@pawells/nestjs-auth 1.0.0-dev.4c8c698
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +602 -0
- package/build/LICENSE +21 -0
- package/build/README.md +602 -0
- package/build/admin/client/client.d.ts +82 -0
- package/build/admin/client/client.d.ts.map +1 -0
- package/build/admin/client/client.js +157 -0
- package/build/admin/client/client.js.map +1 -0
- package/build/admin/client/errors/base-error.d.ts +58 -0
- package/build/admin/client/errors/base-error.d.ts.map +1 -0
- package/build/admin/client/errors/base-error.js +100 -0
- package/build/admin/client/errors/base-error.js.map +1 -0
- package/build/admin/client/errors/index.d.ts +2 -0
- package/build/admin/client/errors/index.d.ts.map +1 -0
- package/build/admin/client/errors/index.js +2 -0
- package/build/admin/client/errors/index.js.map +1 -0
- package/build/admin/client/index.d.ts +6 -0
- package/build/admin/client/index.d.ts.map +1 -0
- package/build/admin/client/index.js +11 -0
- package/build/admin/client/index.js.map +1 -0
- package/build/admin/client/services/authentication.service.d.ts +54 -0
- package/build/admin/client/services/authentication.service.d.ts.map +1 -0
- package/build/admin/client/services/authentication.service.js +99 -0
- package/build/admin/client/services/authentication.service.js.map +1 -0
- package/build/admin/client/services/base-service.d.ts +39 -0
- package/build/admin/client/services/base-service.d.ts.map +1 -0
- package/build/admin/client/services/base-service.js +107 -0
- package/build/admin/client/services/base-service.js.map +1 -0
- package/build/admin/client/services/client.service.d.ts +86 -0
- package/build/admin/client/services/client.service.d.ts.map +1 -0
- package/build/admin/client/services/client.service.js +193 -0
- package/build/admin/client/services/client.service.js.map +1 -0
- package/build/admin/client/services/event.service.d.ts +84 -0
- package/build/admin/client/services/event.service.d.ts.map +1 -0
- package/build/admin/client/services/event.service.js +155 -0
- package/build/admin/client/services/event.service.js.map +1 -0
- package/build/admin/client/services/federated-identity.service.d.ts +89 -0
- package/build/admin/client/services/federated-identity.service.d.ts.map +1 -0
- package/build/admin/client/services/federated-identity.service.js +120 -0
- package/build/admin/client/services/federated-identity.service.js.map +1 -0
- package/build/admin/client/services/group.service.d.ts +52 -0
- package/build/admin/client/services/group.service.d.ts.map +1 -0
- package/build/admin/client/services/group.service.js +105 -0
- package/build/admin/client/services/group.service.js.map +1 -0
- package/build/admin/client/services/identity-provider.service.d.ts +47 -0
- package/build/admin/client/services/identity-provider.service.d.ts.map +1 -0
- package/build/admin/client/services/identity-provider.service.js +86 -0
- package/build/admin/client/services/identity-provider.service.js.map +1 -0
- package/build/admin/client/services/index.d.ts +11 -0
- package/build/admin/client/services/index.d.ts.map +1 -0
- package/build/admin/client/services/index.js +11 -0
- package/build/admin/client/services/index.js.map +1 -0
- package/build/admin/client/services/realm.service.d.ts +41 -0
- package/build/admin/client/services/realm.service.d.ts.map +1 -0
- package/build/admin/client/services/realm.service.js +80 -0
- package/build/admin/client/services/realm.service.js.map +1 -0
- package/build/admin/client/services/role.service.d.ts +45 -0
- package/build/admin/client/services/role.service.d.ts.map +1 -0
- package/build/admin/client/services/role.service.js +92 -0
- package/build/admin/client/services/role.service.js.map +1 -0
- package/build/admin/client/services/user.service.d.ts +84 -0
- package/build/admin/client/services/user.service.d.ts.map +1 -0
- package/build/admin/client/services/user.service.js +216 -0
- package/build/admin/client/services/user.service.js.map +1 -0
- package/build/admin/client/types/config.types.d.ts +59 -0
- package/build/admin/client/types/config.types.d.ts.map +1 -0
- package/build/admin/client/types/config.types.js +13 -0
- package/build/admin/client/types/config.types.js.map +1 -0
- package/build/admin/client/types/event.types.d.ts +176 -0
- package/build/admin/client/types/event.types.d.ts.map +1 -0
- package/build/admin/client/types/event.types.js +2 -0
- package/build/admin/client/types/event.types.js.map +1 -0
- package/build/admin/client/types/index.d.ts +4 -0
- package/build/admin/client/types/index.d.ts.map +1 -0
- package/build/admin/client/types/index.js +4 -0
- package/build/admin/client/types/index.js.map +1 -0
- package/build/admin/client/types/keycloak.types.d.ts +169 -0
- package/build/admin/client/types/keycloak.types.d.ts.map +1 -0
- package/build/admin/client/types/keycloak.types.js +2 -0
- package/build/admin/client/types/keycloak.types.js.map +1 -0
- package/build/admin/client/utils/index.d.ts +2 -0
- package/build/admin/client/utils/index.d.ts.map +1 -0
- package/build/admin/client/utils/index.js +2 -0
- package/build/admin/client/utils/index.js.map +1 -0
- package/build/admin/client/utils/retry.d.ts +40 -0
- package/build/admin/client/utils/retry.d.ts.map +1 -0
- package/build/admin/client/utils/retry.js +72 -0
- package/build/admin/client/utils/retry.js.map +1 -0
- package/build/admin/config/keycloak.config.d.ts +33 -0
- package/build/admin/config/keycloak.config.d.ts.map +1 -0
- package/build/admin/config/keycloak.config.js +2 -0
- package/build/admin/config/keycloak.config.js.map +1 -0
- package/build/admin/config/keycloak.defaults.d.ts +11 -0
- package/build/admin/config/keycloak.defaults.d.ts.map +1 -0
- package/build/admin/config/keycloak.defaults.js +60 -0
- package/build/admin/config/keycloak.defaults.js.map +1 -0
- package/build/admin/health/keycloak.health.d.ts +13 -0
- package/build/admin/health/keycloak.health.d.ts.map +1 -0
- package/build/admin/health/keycloak.health.js +54 -0
- package/build/admin/health/keycloak.health.js.map +1 -0
- package/build/admin/index.d.ts +10 -0
- package/build/admin/index.d.ts.map +1 -0
- package/build/admin/index.js +9 -0
- package/build/admin/index.js.map +1 -0
- package/build/admin/keycloak-admin.interfaces.d.ts +45 -0
- package/build/admin/keycloak-admin.interfaces.d.ts.map +1 -0
- package/build/admin/keycloak-admin.interfaces.js +2 -0
- package/build/admin/keycloak-admin.interfaces.js.map +1 -0
- package/build/admin/keycloak-admin.module.d.ts +23 -0
- package/build/admin/keycloak-admin.module.d.ts.map +1 -0
- package/build/admin/keycloak-admin.module.js +101 -0
- package/build/admin/keycloak-admin.module.js.map +1 -0
- package/build/admin/keycloak.constants.d.ts +16 -0
- package/build/admin/keycloak.constants.d.ts.map +1 -0
- package/build/admin/keycloak.constants.js +16 -0
- package/build/admin/keycloak.constants.js.map +1 -0
- package/build/admin/permissions/index.d.ts +2 -0
- package/build/admin/permissions/index.d.ts.map +1 -0
- package/build/admin/permissions/index.js +2 -0
- package/build/admin/permissions/index.js.map +1 -0
- package/build/admin/permissions/keycloak-admin.permissions.d.ts +45 -0
- package/build/admin/permissions/keycloak-admin.permissions.d.ts.map +1 -0
- package/build/admin/permissions/keycloak-admin.permissions.js +68 -0
- package/build/admin/permissions/keycloak-admin.permissions.js.map +1 -0
- package/build/admin/services/keycloak-admin.service.d.ts +64 -0
- package/build/admin/services/keycloak-admin.service.d.ts.map +1 -0
- package/build/admin/services/keycloak-admin.service.js +152 -0
- package/build/admin/services/keycloak-admin.service.js.map +1 -0
- package/build/decorators/auth-decorators.d.ts +217 -0
- package/build/decorators/auth-decorators.d.ts.map +1 -0
- package/build/decorators/auth-decorators.js +251 -0
- package/build/decorators/auth-decorators.js.map +1 -0
- package/build/decorators/context-utils.d.ts +101 -0
- package/build/decorators/context-utils.d.ts.map +1 -0
- package/build/decorators/context-utils.js +178 -0
- package/build/decorators/context-utils.js.map +1 -0
- package/build/decorators/graphql-auth-decorators.d.ts +144 -0
- package/build/decorators/graphql-auth-decorators.d.ts.map +1 -0
- package/build/decorators/graphql-auth-decorators.js +152 -0
- package/build/decorators/graphql-auth-decorators.js.map +1 -0
- package/build/decorators/index.d.ts +5 -0
- package/build/decorators/index.d.ts.map +1 -0
- package/build/decorators/index.js +4 -0
- package/build/decorators/index.js.map +1 -0
- package/build/guards/index.d.ts +4 -0
- package/build/guards/index.d.ts.map +1 -0
- package/build/guards/index.js +4 -0
- package/build/guards/index.js.map +1 -0
- package/build/guards/jwt-auth.guard.d.ts +52 -0
- package/build/guards/jwt-auth.guard.d.ts.map +1 -0
- package/build/guards/jwt-auth.guard.js +97 -0
- package/build/guards/jwt-auth.guard.js.map +1 -0
- package/build/guards/permission.guard.d.ts +37 -0
- package/build/guards/permission.guard.d.ts.map +1 -0
- package/build/guards/permission.guard.js +73 -0
- package/build/guards/permission.guard.js.map +1 -0
- package/build/guards/role.guard.d.ts +33 -0
- package/build/guards/role.guard.d.ts.map +1 -0
- package/build/guards/role.guard.js +69 -0
- package/build/guards/role.guard.js.map +1 -0
- package/build/index.d.ts +92 -0
- package/build/index.d.ts.map +1 -0
- package/build/index.js +98 -0
- package/build/index.js.map +1 -0
- package/build/keycloak/index.d.ts +7 -0
- package/build/keycloak/index.d.ts.map +1 -0
- package/build/keycloak/index.js +5 -0
- package/build/keycloak/index.js.map +1 -0
- package/build/keycloak/keycloak.constants.d.ts +2 -0
- package/build/keycloak/keycloak.constants.d.ts.map +1 -0
- package/build/keycloak/keycloak.constants.js +2 -0
- package/build/keycloak/keycloak.constants.js.map +1 -0
- package/build/keycloak/keycloak.interfaces.d.ts +12 -0
- package/build/keycloak/keycloak.interfaces.d.ts.map +1 -0
- package/build/keycloak/keycloak.interfaces.js +2 -0
- package/build/keycloak/keycloak.interfaces.js.map +1 -0
- package/build/keycloak/keycloak.module.d.ts +56 -0
- package/build/keycloak/keycloak.module.d.ts.map +1 -0
- package/build/keycloak/keycloak.module.js +104 -0
- package/build/keycloak/keycloak.module.js.map +1 -0
- package/build/keycloak/keycloak.types.d.ts +60 -0
- package/build/keycloak/keycloak.types.d.ts.map +1 -0
- package/build/keycloak/keycloak.types.js +2 -0
- package/build/keycloak/keycloak.types.js.map +1 -0
- package/build/keycloak/services/jwks-cache.service.d.ts +64 -0
- package/build/keycloak/services/jwks-cache.service.d.ts.map +1 -0
- package/build/keycloak/services/jwks-cache.service.js +176 -0
- package/build/keycloak/services/jwks-cache.service.js.map +1 -0
- package/build/keycloak/services/keycloak-token-validation.service.d.ts +88 -0
- package/build/keycloak/services/keycloak-token-validation.service.d.ts.map +1 -0
- package/build/keycloak/services/keycloak-token-validation.service.js +243 -0
- package/build/keycloak/services/keycloak-token-validation.service.js.map +1 -0
- package/build/package.json +72 -0
- package/package.json +93 -0
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
import { BaseService } from './base-service.js';
|
|
2
|
+
/**
|
|
3
|
+
* Service for managing Keycloak realms.
|
|
4
|
+
*
|
|
5
|
+
* Provides methods for querying and updating realm-level configuration, including realm properties,
|
|
6
|
+
* security policy, login settings, and event configuration. Requires `realms:read` and `realms:write`
|
|
7
|
+
* scopes depending on the operation.
|
|
8
|
+
*
|
|
9
|
+
* Part of {@link KeycloakAdminService.realms | KeycloakAdminService#realms}.
|
|
10
|
+
*
|
|
11
|
+
* @example
|
|
12
|
+
* ```typescript
|
|
13
|
+
* const realm = await keycloak.realms.get('my-realm');
|
|
14
|
+
* const realms = await keycloak.realms.list();
|
|
15
|
+
* await keycloak.realms.update('my-realm', { accessTokenLifespan: 3600 });
|
|
16
|
+
* ```
|
|
17
|
+
*/
|
|
18
|
+
export class RealmService extends BaseService {
|
|
19
|
+
/**
|
|
20
|
+
* List all realms
|
|
21
|
+
*/
|
|
22
|
+
async list() {
|
|
23
|
+
this.requireScope('realms:read');
|
|
24
|
+
try {
|
|
25
|
+
return (await this.withRetry(() => this.adminClient.realms.find()));
|
|
26
|
+
}
|
|
27
|
+
catch (error) {
|
|
28
|
+
return this.handleError(error);
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
/**
|
|
32
|
+
* Get a realm by name
|
|
33
|
+
*/
|
|
34
|
+
async get(realm) {
|
|
35
|
+
this.requireScope('realms:read');
|
|
36
|
+
try {
|
|
37
|
+
return (await this.withRetry(() => this.adminClient.realms.findOne({ realm })));
|
|
38
|
+
}
|
|
39
|
+
catch (error) {
|
|
40
|
+
return this.handleError(error);
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
/**
|
|
44
|
+
* Create a new realm
|
|
45
|
+
*/
|
|
46
|
+
async create(realm) {
|
|
47
|
+
this.requireScope('realms:write');
|
|
48
|
+
try {
|
|
49
|
+
await this.withRetry(() => this.adminClient.realms.create(realm));
|
|
50
|
+
}
|
|
51
|
+
catch (error) {
|
|
52
|
+
this.handleError(error);
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
/**
|
|
56
|
+
* Update a realm
|
|
57
|
+
*/
|
|
58
|
+
async update(realmName, realm) {
|
|
59
|
+
this.requireScope('realms:write');
|
|
60
|
+
try {
|
|
61
|
+
await this.withRetry(() => this.adminClient.realms.update({ realm: realmName }, realm));
|
|
62
|
+
}
|
|
63
|
+
catch (error) {
|
|
64
|
+
this.handleError(error);
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
/**
|
|
68
|
+
* Delete a realm
|
|
69
|
+
*/
|
|
70
|
+
async delete(realm) {
|
|
71
|
+
this.requireScope('realms:write');
|
|
72
|
+
try {
|
|
73
|
+
await this.withRetry(() => this.adminClient.realms.del({ realm }));
|
|
74
|
+
}
|
|
75
|
+
catch (error) {
|
|
76
|
+
this.handleError(error);
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
//# sourceMappingURL=realm.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"realm.service.js","sourceRoot":"","sources":["../../../../src/admin/client/services/realm.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD;;;;;;;;;;;;;;;GAeG;AACH,MAAM,OAAO,YAAa,SAAQ,WAAW;IAC5C;;OAEG;IACI,KAAK,CAAC,IAAI;QAChB,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QACjC,IAAI,CAAC;YACJ,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAQ,CAAC;QAC5E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,GAAG,CAAC,KAAa;QAC7B,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QACjC,IAAI,CAAC;YACJ,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACjC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,CAAC,CAC1C,CAAQ,CAAC;QACX,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,MAAM,CAAC,KAA0B;QAC7C,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC;QAClC,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QACnE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,MAAM,CAAC,SAAiB,EAAE,KAA0B;QAChE,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC;QAClC,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACzB,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,KAAK,CAAC,CAC3D,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,MAAM,CAAC,KAAa;QAChC,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC;QAClC,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;QACpE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACF,CAAC;CACD"}
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
import type { RoleRepresentation } from '../types/index.js';
|
|
2
|
+
import { BaseService } from './base-service.js';
|
|
3
|
+
/**
|
|
4
|
+
* Service for managing Keycloak roles.
|
|
5
|
+
*
|
|
6
|
+
* Provides methods for creating, listing, and deleting both realm-wide and client-specific roles.
|
|
7
|
+
* Realm roles are shared across all clients in the realm, while client roles are scoped to a single client.
|
|
8
|
+
* Requires `roles:read` and `roles:write` scopes depending on the operation.
|
|
9
|
+
*
|
|
10
|
+
* Part of {@link KeycloakAdminService.roles | KeycloakAdminService#roles}.
|
|
11
|
+
*
|
|
12
|
+
* @example
|
|
13
|
+
* ```typescript
|
|
14
|
+
* const roles = await keycloak.roles.listRealm('my-realm');
|
|
15
|
+
* const adminRole = await keycloak.roles.getByName('my-realm', 'admin');
|
|
16
|
+
* await keycloak.roles.create('my-realm', { name: 'editor', enabled: true });
|
|
17
|
+
* ```
|
|
18
|
+
*/
|
|
19
|
+
export declare class RoleService extends BaseService {
|
|
20
|
+
/**
|
|
21
|
+
* List all realm roles
|
|
22
|
+
*/
|
|
23
|
+
listRealm(realm: string): Promise<RoleRepresentation[]>;
|
|
24
|
+
/**
|
|
25
|
+
* List client roles
|
|
26
|
+
*/
|
|
27
|
+
listClient(realm: string, clientId: string): Promise<RoleRepresentation[]>;
|
|
28
|
+
/**
|
|
29
|
+
* Get a realm role by name
|
|
30
|
+
*/
|
|
31
|
+
getByName(realm: string, name: string): Promise<RoleRepresentation>;
|
|
32
|
+
/**
|
|
33
|
+
* Create a realm role
|
|
34
|
+
*/
|
|
35
|
+
create(realm: string, role: RoleRepresentation): Promise<void>;
|
|
36
|
+
/**
|
|
37
|
+
* Update a realm role
|
|
38
|
+
*/
|
|
39
|
+
update(realm: string, name: string, role: RoleRepresentation): Promise<void>;
|
|
40
|
+
/**
|
|
41
|
+
* Delete a realm role
|
|
42
|
+
*/
|
|
43
|
+
delete(realm: string, name: string): Promise<void>;
|
|
44
|
+
}
|
|
45
|
+
//# sourceMappingURL=role.service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"role.service.d.ts","sourceRoot":"","sources":["../../../../src/admin/client/services/role.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD;;;;;;;;;;;;;;;GAeG;AACH,qBAAa,WAAY,SAAQ,WAAW;IAC3C;;OAEG;IACU,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC;IASpE;;OAEG;IACU,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC;IAWvF;;OAEG;IACU,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAWhF;;OAEG;IACU,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IAS3E;;OAEG;IACU,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IAWzF;;OAEG;IACU,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAQ/D"}
|
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
import { BaseService } from './base-service.js';
|
|
2
|
+
/**
|
|
3
|
+
* Service for managing Keycloak roles.
|
|
4
|
+
*
|
|
5
|
+
* Provides methods for creating, listing, and deleting both realm-wide and client-specific roles.
|
|
6
|
+
* Realm roles are shared across all clients in the realm, while client roles are scoped to a single client.
|
|
7
|
+
* Requires `roles:read` and `roles:write` scopes depending on the operation.
|
|
8
|
+
*
|
|
9
|
+
* Part of {@link KeycloakAdminService.roles | KeycloakAdminService#roles}.
|
|
10
|
+
*
|
|
11
|
+
* @example
|
|
12
|
+
* ```typescript
|
|
13
|
+
* const roles = await keycloak.roles.listRealm('my-realm');
|
|
14
|
+
* const adminRole = await keycloak.roles.getByName('my-realm', 'admin');
|
|
15
|
+
* await keycloak.roles.create('my-realm', { name: 'editor', enabled: true });
|
|
16
|
+
* ```
|
|
17
|
+
*/
|
|
18
|
+
export class RoleService extends BaseService {
|
|
19
|
+
/**
|
|
20
|
+
* List all realm roles
|
|
21
|
+
*/
|
|
22
|
+
async listRealm(realm) {
|
|
23
|
+
this.requireScope('roles:read');
|
|
24
|
+
try {
|
|
25
|
+
return (await this.withRetry(() => this.adminClient.roles.find({ realm })));
|
|
26
|
+
}
|
|
27
|
+
catch (error) {
|
|
28
|
+
return this.handleError(error);
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
/**
|
|
32
|
+
* List client roles
|
|
33
|
+
*/
|
|
34
|
+
async listClient(realm, clientId) {
|
|
35
|
+
this.requireScope('roles:read');
|
|
36
|
+
try {
|
|
37
|
+
return (await this.withRetry(() => this.adminClient.clients.listRoles({ realm, id: clientId })));
|
|
38
|
+
}
|
|
39
|
+
catch (error) {
|
|
40
|
+
return this.handleError(error);
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
/**
|
|
44
|
+
* Get a realm role by name
|
|
45
|
+
*/
|
|
46
|
+
async getByName(realm, name) {
|
|
47
|
+
this.requireScope('roles:read');
|
|
48
|
+
try {
|
|
49
|
+
return (await this.withRetry(() => this.adminClient.roles.findOneByName({ realm, name })));
|
|
50
|
+
}
|
|
51
|
+
catch (error) {
|
|
52
|
+
return this.handleError(error);
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
/**
|
|
56
|
+
* Create a realm role
|
|
57
|
+
*/
|
|
58
|
+
async create(realm, role) {
|
|
59
|
+
this.requireScope('roles:write');
|
|
60
|
+
try {
|
|
61
|
+
await this.withRetry(() => this.adminClient.roles.create({ ...role, realm }));
|
|
62
|
+
}
|
|
63
|
+
catch (error) {
|
|
64
|
+
this.handleError(error);
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
/**
|
|
68
|
+
* Update a realm role
|
|
69
|
+
*/
|
|
70
|
+
async update(realm, name, role) {
|
|
71
|
+
this.requireScope('roles:write');
|
|
72
|
+
try {
|
|
73
|
+
await this.withRetry(() => this.adminClient.roles.updateByName({ realm, name }, role));
|
|
74
|
+
}
|
|
75
|
+
catch (error) {
|
|
76
|
+
this.handleError(error);
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
/**
|
|
80
|
+
* Delete a realm role
|
|
81
|
+
*/
|
|
82
|
+
async delete(realm, name) {
|
|
83
|
+
this.requireScope('roles:write');
|
|
84
|
+
try {
|
|
85
|
+
await this.withRetry(() => this.adminClient.roles.delByName({ realm, name }));
|
|
86
|
+
}
|
|
87
|
+
catch (error) {
|
|
88
|
+
this.handleError(error);
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
//# sourceMappingURL=role.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"role.service.js","sourceRoot":"","sources":["../../../../src/admin/client/services/role.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD;;;;;;;;;;;;;;;GAeG;AACH,MAAM,OAAO,WAAY,SAAQ,WAAW;IAC3C;;OAEG;IACI,KAAK,CAAC,SAAS,CAAC,KAAa;QACnC,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;QAChC,IAAI,CAAC;YACJ,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAQ,CAAC;QACpF,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,UAAU,CAAC,KAAa,EAAE,QAAgB;QACtD,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;QAChC,IAAI,CAAC;YACJ,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACjC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,CAC3D,CAAQ,CAAC;QACX,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,SAAS,CAAC,KAAa,EAAE,IAAY;QACjD,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;QAChC,IAAI,CAAC;YACJ,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACjC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CACrD,CAAQ,CAAC;QACX,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,IAAwB;QAC1D,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QACjC,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,GAAG,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;QAC/E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,IAAY,EAAE,IAAwB;QACxE,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QACjC,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACzB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,IAAI,CAAC,CAC1D,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,IAAY;QAC9C,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QACjC,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC/E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACF,CAAC;CACD"}
|
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
import type { UserRepresentation, UserQuery, CredentialRepresentation, RoleRepresentation } from '../types/index.js';
|
|
2
|
+
import { BaseService } from './base-service.js';
|
|
3
|
+
/**
|
|
4
|
+
* Service for managing Keycloak users.
|
|
5
|
+
*
|
|
6
|
+
* Provides methods for CRUD operations on Keycloak users, including user creation,
|
|
7
|
+
* role assignment, group membership, and credential management. Requires `users:read`
|
|
8
|
+
* and `users:write` scopes depending on the operation.
|
|
9
|
+
*
|
|
10
|
+
* Part of {@link KeycloakAdminService.users | KeycloakAdminService#users}.
|
|
11
|
+
*
|
|
12
|
+
* @example
|
|
13
|
+
* ```typescript
|
|
14
|
+
* const users = await keycloak.users.list('my-realm');
|
|
15
|
+
* await keycloak.users.create('my-realm', {
|
|
16
|
+
* email: 'user@example.com',
|
|
17
|
+
* firstName: 'John',
|
|
18
|
+
* lastName: 'Doe',
|
|
19
|
+
* enabled: true,
|
|
20
|
+
* });
|
|
21
|
+
* ```
|
|
22
|
+
*/
|
|
23
|
+
export declare class UserService extends BaseService {
|
|
24
|
+
/**
|
|
25
|
+
* List users in a realm
|
|
26
|
+
*/
|
|
27
|
+
list(realm: string, query?: UserQuery): Promise<UserRepresentation[]>;
|
|
28
|
+
/**
|
|
29
|
+
* Get a user by ID
|
|
30
|
+
*/
|
|
31
|
+
get(realm: string, userId: string): Promise<UserRepresentation>;
|
|
32
|
+
/**
|
|
33
|
+
* Create a new user
|
|
34
|
+
*/
|
|
35
|
+
create(realm: string, user: UserRepresentation): Promise<{
|
|
36
|
+
id: string;
|
|
37
|
+
}>;
|
|
38
|
+
/**
|
|
39
|
+
* Update a user
|
|
40
|
+
*/
|
|
41
|
+
update(realm: string, userId: string, user: UserRepresentation): Promise<void>;
|
|
42
|
+
/**
|
|
43
|
+
* Delete a user
|
|
44
|
+
*/
|
|
45
|
+
delete(realm: string, userId: string): Promise<void>;
|
|
46
|
+
/**
|
|
47
|
+
* Reset a user's password
|
|
48
|
+
*/
|
|
49
|
+
resetPassword(realm: string, userId: string, credential: CredentialRepresentation): Promise<void>;
|
|
50
|
+
/**
|
|
51
|
+
* Add realm roles to a user
|
|
52
|
+
*/
|
|
53
|
+
addRealmRoles(realm: string, userId: string, roles: RoleRepresentation[]): Promise<void>;
|
|
54
|
+
/**
|
|
55
|
+
* Get realm roles for a user
|
|
56
|
+
*/
|
|
57
|
+
getRealmRoles(realm: string, userId: string): Promise<RoleRepresentation[]>;
|
|
58
|
+
/**
|
|
59
|
+
* Delete realm roles from a user
|
|
60
|
+
*/
|
|
61
|
+
deleteRealmRoles(realm: string, userId: string, roles: RoleRepresentation[]): Promise<void>;
|
|
62
|
+
/**
|
|
63
|
+
* Add client roles to a user
|
|
64
|
+
*/
|
|
65
|
+
addClientRoles(realm: string, userId: string, clientId: string, roles: RoleRepresentation[]): Promise<void>;
|
|
66
|
+
/**
|
|
67
|
+
* Get client roles for a user
|
|
68
|
+
*/
|
|
69
|
+
getClientRoles(realm: string, userId: string, clientId: string): Promise<RoleRepresentation[]>;
|
|
70
|
+
/**
|
|
71
|
+
* Delete client roles from a user
|
|
72
|
+
*/
|
|
73
|
+
deleteClientRoles(realm: string, userId: string, clientId: string, roles: RoleRepresentation[]): Promise<void>;
|
|
74
|
+
/**
|
|
75
|
+
* Find a user by their federated identity (external provider ID).
|
|
76
|
+
* Useful for adapter microservices looking up users by Steam ID, Nintendo ID, etc.
|
|
77
|
+
* Returns null if no user is found.
|
|
78
|
+
*
|
|
79
|
+
* @param idpAlias - The identity provider alias configured in Keycloak (e.g. 'steam')
|
|
80
|
+
* @param idpUserId - The user's ID at the external provider
|
|
81
|
+
*/
|
|
82
|
+
findByFederatedIdentity(idpAlias: string, idpUserId: string): Promise<UserRepresentation | null>;
|
|
83
|
+
}
|
|
84
|
+
//# sourceMappingURL=user.service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"user.service.d.ts","sourceRoot":"","sources":["../../../../src/admin/client/services/user.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACX,kBAAkB,EAClB,SAAS,EACT,wBAAwB,EACxB,kBAAkB,EAClB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,qBAAa,WAAY,SAAQ,WAAW;IAC3C;;OAEG;IACU,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,SAAS,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC;IAWlF;;OAEG;IACU,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAW5E;;OAEG;IACU,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IAWrF;;OAEG;IACU,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IAW3F;;OAEG;IACU,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAWjE;;OAEG;IACU,aAAa,CACzB,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,wBAAwB,GAClC,OAAO,CAAC,IAAI,CAAC;IAehB;;OAEG;IACU,aAAa,CACzB,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,kBAAkB,EAAE,GACzB,OAAO,CAAC,IAAI,CAAC;IAehB;;OAEG;IACU,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC;IAWxF;;OAEG;IACU,gBAAgB,CAC5B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,kBAAkB,EAAE,GACzB,OAAO,CAAC,IAAI,CAAC;IAehB;;OAEG;IACU,cAAc,CAC1B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,kBAAkB,EAAE,GACzB,OAAO,CAAC,IAAI,CAAC;IAgBhB;;OAEG;IACU,cAAc,CAC1B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,GACd,OAAO,CAAC,kBAAkB,EAAE,CAAC;IAehC;;OAEG;IACU,iBAAiB,CAC7B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,kBAAkB,EAAE,GACzB,OAAO,CAAC,IAAI,CAAC;IAgBhB;;;;;;;OAOG;IACU,uBAAuB,CACnC,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,GACf,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;CAgBrC"}
|
|
@@ -0,0 +1,216 @@
|
|
|
1
|
+
import { BaseService } from './base-service.js';
|
|
2
|
+
/**
|
|
3
|
+
* Service for managing Keycloak users.
|
|
4
|
+
*
|
|
5
|
+
* Provides methods for CRUD operations on Keycloak users, including user creation,
|
|
6
|
+
* role assignment, group membership, and credential management. Requires `users:read`
|
|
7
|
+
* and `users:write` scopes depending on the operation.
|
|
8
|
+
*
|
|
9
|
+
* Part of {@link KeycloakAdminService.users | KeycloakAdminService#users}.
|
|
10
|
+
*
|
|
11
|
+
* @example
|
|
12
|
+
* ```typescript
|
|
13
|
+
* const users = await keycloak.users.list('my-realm');
|
|
14
|
+
* await keycloak.users.create('my-realm', {
|
|
15
|
+
* email: 'user@example.com',
|
|
16
|
+
* firstName: 'John',
|
|
17
|
+
* lastName: 'Doe',
|
|
18
|
+
* enabled: true,
|
|
19
|
+
* });
|
|
20
|
+
* ```
|
|
21
|
+
*/
|
|
22
|
+
export class UserService extends BaseService {
|
|
23
|
+
/**
|
|
24
|
+
* List users in a realm
|
|
25
|
+
*/
|
|
26
|
+
async list(realm, query) {
|
|
27
|
+
this.requireScope('users:read');
|
|
28
|
+
try {
|
|
29
|
+
return (await this.withRetry(() => this.adminClient.users.find({ ...query, realm })));
|
|
30
|
+
}
|
|
31
|
+
catch (error) {
|
|
32
|
+
return this.handleError(error);
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
/**
|
|
36
|
+
* Get a user by ID
|
|
37
|
+
*/
|
|
38
|
+
async get(realm, userId) {
|
|
39
|
+
this.requireScope('users:read');
|
|
40
|
+
try {
|
|
41
|
+
return (await this.withRetry(() => this.adminClient.users.findOne({ realm, id: userId })));
|
|
42
|
+
}
|
|
43
|
+
catch (error) {
|
|
44
|
+
return this.handleError(error);
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
/**
|
|
48
|
+
* Create a new user
|
|
49
|
+
*/
|
|
50
|
+
async create(realm, user) {
|
|
51
|
+
this.requireScope('users:write');
|
|
52
|
+
try {
|
|
53
|
+
return await this.withRetry(() => this.adminClient.users.create({ ...user, realm }));
|
|
54
|
+
}
|
|
55
|
+
catch (error) {
|
|
56
|
+
return this.handleError(error);
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
/**
|
|
60
|
+
* Update a user
|
|
61
|
+
*/
|
|
62
|
+
async update(realm, userId, user) {
|
|
63
|
+
this.requireScope('users:write');
|
|
64
|
+
try {
|
|
65
|
+
await this.withRetry(() => this.adminClient.users.update({ realm, id: userId }, user));
|
|
66
|
+
}
|
|
67
|
+
catch (error) {
|
|
68
|
+
this.handleError(error);
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
/**
|
|
72
|
+
* Delete a user
|
|
73
|
+
*/
|
|
74
|
+
async delete(realm, userId) {
|
|
75
|
+
this.requireScope('users:write');
|
|
76
|
+
try {
|
|
77
|
+
await this.withRetry(() => this.adminClient.users.del({ realm, id: userId }));
|
|
78
|
+
}
|
|
79
|
+
catch (error) {
|
|
80
|
+
this.handleError(error);
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
/**
|
|
84
|
+
* Reset a user's password
|
|
85
|
+
*/
|
|
86
|
+
async resetPassword(realm, userId, credential) {
|
|
87
|
+
this.requireScope('users:write');
|
|
88
|
+
try {
|
|
89
|
+
await this.withRetry(() => this.adminClient.users.resetPassword({
|
|
90
|
+
realm,
|
|
91
|
+
id: userId,
|
|
92
|
+
credential,
|
|
93
|
+
}));
|
|
94
|
+
}
|
|
95
|
+
catch (error) {
|
|
96
|
+
this.handleError(error);
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
/**
|
|
100
|
+
* Add realm roles to a user
|
|
101
|
+
*/
|
|
102
|
+
async addRealmRoles(realm, userId, roles) {
|
|
103
|
+
this.requireScope('users:write');
|
|
104
|
+
try {
|
|
105
|
+
await this.withRetry(() => this.adminClient.users.addRealmRoleMappings({
|
|
106
|
+
realm,
|
|
107
|
+
id: userId,
|
|
108
|
+
roles: roles,
|
|
109
|
+
}));
|
|
110
|
+
}
|
|
111
|
+
catch (error) {
|
|
112
|
+
this.handleError(error);
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
/**
|
|
116
|
+
* Get realm roles for a user
|
|
117
|
+
*/
|
|
118
|
+
async getRealmRoles(realm, userId) {
|
|
119
|
+
this.requireScope('users:read');
|
|
120
|
+
try {
|
|
121
|
+
return (await this.withRetry(() => this.adminClient.users.listRealmRoleMappings({ realm, id: userId })));
|
|
122
|
+
}
|
|
123
|
+
catch (error) {
|
|
124
|
+
return this.handleError(error);
|
|
125
|
+
}
|
|
126
|
+
}
|
|
127
|
+
/**
|
|
128
|
+
* Delete realm roles from a user
|
|
129
|
+
*/
|
|
130
|
+
async deleteRealmRoles(realm, userId, roles) {
|
|
131
|
+
this.requireScope('users:write');
|
|
132
|
+
try {
|
|
133
|
+
await this.withRetry(() => this.adminClient.users.delRealmRoleMappings({
|
|
134
|
+
realm,
|
|
135
|
+
id: userId,
|
|
136
|
+
roles: roles,
|
|
137
|
+
}));
|
|
138
|
+
}
|
|
139
|
+
catch (error) {
|
|
140
|
+
this.handleError(error);
|
|
141
|
+
}
|
|
142
|
+
}
|
|
143
|
+
/**
|
|
144
|
+
* Add client roles to a user
|
|
145
|
+
*/
|
|
146
|
+
async addClientRoles(realm, userId, clientId, roles) {
|
|
147
|
+
this.requireScope('users:write');
|
|
148
|
+
try {
|
|
149
|
+
await this.withRetry(() => this.adminClient.users.addClientRoleMappings({
|
|
150
|
+
realm,
|
|
151
|
+
id: userId,
|
|
152
|
+
clientUniqueId: clientId,
|
|
153
|
+
roles: roles,
|
|
154
|
+
}));
|
|
155
|
+
}
|
|
156
|
+
catch (error) {
|
|
157
|
+
this.handleError(error);
|
|
158
|
+
}
|
|
159
|
+
}
|
|
160
|
+
/**
|
|
161
|
+
* Get client roles for a user
|
|
162
|
+
*/
|
|
163
|
+
async getClientRoles(realm, userId, clientId) {
|
|
164
|
+
this.requireScope('users:read');
|
|
165
|
+
try {
|
|
166
|
+
return (await this.withRetry(() => this.adminClient.users.listClientRoleMappings({
|
|
167
|
+
realm,
|
|
168
|
+
id: userId,
|
|
169
|
+
clientUniqueId: clientId,
|
|
170
|
+
})));
|
|
171
|
+
}
|
|
172
|
+
catch (error) {
|
|
173
|
+
return this.handleError(error);
|
|
174
|
+
}
|
|
175
|
+
}
|
|
176
|
+
/**
|
|
177
|
+
* Delete client roles from a user
|
|
178
|
+
*/
|
|
179
|
+
async deleteClientRoles(realm, userId, clientId, roles) {
|
|
180
|
+
this.requireScope('users:write');
|
|
181
|
+
try {
|
|
182
|
+
await this.withRetry(() => this.adminClient.users.delClientRoleMappings({
|
|
183
|
+
realm,
|
|
184
|
+
id: userId,
|
|
185
|
+
clientUniqueId: clientId,
|
|
186
|
+
roles: roles,
|
|
187
|
+
}));
|
|
188
|
+
}
|
|
189
|
+
catch (error) {
|
|
190
|
+
this.handleError(error);
|
|
191
|
+
}
|
|
192
|
+
}
|
|
193
|
+
/**
|
|
194
|
+
* Find a user by their federated identity (external provider ID).
|
|
195
|
+
* Useful for adapter microservices looking up users by Steam ID, Nintendo ID, etc.
|
|
196
|
+
* Returns null if no user is found.
|
|
197
|
+
*
|
|
198
|
+
* @param idpAlias - The identity provider alias configured in Keycloak (e.g. 'steam')
|
|
199
|
+
* @param idpUserId - The user's ID at the external provider
|
|
200
|
+
*/
|
|
201
|
+
async findByFederatedIdentity(idpAlias, idpUserId) {
|
|
202
|
+
this.requireScope('users:read');
|
|
203
|
+
try {
|
|
204
|
+
const results = (await this.withRetry(() => this.adminClient.users.find({
|
|
205
|
+
idpAlias,
|
|
206
|
+
idpUserId,
|
|
207
|
+
exact: true,
|
|
208
|
+
})));
|
|
209
|
+
return results[0] ?? null;
|
|
210
|
+
}
|
|
211
|
+
catch (error) {
|
|
212
|
+
return this.handleError(error);
|
|
213
|
+
}
|
|
214
|
+
}
|
|
215
|
+
}
|
|
216
|
+
//# sourceMappingURL=user.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"user.service.js","sourceRoot":"","sources":["../../../../src/admin/client/services/user.service.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,OAAO,WAAY,SAAQ,WAAW;IAC3C;;OAEG;IACI,KAAK,CAAC,IAAI,CAAC,KAAa,EAAE,KAAiB;QACjD,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;QAChC,IAAI,CAAC;YACJ,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACjC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,GAAG,KAAK,EAAE,KAAK,EAAE,CAAC,CAChD,CAAQ,CAAC;QACX,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,GAAG,CAAC,KAAa,EAAE,MAAc;QAC7C,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;QAChC,IAAI,CAAC;YACJ,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACjC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,CACrD,CAAQ,CAAC;QACX,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,IAAwB;QAC1D,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QACjC,IAAI,CAAC;YACJ,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CAChC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,GAAG,IAAI,EAAE,KAAK,EAAE,CAAC,CACjD,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,MAAc,EAAE,IAAwB;QAC1E,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QACjC,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACzB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,CAAC,CAC1D,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,MAAc;QAChD,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QACjC,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACzB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,CACjD,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,aAAa,CACzB,KAAa,EACb,MAAc,EACd,UAAoC;QAEpC,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QACjC,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACzB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,aAAa,CAAC;gBACpC,KAAK;gBACL,EAAE,EAAE,MAAM;gBACV,UAAU;aACV,CAAC,CACF,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,aAAa,CACzB,KAAa,EACb,MAAc,EACd,KAA2B;QAE3B,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QACjC,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACzB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,oBAAoB,CAAC;gBAC3C,KAAK;gBACL,EAAE,EAAE,MAAM;gBACV,KAAK,EAAE,KAAY;aACnB,CAAC,CACF,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,aAAa,CAAC,KAAa,EAAE,MAAc;QACvD,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;QAChC,IAAI,CAAC;YACJ,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACjC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,CACnE,CAAQ,CAAC;QACX,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,gBAAgB,CAC5B,KAAa,EACb,MAAc,EACd,KAA2B;QAE3B,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QACjC,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACzB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,oBAAoB,CAAC;gBAC3C,KAAK;gBACL,EAAE,EAAE,MAAM;gBACV,KAAK,EAAE,KAAY;aACnB,CAAC,CACF,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,cAAc,CAC1B,KAAa,EACb,MAAc,EACd,QAAgB,EAChB,KAA2B;QAE3B,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QACjC,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACzB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,qBAAqB,CAAC;gBAC5C,KAAK;gBACL,EAAE,EAAE,MAAM;gBACV,cAAc,EAAE,QAAQ;gBACxB,KAAK,EAAE,KAAY;aACnB,CAAC,CACF,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,cAAc,CAC1B,KAAa,EACb,MAAc,EACd,QAAgB;QAEhB,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;QAChC,IAAI,CAAC;YACJ,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACjC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,sBAAsB,CAAC;gBAC7C,KAAK;gBACL,EAAE,EAAE,MAAM;gBACV,cAAc,EAAE,QAAQ;aACxB,CAAC,CACF,CAAQ,CAAC;QACX,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,iBAAiB,CAC7B,KAAa,EACb,MAAc,EACd,QAAgB,EAChB,KAA2B;QAE3B,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QACjC,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CACzB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,qBAAqB,CAAC;gBAC5C,KAAK;gBACL,EAAE,EAAE,MAAM;gBACV,cAAc,EAAE,QAAQ;gBACxB,KAAK,EAAE,KAAY;aACnB,CAAC,CACF,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACF,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,uBAAuB,CACnC,QAAgB,EAChB,SAAiB;QAEjB,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;QAChC,IAAI,CAAC;YACJ,MAAM,OAAO,GAAG,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CAC1C,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC;gBAC3B,QAAQ;gBACR,SAAS;gBACT,KAAK,EAAE,IAAI;aACX,CAAC,CACF,CAAyB,CAAC;YAE3B,OAAO,OAAO,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QAC3B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACF,CAAC;CACD"}
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
import type { RetryConfig } from '../utils/index.js';
|
|
2
|
+
import type { Logger } from '@pawells/logger';
|
|
3
|
+
/**
|
|
4
|
+
* Keycloak client configuration
|
|
5
|
+
*/
|
|
6
|
+
export interface KeycloakClientConfig {
|
|
7
|
+
/**
|
|
8
|
+
* Base URL of the Keycloak server
|
|
9
|
+
* @example 'http://localhost:8080'
|
|
10
|
+
*/
|
|
11
|
+
baseUrl: string;
|
|
12
|
+
/**
|
|
13
|
+
* Realm name to operate on
|
|
14
|
+
* @default 'master'
|
|
15
|
+
*/
|
|
16
|
+
realmName?: string;
|
|
17
|
+
/**
|
|
18
|
+
* Authentication credentials
|
|
19
|
+
*/
|
|
20
|
+
credentials: KeycloakCredentials;
|
|
21
|
+
/**
|
|
22
|
+
* Request timeout in milliseconds
|
|
23
|
+
* @default 30000
|
|
24
|
+
*/
|
|
25
|
+
timeout?: number;
|
|
26
|
+
/**
|
|
27
|
+
* Retry configuration
|
|
28
|
+
*/
|
|
29
|
+
retry?: RetryConfig;
|
|
30
|
+
/**
|
|
31
|
+
* Logger instance for client logging
|
|
32
|
+
*/
|
|
33
|
+
logger?: Logger;
|
|
34
|
+
}
|
|
35
|
+
/**
|
|
36
|
+
* Keycloak authentication credentials (username/password or client credentials)
|
|
37
|
+
*/
|
|
38
|
+
export type KeycloakCredentials = {
|
|
39
|
+
username: string;
|
|
40
|
+
password: string;
|
|
41
|
+
} | {
|
|
42
|
+
clientId: string;
|
|
43
|
+
clientSecret: string;
|
|
44
|
+
};
|
|
45
|
+
/**
|
|
46
|
+
* Check if credentials are username/password
|
|
47
|
+
*/
|
|
48
|
+
export declare function isPasswordCredentials(credentials: KeycloakCredentials): credentials is {
|
|
49
|
+
username: string;
|
|
50
|
+
password: string;
|
|
51
|
+
};
|
|
52
|
+
/**
|
|
53
|
+
* Check if credentials are client credentials
|
|
54
|
+
*/
|
|
55
|
+
export declare function isClientCredentials(credentials: KeycloakCredentials): credentials is {
|
|
56
|
+
clientId: string;
|
|
57
|
+
clientSecret: string;
|
|
58
|
+
};
|
|
59
|
+
//# sourceMappingURL=config.types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"config.types.d.ts","sourceRoot":"","sources":["../../../../src/admin/client/types/config.types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAE9C;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACpC;;;OAGG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,WAAW,EAAE,mBAAmB,CAAC;IAEjC;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,KAAK,CAAC,EAAE,WAAW,CAAC;IAEpB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAC5B;IACD,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CACjB,GACC;IACD,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;CACrB,CAAC;AAEH;;GAEG;AACH,wBAAgB,qBAAqB,CACpC,WAAW,EAAE,mBAAmB,GAC9B,WAAW,IAAI;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAEvD;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAClC,WAAW,EAAE,mBAAmB,GAC9B,WAAW,IAAI;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAE3D"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Check if credentials are username/password
|
|
3
|
+
*/
|
|
4
|
+
export function isPasswordCredentials(credentials) {
|
|
5
|
+
return 'username' in credentials && 'password' in credentials;
|
|
6
|
+
}
|
|
7
|
+
/**
|
|
8
|
+
* Check if credentials are client credentials
|
|
9
|
+
*/
|
|
10
|
+
export function isClientCredentials(credentials) {
|
|
11
|
+
return 'clientId' in credentials && 'clientSecret' in credentials;
|
|
12
|
+
}
|
|
13
|
+
//# sourceMappingURL=config.types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"config.types.js","sourceRoot":"","sources":["../../../../src/admin/client/types/config.types.ts"],"names":[],"mappings":"AAsDA;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACpC,WAAgC;IAEhC,OAAO,UAAU,IAAI,WAAW,IAAI,UAAU,IAAI,WAAW,CAAC;AAC/D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAClC,WAAgC;IAEhC,OAAO,UAAU,IAAI,WAAW,IAAI,cAAc,IAAI,WAAW,CAAC;AACnE,CAAC"}
|