decorators.js +152 -0
package/build/decorators/graphql-auth-decorators.js.map +1 -0
package/build/decorators/index.d.ts +5 -0
package/build/decorators/index.d.ts.map +1 -0
package/build/decorators/index.js +4 -0
package/build/decorators/index.js.map +1 -0
package/build/guards/index.d.ts +4 -0
package/build/guards/index.d.ts.map +1 -0
package/build/guards/index.js +4 -0
package/build/guards/index.js.map +1 -0
package/build/guards/jwt-auth.guard.d.ts +52 -0
package/build/guards/jwt-auth.guard.d.ts.map +1 -0
package/build/guards/jwt-auth.guard.js +97 -0
package/build/guards/jwt-auth.guard.js.map +1 -0
package/build/guards/permission.guard.d.ts +37 -0
package/build/guards/permission.guard.d.ts.map +1 -0
package/build/guards/permission.guard.js +73 -0
package/build/guards/permission.guard.js.map +1 -0
package/build/guards/role.guard.d.ts +33 -0
package/build/guards/role.guard.d.ts.map +1 -0
package/build/guards/role.guard.js +69 -0
package/build/guards/role.guard.js.map +1 -0
package/build/index.d.ts +92 -0
package/build/index.d.ts.map +1 -0
package/build/index.js +98 -0
package/build/index.js.map +1 -0
package/build/keycloak/index.d.ts +7 -0
package/build/keycloak/index.d.ts.map +1 -0
package/build/keycloak/index.js +5 -0
package/build/keycloak/index.js.map +1 -0
package/build/keycloak/keycloak.constants.d.ts +2 -0
package/build/keycloak/keycloak.constants.d.ts.map +1 -0
package/build/keycloak/keycloak.constants.js +2 -0
package/build/keycloak/keycloak.constants.js.map +1 -0
package/build/keycloak/keycloak.interfaces.d.ts +12 -0
package/build/keycloak/keycloak.interfaces.d.ts.map +1 -0
package/build/keycloak/keycloak.interfaces.js +2 -0
package/build/keycloak/keycloak.interfaces.js.map +1 -0
package/build/keycloak/keycloak.module.d.ts +56 -0
package/build/keycloak/keycloak.module.d.ts.map +1 -0
package/build/keycloak/keycloak.module.js +104 -0
package/build/keycloak/keycloak.module.js.map +1 -0
package/build/keycloak/keycloak.types.d.ts +60 -0
package/build/keycloak/keycloak.types.d.ts.map +1 -0
package/build/keycloak/keycloak.types.js +2 -0
package/build/keycloak/keycloak.types.js.map +1 -0
package/build/keycloak/services/jwks-cache.service.d.ts +64 -0
package/build/keycloak/services/jwks-cache.service.d.ts.map +1 -0
package/build/keycloak/services/jwks-cache.service.js +176 -0
package/build/keycloak/services/jwks-cache.service.js.map +1 -0
package/build/keycloak/services/keycloak-token-validation.service.d.ts +88 -0
package/build/keycloak/services/keycloak-token-validation.service.d.ts.map +1 -0
package/build/keycloak/services/keycloak-token-validation.service.js +243 -0
package/build/keycloak/services/keycloak-token-validation.service.js.map +1 -0
package/build/package.json +72 -0
package/package.json +93 -0

package/build/admin/client/client.js ADDED Viewed

@@ -0,0 +1,157 @@
+import { randomUUID } from 'node:crypto';
+import KcAdminClient from '@keycloak/keycloak-admin-client';
+import { isPasswordCredentials, isClientCredentials } from './types/index.js';
+import { RealmService, UserService, ClientService, RoleService, GroupService, IdentityProviderService, AuthenticationService, FederatedIdentityService, EventService, } from './services/index.js';
+// Short client identifier length (last N characters of UUID)
+const CLIENT_ID_SHORT_LENGTH = 12;
+/**
+ * Keycloak Admin API client
+ */
+export class KeycloakClient {
+    /**
+     * Unique identifier for this client instance
+     */
+    ClientUUID;
+    /**
+     * Short client identifier (last 12 characters of UUID)
+     */
+    ClientID;
+    /**
+     * Realm service for managing realms
+     */
+    Realms;
+    /**
+     * User service for managing users
+     */
+    Users;
+    /**
+     * Client service for managing OAuth/OIDC clients
+     */
+    Clients;
+    /**
+     * Role service for managing roles
+     */
+    Roles;
+    /**
+     * Group service for managing groups
+     */
+    Groups;
+    /**
+     * Identity provider service
+     */
+    IdentityProviders;
+    /**
+     * Authentication service for managing auth flows
+     */
+    Authentication;
+    /**
+     * Federated identity service
+     */
+    FederatedIdentities;
+    /**
+     * Event service for querying admin and access events
+     */
+    Events;
+    /**
+     * Internal Keycloak admin client
+     */
+    adminClient;
+    /**
+     * Client configuration
+     */
+    config;
+    /**
+     * Create a new Keycloak client instance
+     */
+    constructor(config, grantedScopes) {
+        this.config = {
+            realmName: 'master',
+            timeout: 30000,
+            ...config,
+        };
+        // Generate client identifiers
+        this.ClientUUID = randomUUID();
+        this.ClientID = this.ClientUUID.slice(-CLIENT_ID_SHORT_LENGTH);
+        // Initialize admin client
+        this.adminClient = new KcAdminClient({
+            baseUrl: this.config.baseUrl,
+            ...(this.config.realmName && { realmName: this.config.realmName }),
+        });
+        // Initialize services
+        const { logger, retry } = this.config;
+        this.Realms = new RealmService(this.adminClient, grantedScopes, logger, retry);
+        this.Users = new UserService(this.adminClient, grantedScopes, logger, retry);
+        this.Clients = new ClientService(this.adminClient, grantedScopes, logger, retry);
+        this.Roles = new RoleService(this.adminClient, grantedScopes, logger, retry);
+        this.Groups = new GroupService(this.adminClient, grantedScopes, logger, retry);
+        this.IdentityProviders = new IdentityProviderService(this.adminClient, grantedScopes, logger, retry);
+        this.Authentication = new AuthenticationService(this.adminClient, grantedScopes, logger, retry);
+        this.FederatedIdentities = new FederatedIdentityService(this.adminClient, grantedScopes, logger, retry);
+        this.Events = new EventService(this.adminClient, grantedScopes, logger, retry);
+        if (this.config.logger) {
+            this.config.logger.info('KeycloakClient initialized', {
+                clientId: this.ClientID,
+                baseUrl: this.config.baseUrl,
+                realm: this.config.realmName,
+            });
+        }
+    }
+    /**
+     * Authenticate with Keycloak admin API
+     * This must be called before making API requests
+     */
+    async authenticate() {
+        try {
+            if (isPasswordCredentials(this.config.credentials)) {
+                await this.adminClient.auth({
+                    username: this.config.credentials.username,
+                    password: this.config.credentials.password,
+                    grantType: 'password',
+                    clientId: 'admin-cli',
+                });
+                if (this.config.logger) {
+                    this.config.logger.info('Authenticated with Keycloak using password credentials', {
+                        username: this.config.credentials.username,
+                    });
+                }
+            }
+            else if (isClientCredentials(this.config.credentials)) {
+                await this.adminClient.auth({
+                    grantType: 'client_credentials',
+                    clientId: this.config.credentials.clientId,
+                    clientSecret: this.config.credentials.clientSecret,
+                });
+                if (this.config.logger) {
+                    this.config.logger.info('Authenticated with Keycloak using client credentials', {
+                        clientId: this.config.credentials.clientId,
+                    });
+                }
+            }
+        }
+        catch (error) {
+            if (this.config.logger) {
+                this.config.logger.error('Failed to authenticate with Keycloak', { error });
+            }
+            throw error;
+        }
+    }
+    /**
+     * Check if the client is authenticated
+     */
+    isAuthenticated() {
+        return this.adminClient.accessToken !== undefined;
+    }
+    /**
+     * Get the current access token
+     */
+    getAccessToken() {
+        return this.adminClient.accessToken;
+    }
+    /**
+     * Set the access token manually (for use with external auth)
+     */
+    setAccessToken(token) {
+        this.adminClient.setAccessToken(token);
+    }
+}
+//# sourceMappingURL=client.js.map

package/build/admin/client/client.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"client.js","sourceRoot":"","sources":["../../../src/admin/client/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,aAAa,MAAM,iCAAiC,CAAC;AAE5D,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAE9E,OAAO,EACN,YAAY,EACZ,WAAW,EACX,aAAa,EACb,WAAW,EACX,YAAY,EACZ,uBAAuB,EACvB,qBAAqB,EACrB,wBAAwB,EACxB,YAAY,GACZ,MAAM,qBAAqB,CAAC;AAE7B,6DAA6D;AAC7D,MAAM,sBAAsB,GAAG,EAAE,CAAC;AAElC;;GAEG;AACH,MAAM,OAAO,cAAc;IAC1B;;OAEG;IACa,UAAU,CAAS;IAEnC;;OAEG;IACa,QAAQ,CAAS;IAEjC;;OAEG;IACa,MAAM,CAAe;IAErC;;OAEG;IACa,KAAK,CAAc;IAEnC;;OAEG;IACa,OAAO,CAAgB;IAEvC;;OAEG;IACa,KAAK,CAAc;IAEnC;;OAEG;IACa,MAAM,CAAe;IAErC;;OAEG;IACa,iBAAiB,CAA0B;IAE3D;;OAEG;IACa,cAAc,CAAwB;IAEtD;;OAEG;IACa,mBAAmB,CAA2B;IAE9D;;OAEG;IACa,MAAM,CAAe;IAErC;;OAEG;IACc,WAAW,CAAgB;IAE5C;;OAEG;IACc,MAAM,CAAuB;IAE9C;;OAEG;IACH,YAAY,MAA4B,EAAE,aAA8C;QACvF,IAAI,CAAC,MAAM,GAAG;YACb,SAAS,EAAE,QAAQ;YACnB,OAAO,EAAE,KAAK;YACd,GAAG,MAAM;SACT,CAAC;QAEF,8BAA8B;QAC9B,IAAI,CAAC,UAAU,GAAG,UAAU,EAAE,CAAC;QAC/B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,sBAAsB,CAAC,CAAC;QAE/D,0BAA0B;QAC1B,IAAI,CAAC,WAAW,GAAG,IAAI,aAAa,CAAC;YACpC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;SAClE,CAAC,CAAC;QAEH,sBAAsB;QACtB,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC;QAEtC,IAAI,CAAC,MAAM,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,WAAW,EAAE,aAAa,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QAC/E,IAAI,CAAC,KAAK,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,WAAW,EAAE,aAAa,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QAC7E,IAAI,CAAC,OAAO,GAAG,IAAI,aAAa,CAAC,IAAI,CAAC,WAAW,EAAE,aAAa,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QACjF,IAAI,CAAC,KAAK,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,WAAW,EAAE,aAAa,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QAC7E,IAAI,CAAC,MAAM,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,WAAW,EAAE,aAAa,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QAC/E,IAAI,CAAC,iBAAiB,GAAG,IAAI,uBAAuB,CAAC,IAAI,CAAC,WAAW,EAAE,aAAa,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QACrG,IAAI,CAAC,cAAc,GAAG,IAAI,qBAAqB,CAAC,IAAI,CAAC,WAAW,EAAE,aAAa,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QAChG,IAAI,CAAC,mBAAmB,GAAG,IAAI,wBAAwB,CAAC,IAAI,CAAC,WAAW,EAAE,aAAa,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QACxG,IAAI,CAAC,MAAM,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,WAAW,EAAE,aAAa,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QAE/E,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACxB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,EAAE;gBACrD,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;gBAC5B,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;aAC5B,CAAC,CAAC;QACJ,CAAC;IACF,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,YAAY;QACxB,IAAI,CAAC;YACJ,IAAI,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;gBACpD,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;oBAC3B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ;oBAC1C,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ;oBAC1C,SAAS,EAAE,UAAU;oBACrB,QAAQ,EAAE,WAAW;iBACrB,CAAC,CAAC;gBAEH,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;oBACxB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,wDAAwD,EAAE;wBACjF,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ;qBAC1C,CAAC,CAAC;gBACJ,CAAC;YACF,CAAC;iBAAM,IAAI,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzD,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;oBAC3B,SAAS,EAAE,oBAAoB;oBAC/B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ;oBAC1C,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY;iBAClD,CAAC,CAAC;gBAEH,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;oBACxB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,sDAAsD,EAAE;wBAC/E,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ;qBAC1C,CAAC,CAAC;gBACJ,CAAC;YACF,CAAC;QACF,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;gBACxB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,sCAAsC,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAC7E,CAAC;YACD,MAAM,KAAK,CAAC;QACb,CAAC;IACF,CAAC;IAED;;OAEG;IACI,eAAe;QACrB,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,KAAK,SAAS,CAAC;IACnD,CAAC;IAED;;OAEG;IACI,cAAc;QACpB,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC;IACrC,CAAC;IAED;;OAEG;IACI,cAAc,CAAC,KAAa;QAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IACxC,CAAC;CACD"}

package/build/admin/client/errors/base-error.d.ts ADDED Viewed

@@ -0,0 +1,58 @@
+import { BaseApplicationError } from '@pawells/nestjs-shared/common';
+/**
+ * Base error class for Keycloak client errors
+ */
+export declare class KeycloakClientError extends BaseApplicationError {
+    readonly cause?: Error | undefined;
+    readonly response?: unknown;
+    constructor(message: string, statusCode?: number, response?: unknown, cause?: Error | undefined);
+}
+/**
+ * Authentication error - failed to authenticate with Keycloak
+ */
+export declare class AuthenticationError extends KeycloakClientError {
+    constructor(message: string, statusCode?: number, response?: unknown);
+}
+/**
+ * Authorization error - authenticated but not authorized for the operation
+ */
+export declare class AuthorizationError extends KeycloakClientError {
+    constructor(message: string, statusCode?: number, response?: unknown);
+}
+/**
+ * Resource not found error
+ */
+export declare class NotFoundError extends KeycloakClientError {
+    constructor(message: string, response?: unknown);
+}
+/**
+ * Validation error - invalid request data
+ */
+export declare class ValidationError extends KeycloakClientError {
+    constructor(message: string, response?: unknown);
+}
+/**
+ * Rate limit error - too many requests
+ */
+export declare class RateLimitError extends KeycloakClientError {
+    constructor(message: string, response?: unknown);
+}
+/**
+ * Timeout error - request took too long
+ */
+export declare class TimeoutError extends KeycloakClientError {
+    constructor(message: string);
+}
+/**
+ * Network error - connection failed
+ */
+export declare class NetworkError extends KeycloakClientError {
+    constructor(message: string, cause?: Error);
+}
+/**
+ * Conflict error - resource already exists or conflicting operation
+ */
+export declare class ConflictError extends KeycloakClientError {
+    constructor(message: string, response?: unknown);
+}
+//# sourceMappingURL=base-error.d.ts.map

package/build/admin/client/errors/base-error.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"base-error.d.ts","sourceRoot":"","sources":["../../../../src/admin/client/errors/base-error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AAWrE;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,oBAAoB;aAOlC,KAAK,CAAC,EAAE,KAAK;IANvC,SAAgB,QAAQ,CAAC,EAAE,OAAO,CAAC;gBAGlC,OAAO,EAAE,MAAM,EACf,UAAU,CAAC,EAAE,MAAM,EACnB,QAAQ,CAAC,EAAE,OAAO,EACO,KAAK,CAAC,EAAE,KAAK,YAAA;CAWvC;AAED;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,mBAAmB;gBAC/C,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,OAAO;CAIpE;AAED;;GAEG;AACH,qBAAa,kBAAmB,SAAQ,mBAAmB;gBAC9C,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,OAAO;CAIpE;AAED;;GAEG;AACH,qBAAa,aAAc,SAAQ,mBAAmB;gBACzC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,OAAO;CAI/C;AAED;;GAEG;AACH,qBAAa,eAAgB,SAAQ,mBAAmB;gBAC3C,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,OAAO;CAI/C;AAED;;GAEG;AACH,qBAAa,cAAe,SAAQ,mBAAmB;gBAC1C,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,OAAO;CAI/C;AAED;;GAEG;AACH,qBAAa,YAAa,SAAQ,mBAAmB;gBACxC,OAAO,EAAE,MAAM;CAI3B;AAED;;GAEG;AACH,qBAAa,YAAa,SAAQ,mBAAmB;gBACxC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAI1C;AAED;;GAEG;AACH,qBAAa,aAAc,SAAQ,mBAAmB;gBACzC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,OAAO;CAI/C"}

package/build/admin/client/errors/base-error.js ADDED Viewed

@@ -0,0 +1,100 @@
+import { BaseApplicationError } from '@pawells/nestjs-shared/common';
+const HTTP_STATUS_BAD_REQUEST = 400;
+const HTTP_STATUS_UNAUTHORIZED = 401;
+const HTTP_STATUS_FORBIDDEN = 403;
+const HTTP_STATUS_NOT_FOUND = 404;
+const HTTP_STATUS_REQUEST_TIMEOUT = 408;
+const HTTP_STATUS_CONFLICT = 409;
+const HTTP_STATUS_RATE_LIMIT = 429;
+const HTTP_STATUS_INTERNAL_SERVER_ERROR = 500;
+/**
+ * Base error class for Keycloak client errors
+ */
+export class KeycloakClientError extends BaseApplicationError {
+    cause;
+    response;
+    constructor(message, statusCode, response, cause) {
+        const errorCode = `KEYCLOAK_${statusCode ? 'HTTP_' + statusCode : 'CLIENT_ERROR'}`;
+        super(message, {
+            code: errorCode,
+            statusCode: statusCode ?? HTTP_STATUS_INTERNAL_SERVER_ERROR,
+            context: { response, cause },
+        });
+        this.cause = cause;
+        this.name = 'KeycloakClientError';
+        this.response = response;
+    }
+}
+/**
+ * Authentication error - failed to authenticate with Keycloak
+ */
+export class AuthenticationError extends KeycloakClientError {
+    constructor(message, statusCode, response) {
+        super(message, statusCode ?? HTTP_STATUS_UNAUTHORIZED, response);
+        this.name = 'AuthenticationError';
+    }
+}
+/**
+ * Authorization error - authenticated but not authorized for the operation
+ */
+export class AuthorizationError extends KeycloakClientError {
+    constructor(message, statusCode, response) {
+        super(message, statusCode ?? HTTP_STATUS_FORBIDDEN, response);
+        this.name = 'AuthorizationError';
+    }
+}
+/**
+ * Resource not found error
+ */
+export class NotFoundError extends KeycloakClientError {
+    constructor(message, response) {
+        super(message, HTTP_STATUS_NOT_FOUND, response);
+        this.name = 'NotFoundError';
+    }
+}
+/**
+ * Validation error - invalid request data
+ */
+export class ValidationError extends KeycloakClientError {
+    constructor(message, response) {
+        super(message, HTTP_STATUS_BAD_REQUEST, response);
+        this.name = 'ValidationError';
+    }
+}
+/**
+ * Rate limit error - too many requests
+ */
+export class RateLimitError extends KeycloakClientError {
+    constructor(message, response) {
+        super(message, HTTP_STATUS_RATE_LIMIT, response);
+        this.name = 'RateLimitError';
+    }
+}
+/**
+ * Timeout error - request took too long
+ */
+export class TimeoutError extends KeycloakClientError {
+    constructor(message) {
+        super(message, HTTP_STATUS_REQUEST_TIMEOUT);
+        this.name = 'TimeoutError';
+    }
+}
+/**
+ * Network error - connection failed
+ */
+export class NetworkError extends KeycloakClientError {
+    constructor(message, cause) {
+        super(message, undefined, undefined, cause);
+        this.name = 'NetworkError';
+    }
+}
+/**
+ * Conflict error - resource already exists or conflicting operation
+ */
+export class ConflictError extends KeycloakClientError {
+    constructor(message, response) {
+        super(message, HTTP_STATUS_CONFLICT, response);
+        this.name = 'ConflictError';
+    }
+}
+//# sourceMappingURL=base-error.js.map

package/build/admin/client/errors/base-error.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"base-error.js","sourceRoot":"","sources":["../../../../src/admin/client/errors/base-error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AAErE,MAAM,uBAAuB,GAAG,GAAG,CAAC;AACpC,MAAM,wBAAwB,GAAG,GAAG,CAAC;AACrC,MAAM,qBAAqB,GAAG,GAAG,CAAC;AAClC,MAAM,qBAAqB,GAAG,GAAG,CAAC;AAClC,MAAM,2BAA2B,GAAG,GAAG,CAAC;AACxC,MAAM,oBAAoB,GAAG,GAAG,CAAC;AACjC,MAAM,sBAAsB,GAAG,GAAG,CAAC;AACnC,MAAM,iCAAiC,GAAG,GAAG,CAAC;AAE9C;;GAEG;AACH,MAAM,OAAO,mBAAoB,SAAQ,oBAAoB;IAOlC;IANV,QAAQ,CAAW;IAEnC,YACC,OAAe,EACf,UAAmB,EACnB,QAAkB,EACO,KAAa;QAEtC,MAAM,SAAS,GAAG,YAAY,UAAU,CAAC,CAAC,CAAC,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,cAAc,EAAE,CAAC;QACnF,KAAK,CAAC,OAAO,EAAE;YACd,IAAI,EAAE,SAAS;YACf,UAAU,EAAE,UAAU,IAAI,iCAAiC;YAC3D,OAAO,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE;SAC5B,CAAC,CAAC;QAPsB,UAAK,GAAL,KAAK,CAAQ;QAQtC,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;QAClC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC1B,CAAC;CACD;AAED;;GAEG;AACH,MAAM,OAAO,mBAAoB,SAAQ,mBAAmB;IAC3D,YAAY,OAAe,EAAE,UAAmB,EAAE,QAAkB;QACnE,KAAK,CAAC,OAAO,EAAE,UAAU,IAAI,wBAAwB,EAAE,QAAQ,CAAC,CAAC;QACjE,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACnC,CAAC;CACD;AAED;;GAEG;AACH,MAAM,OAAO,kBAAmB,SAAQ,mBAAmB;IAC1D,YAAY,OAAe,EAAE,UAAmB,EAAE,QAAkB;QACnE,KAAK,CAAC,OAAO,EAAE,UAAU,IAAI,qBAAqB,EAAE,QAAQ,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IAClC,CAAC;CACD;AAED;;GAEG;AACH,MAAM,OAAO,aAAc,SAAQ,mBAAmB;IACrD,YAAY,OAAe,EAAE,QAAkB;QAC9C,KAAK,CAAC,OAAO,EAAE,qBAAqB,EAAE,QAAQ,CAAC,CAAC;QAChD,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;IAC7B,CAAC;CACD;AAED;;GAEG;AACH,MAAM,OAAO,eAAgB,SAAQ,mBAAmB;IACvD,YAAY,OAAe,EAAE,QAAkB;QAC9C,KAAK,CAAC,OAAO,EAAE,uBAAuB,EAAE,QAAQ,CAAC,CAAC;QAClD,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAC/B,CAAC;CACD;AAED;;GAEG;AACH,MAAM,OAAO,cAAe,SAAQ,mBAAmB;IACtD,YAAY,OAAe,EAAE,QAAkB;QAC9C,KAAK,CAAC,OAAO,EAAE,sBAAsB,EAAE,QAAQ,CAAC,CAAC;QACjD,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;IAC9B,CAAC;CACD;AAED;;GAEG;AACH,MAAM,OAAO,YAAa,SAAQ,mBAAmB;IACpD,YAAY,OAAe;QAC1B,KAAK,CAAC,OAAO,EAAE,2BAA2B,CAAC,CAAC;QAC5C,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;IAC5B,CAAC;CACD;AAED;;GAEG;AACH,MAAM,OAAO,YAAa,SAAQ,mBAAmB;IACpD,YAAY,OAAe,EAAE,KAAa;QACzC,KAAK,CAAC,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;QAC5C,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;IAC5B,CAAC;CACD;AAED;;GAEG;AACH,MAAM,OAAO,aAAc,SAAQ,mBAAmB;IACrD,YAAY,OAAe,EAAE,QAAkB;QAC9C,KAAK,CAAC,OAAO,EAAE,oBAAoB,EAAE,QAAQ,CAAC,CAAC;QAC/C,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;IAC7B,CAAC;CACD"}

package/build/admin/client/errors/index.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export * from './base-error.js';
2	+ //# sourceMappingURL=index.d.ts.map

package/build/admin/client/errors/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/admin/client/errors/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC"}

package/build/admin/client/errors/index.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export * from './base-error.js';
2	+ //# sourceMappingURL=index.js.map

package/build/admin/client/errors/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/admin/client/errors/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC"}

package/build/admin/client/index.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+export * from './client.js';
+export * from './services/index.js';
+export * from './types/index.js';
+export * from './errors/index.js';
+export * from './utils/index.js';
+//# sourceMappingURL=index.d.ts.map

package/build/admin/client/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/admin/client/index.ts"],"names":[],"mappings":"AACA,cAAc,aAAa,CAAC;AAG5B,cAAc,qBAAqB,CAAC;AAGpC,cAAc,kBAAkB,CAAC;AAGjC,cAAc,mBAAmB,CAAC;AAGlC,cAAc,kBAAkB,CAAC"}

package/build/admin/client/index.js ADDED Viewed

@@ -0,0 +1,11 @@
+// Main client
+export * from './client.js';
+// Services
+export * from './services/index.js';
+// Types
+export * from './types/index.js';
+// Errors
+export * from './errors/index.js';
+// Utils
+export * from './utils/index.js';
+//# sourceMappingURL=index.js.map

package/build/admin/client/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/admin/client/index.ts"],"names":[],"mappings":"AAAA,cAAc;AACd,cAAc,aAAa,CAAC;AAE5B,WAAW;AACX,cAAc,qBAAqB,CAAC;AAEpC,QAAQ;AACR,cAAc,kBAAkB,CAAC;AAEjC,SAAS;AACT,cAAc,mBAAmB,CAAC;AAElC,QAAQ;AACR,cAAc,kBAAkB,CAAC"}

package/build/admin/client/services/authentication.service.d.ts ADDED Viewed

@@ -0,0 +1,54 @@
+import type { AuthenticationFlowRepresentation, AuthenticationExecutionInfoRepresentation } from '../types/index.js';
+import { BaseService } from './base-service.js';
+/**
+ * Service for managing Keycloak authentication flows.
+ *
+ * Provides methods for querying and managing authentication flow configurations. Authentication flows
+ * define the steps users must complete to authenticate (e.g., username/password, MFA, social login).
+ * Flows can be customized by adding, removing, or reordering authenticators.
+ * Requires `authentication:read` and `authentication:write` scopes depending on the operation.
+ *
+ * Part of {@link KeycloakAdminService.authentication | KeycloakAdminService#authentication}.
+ *
+ * @example
+ * ```typescript
+ * const flows = await keycloak.authentication.getFlows('my-realm');
+ * const flow = await keycloak.authentication.getFlow('my-realm', 'flow-id');
+ * await keycloak.authentication.createFlow('my-realm', {
+ *   alias: 'my-flow',
+ *   description: 'Custom auth flow',
+ *   builtIn: false,
+ *   providerId: 'basic-flow',
+ *   topLevel: true,
+ * });
+ * ```
+ */
+export declare class AuthenticationService extends BaseService {
+    /**
+     * Get all authentication flows
+     */
+    getFlows(realm: string): Promise<AuthenticationFlowRepresentation[]>;
+    /**
+     * Get a specific authentication flow
+     */
+    getFlow(realm: string, flowId: string): Promise<AuthenticationFlowRepresentation>;
+    /**
+     * Create an authentication flow
+     */
+    createFlow(realm: string, flow: AuthenticationFlowRepresentation): Promise<void>;
+    /**
+     * Delete an authentication flow
+     */
+    deleteFlow(realm: string, flowId: string): Promise<void>;
+    /**
+     * Get executions for a flow
+     */
+    getExecutions(realm: string, flowAlias: string): Promise<AuthenticationExecutionInfoRepresentation[]>;
+    /**
+     * Add an execution to a flow
+     */
+    createExecution(realm: string, flowAlias: string, execution: {
+        provider: string;
+    }): Promise<void>;
+}
+//# sourceMappingURL=authentication.service.d.ts.map

package/build/admin/client/services/authentication.service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"authentication.service.d.ts","sourceRoot":"","sources":["../../../../src/admin/client/services/authentication.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACX,gCAAgC,EAChC,yCAAyC,EACzC,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,qBAAa,qBAAsB,SAAQ,WAAW;IACrD;;OAEG;IACU,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,gCAAgC,EAAE,CAAC;IAWjF;;OAEG;IACU,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,gCAAgC,CAAC;IAW9F;;OAEG;IACU,UAAU,CACtB,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,gCAAgC,GACpC,OAAO,CAAC,IAAI,CAAC;IAWhB;;OAEG;IACU,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAWrE;;OAEG;IACU,aAAa,CACzB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,GACf,OAAO,CAAC,yCAAyC,EAAE,CAAC;IAWvD;;OAEG;IACU,eAAe,CAC3B,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,GAC7B,OAAO,CAAC,IAAI,CAAC;CAahB"}

package/build/admin/client/services/authentication.service.js ADDED Viewed

@@ -0,0 +1,99 @@
+import { BaseService } from './base-service.js';
+/**
+ * Service for managing Keycloak authentication flows.
+ *
+ * Provides methods for querying and managing authentication flow configurations. Authentication flows
+ * define the steps users must complete to authenticate (e.g., username/password, MFA, social login).
+ * Flows can be customized by adding, removing, or reordering authenticators.
+ * Requires `authentication:read` and `authentication:write` scopes depending on the operation.
+ *
+ * Part of {@link KeycloakAdminService.authentication | KeycloakAdminService#authentication}.
+ *
+ * @example
+ * ```typescript
+ * const flows = await keycloak.authentication.getFlows('my-realm');
+ * const flow = await keycloak.authentication.getFlow('my-realm', 'flow-id');
+ * await keycloak.authentication.createFlow('my-realm', {
+ *   alias: 'my-flow',
+ *   description: 'Custom auth flow',
+ *   builtIn: false,
+ *   providerId: 'basic-flow',
+ *   topLevel: true,
+ * });
+ * ```
+ */
+export class AuthenticationService extends BaseService {
+    /**
+     * Get all authentication flows
+     */
+    async getFlows(realm) {
+        this.requireScope('authentication:read');
+        try {
+            return (await this.withRetry(() => this.adminClient.authenticationManagement.getFlows({ realm })));
+        }
+        catch (error) {
+            return this.handleError(error);
+        }
+    }
+    /**
+     * Get a specific authentication flow
+     */
+    async getFlow(realm, flowId) {
+        this.requireScope('authentication:read');
+        try {
+            return (await this.withRetry(() => this.adminClient.authenticationManagement.getFlow({ realm, flowId })));
+        }
+        catch (error) {
+            return this.handleError(error);
+        }
+    }
+    /**
+     * Create an authentication flow
+     */
+    async createFlow(realm, flow) {
+        this.requireScope('authentication:write');
+        try {
+            await this.withRetry(() => this.adminClient.authenticationManagement.createFlow({ ...flow, realm }));
+        }
+        catch (error) {
+            this.handleError(error);
+        }
+    }
+    /**
+     * Delete an authentication flow
+     */
+    async deleteFlow(realm, flowId) {
+        this.requireScope('authentication:write');
+        try {
+            await this.withRetry(() => this.adminClient.authenticationManagement.deleteFlow({ realm, flowId }));
+        }
+        catch (error) {
+            this.handleError(error);
+        }
+    }
+    /**
+     * Get executions for a flow
+     */
+    async getExecutions(realm, flowAlias) {
+        this.requireScope('authentication:read');
+        try {
+            return (await this.withRetry(() => this.adminClient.authenticationManagement.getExecutions({ realm, flow: flowAlias })));
+        }
+        catch (error) {
+            return this.handleError(error);
+        }
+    }
+    /**
+     * Add an execution to a flow
+     */
+    async createExecution(realm, flowAlias, execution) {
+        this.requireScope('authentication:write');
+        try {
+            await this.withRetry(() => this.adminClient.authenticationManagement.addExecution({ realm, flow: flowAlias }, execution));
+        }
+        catch (error) {
+            this.handleError(error);
+        }
+    }
+}
+//# sourceMappingURL=authentication.service.js.map

package/build/admin/client/services/authentication.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"authentication.service.js","sourceRoot":"","sources":["../../../../src/admin/client/services/authentication.service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,OAAO,qBAAsB,SAAQ,WAAW;IACrD;;OAEG;IACI,KAAK,CAAC,QAAQ,CAAC,KAAa;QAClC,IAAI,CAAC,YAAY,CAAC,qBAAqB,CAAC,CAAC;QACzC,IAAI,CAAC;YACJ,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACjC,IAAI,CAAC,WAAW,CAAC,wBAAwB,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,CAAC,CAC7D,CAAQ,CAAC;QACX,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,OAAO,CAAC,KAAa,EAAE,MAAc;QACjD,IAAI,CAAC,YAAY,CAAC,qBAAqB,CAAC,CAAC;QACzC,IAAI,CAAC;YACJ,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACjC,IAAI,CAAC,WAAW,CAAC,wBAAwB,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CACpE,CAAQ,CAAC;QACX,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,UAAU,CACtB,KAAa,EACb,IAAsC;QAEtC,IAAI,CAAC,YAAY,CAAC,sBAAsB,CAAC,CAAC;QAC1C,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACzB,IAAI,CAAC,WAAW,CAAC,wBAAwB,CAAC,UAAU,CAAC,EAAE,GAAG,IAAI,EAAE,KAAK,EAAE,CAAC,CACxE,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,UAAU,CAAC,KAAa,EAAE,MAAc;QACpD,IAAI,CAAC,YAAY,CAAC,sBAAsB,CAAC,CAAC;QAC1C,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACzB,IAAI,CAAC,WAAW,CAAC,wBAAwB,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CACvE,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,aAAa,CACzB,KAAa,EACb,SAAiB;QAEjB,IAAI,CAAC,YAAY,CAAC,qBAAqB,CAAC,CAAC;QACzC,IAAI,CAAC;YACJ,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACjC,IAAI,CAAC,WAAW,CAAC,wBAAwB,CAAC,aAAa,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CACnF,CAAQ,CAAC;QACX,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,eAAe,CAC3B,KAAa,EACb,SAAiB,EACjB,SAA+B;QAE/B,IAAI,CAAC,YAAY,CAAC,sBAAsB,CAAC,CAAC;QAC1C,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACzB,IAAI,CAAC,WAAW,CAAC,wBAAwB,CAAC,YAAY,CACrD,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,EAC1B,SAAgB,CAChB,CACD,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACF,CAAC;CACD"}

package/build/admin/client/services/base-service.d.ts ADDED Viewed

@@ -0,0 +1,39 @@
+import type KcAdminClient from '@keycloak/keycloak-admin-client';
+import type { Logger } from '@pawells/logger';
+import type { RetryConfig } from '../utils/index.js';
+import type { KeycloakAdminScope } from '../../permissions/keycloak-admin.permissions.js';
+/**
+ * Base service class for Keycloak admin API client services.
+ *
+ * Provides shared functionality for all admin sub-services: error handling with classified
+ * exceptions, retry logic for transient failures, and scope-based access control.
+ * All Keycloak admin operations (user, role, client, group management, etc.) inherit from this class.
+ *
+ * Subclasses must call {@link requireScope} before API operations to enforce permission control.
+ *
+ * @abstract
+ */
+export declare abstract class BaseService {
+    private readonly logger;
+    protected adminClient: KcAdminClient;
+    protected grantedScopes: ReadonlySet<KeycloakAdminScope>;
+    protected loggerConfig?: Logger;
+    protected retryConfig?: RetryConfig;
+    constructor(adminClient: KcAdminClient, grantedScopes: ReadonlySet<KeycloakAdminScope>, loggerConfig?: Logger, retryConfig?: RetryConfig);
+    /**
+     * Asserts that the given scope is granted. Throws {@link KeycloakAdminScopeError}
+     * synchronously if not, before any network request is made.
+     * All mutation operations ({@link KeycloakAdminScope} ending in `:write`) are
+     * audit-logged at INFO level when the check passes.
+     */
+    protected requireScope(scope: KeycloakAdminScope): void;
+    /**
+     * Execute a function with retry logic
+     */
+    protected withRetry<T>(fn: () => Promise<T>, options?: RetryConfig): Promise<T>;
+    /**
+     * Handle and transform errors from Keycloak admin client
+     */
+    protected handleError(error: unknown): never;
+}
+//# sourceMappingURL=base-service.d.ts.map

package/build/admin/client/services/base-service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"base-service.d.ts","sourceRoot":"","sources":["../../../../src/admin/client/services/base-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,aAAa,MAAM,iCAAiC,CAAC;AACjE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAE9C,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAWrD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,iDAAiD,CAAC;AAS1F;;;;;;;;;;GAUG;AACH,8BAAsB,WAAW;IAChC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAY;IAEnC,SAAS,CAAC,WAAW,EAAE,aAAa,CAAC;IAErC,SAAS,CAAC,aAAa,EAAE,WAAW,CAAC,kBAAkB,CAAC,CAAC;IAEzD,SAAS,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAEhC,SAAS,CAAC,WAAW,CAAC,EAAE,WAAW,CAAC;gBAGnC,WAAW,EAAE,aAAa,EAC1B,aAAa,EAAE,WAAW,CAAC,kBAAkB,CAAC,EAC9C,YAAY,CAAC,EAAE,MAAM,EACrB,WAAW,CAAC,EAAE,WAAW;IAS1B;;;;;OAKG;IACH,SAAS,CAAC,YAAY,CAAC,KAAK,EAAE,kBAAkB,GAAG,IAAI;IAWvD;;OAEG;cACa,SAAS,CAAC,CAAC,EAC1B,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EACpB,OAAO,CAAC,EAAE,WAAW,GACnB,OAAO,CAAC,CAAC,CAAC;IAWb;;OAEG;IACH,SAAS,CAAC,WAAW,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK;CAyD5C"}