keycloak-api-manager 1.0.0 → 2.0.1

package/Handlers/componentsHandler.js

@@ -0,0 +1,130 @@
+/**
+ * **************************************************************************************************
+ * **************************************************************************************************
+ * The components entity allows you to manage Keycloak components, which are configuration entities
+ * such as user federation providers, authenticators, protocol mappers, themes, and more.
+ * Components in Keycloak are modular and pluggable, and this API lets you create, read, update,
+ * and delete them programmatically.
+ * **************************************************************************************************
+ * **************************************************************************************************
+ */
+let kcAdminClientHandler=null;
+exports.setKcAdminClient=function(kcAdminClient){
+ kcAdminClientHandler=kcAdminClient;
+}
+
+
+/**
+ * ***************************** - CREATE - *******************************
+ * The method creates a new component in a Keycloak realm.
+ * Components are modular providers in Keycloak, such as user federation providers (LDAP, Kerberos), authenticators, identity providers, or other pluggable extensions.
+ *
+ * @parameters:
+ * - componentRepresentation: An object representing the component to create.
+ *      - name: [required] A human-readable name for the component.
+ *      - providerId: [required] The provider ID (e.g., "ldap", "kerberos", "totp").
+ *      - providerType: [required] The type/class of the provider (e.g., "org.keycloak.storage.UserStorageProvider").
+ *      - parentId: [optional] The ID of the parent component (if hierarchical).
+ *      - config: [optional] A map of configuration options, where each property is an array of strings (Keycloak convention). Example:
+ *          - enabled: ["true"],
+ *          - connectionUrl: ["ldap://ldap.example.com"],
+ *          - bindDn: ["cn=admin,dc=example,dc=com"],
+ *          - bindCredential: ["secret"],
+ *          - usersDn: ["ou=users,dc=example,dc=com"]
+ *
+ */
+exports.create=function(componentRepresentation){
+ return (kcAdminClientHandler.components.create(componentRepresentation));
+}
+
+
+
+/**
+ * ***************************** - update - *******************************
+ * The method updates an existing component in a Keycloak realm.
+ * Components represent pluggable extensions such as user federation providers (LDAP, Kerberos),
+ * protocol mappers, authenticator factories, or other custom integrations.
+ *
+ * @parameters:
+ * - filter: parameter provided as a JSON object that accepts the following filter:
+ *     - id: [required] The unique ID of the component to update.
+ * - componentRepresentation: An object representing the component to update.
+ *     - name: [required] A human-readable name for the component.
+ *     - providerId: [required] The provider ID (e.g., "ldap", "kerberos", "totp").
+ *     - providerType: [required] The type/class of the provider (e.g., "org.keycloak.storage.UserStorageProvider").
+ *     - parentId: [optional] The ID of the parent component (if hierarchical).
+ *     - config: [optional] A map of configuration options, where each property is an array of strings (Keycloak convention). Example:
+ *          - enabled: ["true"],
+ *          - connectionUrl: ["ldap://ldap.example.com"],
+ *          - bindDn: ["cn=admin,dc=example,dc=com"],
+ *          - bindCredential: ["secret"],
+ *          - usersDn: ["ou=users,dc=example,dc=com"]
+ */
+exports.update=function(filters, componentRepresentation){
+ return (kcAdminClientHandler.components.update(filters, componentRepresentation));
+}
+
+
+
+
+/**
+ * ***************************** - findOne - *******************************
+ * The method retrieves a single component from a realm by its ID.
+ * Components in Keycloak represent pluggable providers such as LDAP user federation, authenticators, protocol mappers, or other extensions.
+ *
+ * @parameters:
+ * - filter: parameter provided as a JSON object that accepts the following filter:
+ *     - id: [required] The unique ID of the component to retrieve.
+ */
+exports.findOne=function(filter){
+ return (kcAdminClientHandler.components.findOne(filter));
+}
+
+
+
+/**
+ * ***************************** - find - *******************************
+ * The method retrieves a list of components in a Keycloak realm.
+ * You can optionally filter components by their parent ID and/or provider type (e.g., LDAP user federation providers, authenticators, protocol mappers).
+ *
+ * @parameters:
+ * - filter: parameter provided as a JSON object that accepts the following filter:
+ *     - {builtin attribute}: To find components by builtin attributes such as name, id
+ *     - max: A pagination parameter used to define the maximum number of components to return (limit).
+ *     - first: A pagination parameter used to define the number of components to skip before starting to return results (offset/limit).
+ */
+exports.find=function(filter){
+ return (kcAdminClientHandler.components.find(filter));
+}
+
+
+
+/**
+ * ***************************** - del - *******************************
+ * The method deletes a specific component from a Keycloak realm.
+ * Components include user federation providers (e.g., LDAP, Kerberos), authenticator providers, protocol mappers, or other pluggable extensions.
+ *
+ * @parameters:
+ * - filter: parameter provided as a JSON object that accepts the following filter:
+ *     - id: [required] The unique ID of the component to delete.
+ */
+exports.del=function(filter){
+ return (kcAdminClientHandler.components.del(filter));
+}
+
+
+/**
+ * ***************************** - listSubComponents - *******************************
+ * The method retrieves all sub-components of a given parent component in a Keycloak realm.
+ * This is useful when working with hierarchical components, for example:
+ * - LDAP storage provider and protocol mappers as sub-components
+ * - Authenticator factories with nested components
+ *
+ * @parameters:
+ * - filter: parameter provided as a JSON object that accepts the following filter:
+ *     - id: [required] The ID of the parent component.
+ *     - type: [optional] Filters sub-components by their provider type (e.g., "org.keycloak.protocol.mapper.ProtocolMapper").
+ */
+exports.listSubComponents=function(filter){
+ return (kcAdminClientHandler.components.listSubComponents(filter));
+}

package/Handlers/groupsHandler.js

@@ -0,0 +1,293 @@
+const Keycloak = require("keycloak-connect");
+/**
+ * **************************************************************************************************
+ * **************************************************************************************************
+ * The groups entity allows you to manage groups in a Keycloak realm.
+ * Groups are collections of users and can have roles and attributes assigned to them.
+ * Groups help organize users and assign permissions in a scalable way
+ * **************************************************************************************************
+ * **************************************************************************************************
+ */
+let kcAdminClientHandler=null;
+exports.setKcAdminClient=function(kcAdminClient){
+ kcAdminClientHandler=kcAdminClient;
+}
+
+/**
+ * ***************************** - CREATE - *******************************
+ * Create a new group in the current realme
+  * @parameters:
+ * - groupRepresentation:An object representing the new state of the group. You can update properties such as:
+ *     - name: [optional] New name of the group
+ *     - attributes: [optional] Custom attributes up field
+ *     - path: [optional] full path of the group
+ *     - subGroups: [optional] List of child groups (can also be updated separately)
+ *     - description: [optional] the new group Description
+ *     - {other [optional] group description fields}
+ */
+exports.create=function(groupRappresentation){
+ return (kcAdminClientHandler.groups.create(groupRappresentation));
+}
+
+
+
+/**
+ * ***************************** - find - *******************************
+ * find method is used to retrieve a list of groups in a specific realm.
+ * It supports optional filtering parameters.
+ * Searching by attributes is only available from Keycloak > 15
+ * @parameters:
+ * - filter: parameter provided as a JSON object that accepts the following filter:
+ *     - {builtin attribute}: To find groups by builtin attributes such as name, id
+ *     - max: A pagination parameter used to define the maximum number of groups to return (limit).
+ *     - first: A pagination parameter used to define the number of groups to skip before starting to return results (offset/limit).
+ */
+exports.find=function(filter){
+ return (kcAdminClientHandler.groups.find(filter));
+}
+
+/**
+ * ***************************** - findOne - *******************************
+ * findOne is method used to retrieve a specific group's details by their unique identifier (id) within a given realm.
+ * It returns the full group representation if the group exists.
+ * @parameters
+ * - filter: parameter provided as a JSON object that accepts the following filter:
+ *     -id: the group id
+ */
+exports.findOne=function(filter){
+ return (kcAdminClientHandler.groups.findOne(filter));
+}
+
+
+/**
+ * ***************************** - del - *******************************
+ * Deletes a group from the realm.
+ * Return a promise that resolves when the group is successfully deleted. No content is returned on success.
+ * @parameters:
+ * - filter: parameter provided as a JSON object that accepts the following filter:
+ *     - id: The ID of the group to delete
+ */
+exports.del=function(filter){
+ return (kcAdminClientHandler.groups.del(filter));
+}
+
+
+/**
+ * ***************************** - count - *******************************
+ * Retrieves the total number of groups present in the specified realm.
+ * This is useful for pagination, reporting, or general statistics regarding group usage in a Keycloak realm.
+ * @parameters:
+ * - filter: parameter provided as a JSON object that accepts the following filter:
+ *     - realm: [optional] The name of the realm. If omitted, the default realm is used.
+ *     - search: [optional] A text string to filter the group count by name
+ */
+exports.count=function(filter){
+ return (kcAdminClientHandler.groups.count(filter));
+}
+
+
+/**
+ * ***************************** - update - *******************************
+ * Updates an existing group’s information in a Keycloak realm.
+ * You can modify the group’s name, attributes, or hierarchy by providing the group ID and the updated data.
+ * @parameters:
+ * - filter: parameter provided as a JSON object that accepts the following filter:
+ *     - id: [required] The unique ID of the group you want to update.
+ *     - realm: [optional] The realm name
+ * - groupRepresentation:An object representing the new state of the group. You can update properties such as:
+ *     - name: [optional] New name of the group
+ *     - attributes: [optional] Custom attributes up field
+ *     - path: [optional] full path of the group
+ *     - subGroups: [optional] List of child groups (can also be updated separately)
+ *     - description: [optional] the new group Description
+ *     - {other [optional] group description fields}
+ */
+exports.update=function(filter,groupRepresentation){
+ return (kcAdminClientHandler.groups.update(filter,groupRepresentation));
+}
+
+
+
+
+/**
+ * ***************************** - listSubGroups - *******************************
+ * Retrieves a paginated list of direct subgroups for a specified parent group.
+ * This method is useful when navigating hierarchical group structures within a Keycloak realm.
+ * @parameters:
+ * - filter: parameter provided as a JSON object that accepts the following filter:
+ *     - parentId: [required] ID of the parent group whose subgroups you want to list.
+ *     - first: [optional] Index of the first result for pagination (default is 0).
+ *     - max: [optional] Maximum number of results to return.
+ *     - briefRepresentation: [optional] If true, returns a lightweight version of each group (default is true).
+ *     - realm: [optional] Realm name
+ */
+exports.listSubGroups=function(filter){
+ return (kcAdminClientHandler.groups.listSubGroups(filter));
+}
+
+
+/**
+ * ***************************** - addRealmRoleMappings - *******************************
+ * Adds one or more realm-level roles to a specific group.
+ * This operation grants all users within that group the associated realm roles,
+ * effectively assigning permissions at a group level.
+ * @parameters:
+ * - role_mapping: parameter provided as a JSON object that accepts the following parameters:
+ *     - id: [required] 	The ID of the group to which roles will be added.
+ *     - roles: [required] An array of role(RoleRepresentation) objects to assign.
+ */
+exports.addRealmRoleMappings=function(role_mapping){
+ return (kcAdminClientHandler.groups.addRealmRoleMappings(role_mapping));
+}
+
+
+/**
+ * ***************************** - listAvailableRealmRoleMappings - *******************************
+ * Retrieves all available realm-level roles that can be assigned to a specific group but are not yet assigned.
+ * This helps in identifying which roles are still eligible for addition to the group.
+ * Return an array of RoleRepresentation objects representing the assignable realm roles for the group.
+ * @parameters:
+ * - filters: parameter provided as a JSON object that accepts the following parameters:
+ *     - id: [required] The ID of the group you want to inspect.
+ */
+exports.listAvailableRealmRoleMappings=function(filters){
+ return (kcAdminClientHandler.groups.listAvailableRealmRoleMappings(filters));
+}
+
+
+
+/**
+ * ***************************** - listRoleMappings - *******************************
+ * Retrieves all role mappings for a specific group, including both realm roles and client roles.
+ * This method is useful for understanding the complete set of roles that are assigned to a group.
+ * Return an object with two arrays:
+ *     - realmMappings: realm-level roles assigned to the group.
+ *     - clientMappings: a map of client IDs to the client-level roles assigned for each client.
+ *
+ * @parameters:
+ * - filters: parameter provided as a JSON object that accepts the following parameters:
+ *     - id: [required] The ID of the group whose roles to fetch
+ */
+exports.listRoleMappings=function(filters){
+ return (kcAdminClientHandler.groups.listRoleMappings(filters));
+}
+
+
+
+/**
+ * ***************************** - listRealmRoleMappings - *******************************
+ * Returns the list of realm-level roles that are directly assigned to a specific group.
+ * These roles are defined at the realm level and are not tied to any specific client.
+ * Return An array of RoleRepresentation objects
+ * @parameters:
+ * - filters: parameter provided as a JSON object that accepts the following parameters:
+ *     - id: [required] TThe ID of the group to retrieve roles for
+ */
+exports.listRealmRoleMappings=function(filters){
+ return (kcAdminClientHandler.groups.listRealmRoleMappings(filters));
+}
+
+
+
+
+/**
+ * ***************************** - listCompositeRealmRoleMappings - *******************************
+ * Retrieves all composite realm-level roles assigned to a group.
+ * This includes both directly assigned roles and those inherited through composite roles.
+ * Return An array of RoleRepresentation objects that includes all realm roles, both directly assigned and inherited via composite roles.
+ * @parameters:
+ * - filters: parameter provided as a JSON object that accepts the following parameters:
+ *     - id: [required] TThe ID of the group to retrieve roles for
+ */
+exports.listCompositeRealmRoleMappings=function(filters){
+ return (kcAdminClientHandler.groups.listCompositeRealmRoleMappings(filters));
+}
+
+
+/**
+ * ***************************** - delRealmRoleMappings - *******************************
+ * Removes one or more realm-level roles from a group's role mappings.
+ * This operation only affects roles that are directly assigned.
+ * Composite roles inherited indirectly will not be removed.
+ * @parameters:
+ * - filters: parameter provided as a JSON object that accepts the following parameters:
+ *     - id: [required] TThe ID of the group to retrieve roles for
+ *     - roles: [required] Array of roles to be removed
+ */
+exports.delRealmRoleMappings=function(filters){
+ return (kcAdminClientHandler.groups.delRealmRoleMappings(filters));
+}
+
+/**
+ * ***************************** - addClientRoleMappings - *******************************
+ * Assigns one or more client-level roles to a specific group.
+ * This allows all users belonging to that group to inherit the specified roles for a given client.
+ * @parameters:
+ * - filters: parameter provided as a JSON object that accepts the following parameters:
+ *     - id: [required] The ID of the group
+ *     - clientUniqueId: [required] The internal ID of the client
+ *     - roles: [required] Array of client roles to assign to the group
+ */
+exports.addClientRoleMappings=function(filters){
+ return (kcAdminClientHandler.groups.addClientRoleMappings(filters));
+}
+
+
+/**
+ * ***************************** - listAvailableClientRoleMappings - *******************************
+ * Retrieves the list of client roles that are available to be assigned to a specific group but are not currently mapped.
+ * This is useful when you want to show assignable roles for a group in a specific client context.
+ * @parameters:
+ * - filters: parameter provided as a JSON object that accepts the following parameters:
+ *     - id: [required] The ID of the group
+ *     - clientUniqueId: [required] The internal ID of the client
+ */
+exports.listAvailableClientRoleMappings=function(filters){
+ return (kcAdminClientHandler.groups.listAvailableClientRoleMappings(filters));
+}
+
+/**
+ * ***************************** - listClientRoleMappings - *******************************
+ * Retrieves the list of client roles that are currently assigned (mapped) to a specific group for a given client.
+ * This allows you to see which roles from a client the group already has.
+ * @parameters:
+ * - filters: parameter provided as a JSON object that accepts the following parameters:
+ *     - id: [required] The ID of the group
+ *     - clientUniqueId: [required] The internal ID of the client
+ */
+exports.listClientRoleMappings=function(filters){
+ return (kcAdminClientHandler.groups.listClientRoleMappings(filters));
+}
+
+
+
+/**
+ * ***************************** - listCompositeClientRoleMappings - *******************************
+ * Retrieves the list of composite client roles assigned to a specific group.
+ * Composite roles are roles that aggregate other roles, so this method returns client roles that include one or more roles grouped under a composite role assigned to the group.
+ * @parameters:
+ * - filters: parameter provided as a JSON object that accepts the following parameters:
+ *     - id: [required] The ID of the group
+ *     - clientUniqueId: [required] The internal ID of the client
+ */
+exports.listCompositeClientRoleMappings=function(filters){
+ return (kcAdminClientHandler.groups.listCompositeClientRoleMappings(filters));
+}
+
+
+
+/**
+ * ***************************** - delClientRoleMappings - *******************************
+ * Removes specific client role mappings from a group.
+ * This function deletes one or more client roles that were assigned to the group, effectively
+ * revoking those client roles from the group.
+ * @parameters:
+ * - filters: parameter provided as a JSON object that accepts the following parameters:
+ *     - id: [required] The ID of the group
+ *     - clientUniqueId: [required] The internal ID of the client
+ *     - roles: An array of role objects(RoleRepresentation) representing the client roles to be removed
+ */
+exports.delClientRoleMappings=function(filters){
+ return (kcAdminClientHandler.groups.delClientRoleMappings(filters));
+}
+

package/Handlers/identityProvidersHandler.js

@@ -0,0 +1,255 @@
+/**
+ * **************************************************************************************************
+ * **************************************************************************************************
+ * identityProviders lets you manage Identity Providers (IdPs) configured in a realm.
+ * These are providers like Google, Facebook, GitHub, SAML, OIDC, etc.
+ * **************************************************************************************************
+ * **************************************************************************************************
+ */
+let kcAdminClientHandler=null;
+exports.setKcAdminClient=function(kcAdminClient){
+ kcAdminClientHandler=kcAdminClient;
+}
+
+/**
+ * ***************************** - create - *******************************
+ * The method is used to create a new Identity Provider (IdP) in a Keycloak realm.
+ * An IdP allows users to authenticate via external providers such as Google, Facebook, GitHub,
+ * or another SAML/OIDC provider.
+ * This method requires specifying an alias, the provider type, and configuration settings such as client ID, client secret, and any other provider-specific options.
+ * @parameters:
+ * - identityProvidersRappresentation: parameter provided as a JSON object containing the configuration of the Identity Provider
+ *      - alias: [required] Unique name for the IdP within the realm.
+ *      - providerId: [required] Type of provider (google, facebook, oidc, saml, etc.).
+ *      - enabled: [optional] Whether the IdP is enabled. Default is true.
+ *      - displayName: [optional] Display name for the login page.
+ *      - trustEmail: [optional] Whether to trust the email from the IdP.
+ *      - storeToken: [optional] Whether to store the token from the IdP.
+ *      - linkOnly: [optional] If true, the IdP can only link accounts.
+ *      - firstBrokerLoginFlowAlias: [optional] Flow to use on first login.
+ *      - config : [optional] Provider-specific configuration, e.g., client ID, client secret, endpoints, etc.
+ */
+exports.create=function(identityProvidersRappresentation){
+ return (kcAdminClientHandler.identityProviders.create(identityProvidersRappresentation));
+}
+
+/**
+ * ***************************** - createMapper - *******************************
+ * The method creates a new mapper for an existing Identity Provider in the current realm.
+ * The mapper defines how attributes, roles, or claims from the Identity Provider are mapped to the Keycloak user model.
+ * @parameters:
+ * - mapperParams: parameter provided as a JSON object containing the fields to create a new mapper
+ *       - alias: [required] The alias of the Identity Provider to which the mapper will be attached.
+ *       - identityProviderMapper: [required] The mapper configuration object, which includes details like the mapper type, name, and configuration values
+ */
+exports.createMapper=function(mapperParams){
+ return (kcAdminClientHandler.identityProviders.createMapper(mapperParams));
+}
+
+
+/**
+ * ***************************** - findMappers - *******************************
+ * The method retrieves all mappers associated with a specific Identity Provider in the current realm.
+ * These mappers define how attributes, roles, or claims from the external Identity Provider are mapped to the Keycloak user model.
+ * @parameters:
+ * - filter: pparameter provided as a JSON object that accepts the following filter:
+ *     - alias: [required] TThe alias of the Identity Provider whose mappers you want to fetch.
+ */
+exports.findMappers=function(filter){
+ return (kcAdminClientHandler.identityProviders.findMappers(filter));
+}
+
+/**
+ * ***************************** - delMapper - *******************************
+ * The method deletes a specific mapper associated with an Identity Provider in the current realm.
+ * This is useful when you need to remove a mapping rule that translates attributes, roles, or claims from the external Identity Provider into Keycloak.
+ * @parameters:
+ * - filter: pparameter provided as a JSON object that accepts the following filter:
+ *     - alias: [required] The alias of the Identity Provider that owns the mapper.
+ *     - id : [required] The unique ID of the mapper to be deleted
+ */
+exports.delMapper=function(filter){
+ return (kcAdminClientHandler.identityProviders.delMapper(filter));
+}
+
+
+/**
+ * ***************************** - findOneMapper - *******************************
+ * The method retrieves the details of a specific mapper associated with an Identity Provider in the current realm.
+ * This allows you to inspect a mapper’s configuration, such as how attributes or claims from the
+ * external Identity Provider are mapped into Keycloak.
+ * @parameters:
+ * - filter: pparameter provided as a JSON object that accepts the following filter:
+ *     - alias: [required] The alias of the Identity Provider
+ *     - id: [required] The unique ID of the mapper to retrieve
+ */
+exports.findOneMapper=function(filter){
+ return (kcAdminClientHandler.identityProviders.findOneMapper(filter));
+}
+
+
+/**
+ * ***************************** - del - *******************************
+ * The method removes an Identity Provider from the current realm.
+ * This action deletes the provider configuration, including all its associated mappers and settings.
+ * After deletion, users will no longer be able to authenticate using that Identity Provider.
+ * @parameters:
+ * - filter: pparameter provided as a JSON object that accepts the following filter:
+ *     - alias: [required] The alias of the Identity Provider you want to delete.
+ */
+exports.del=function(filter){
+ return (kcAdminClientHandler.identityProviders.del(filter));
+}
+
+
+/**
+ * ***************************** - findOne - *******************************
+ * The method retrieves the configuration details of a specific Identity Provider in the current realm.
+ * It is useful when you need to inspect the provider’s settings, such as its alias, display name,
+ * authentication flow, or other configuration parameters.
+ * @parameters:
+ * - filter: pparameter provided as a JSON object that accepts the following filter:
+ *     - alias: [required] The alias of the Identity Provider you want to find.
+ */
+exports.findOne=function(filter){
+ return (kcAdminClientHandler.identityProviders.findOne(filter));
+}
+
+/**
+ * ***************************** - find - *******************************
+ * The method retrieves a list of all configured Identity Providers in the current realm.
+ * It allows you to see which providers (e.g., Google, GitHub, SAML, etc.)
+ * are available and get their basic configuration details.
+ */
+exports.find=function(){
+ return (kcAdminClientHandler.identityProviders.find());
+}
+
+
+/**
+ * ***************************** - update - *******************************
+ * The method updates the configuration of a specific Identity Provider in the current realm.
+ * It allows you to modify settings such as client ID, secret, authorization URLs, or any custom configuration fields exposed by the provider.
+ * @parameters:
+ * - filter: pparameter provided as a JSON object that accepts the following filter:
+ *     - alias: [required] The alias of the Identity Provider to update.
+ * - identityProviderRepresentation: An object containing the updated configuration fields:
+ *     - alias: [required] The alias of the Identity Provider.
+ *     - providerId: [required] The provider type (e.g., "google", "saml").
+ *     - {Other optional fields like displayName, config object}
+ */
+exports.update=function(filter,identityProviderRepresentation){
+ return (kcAdminClientHandler.identityProviders.update(filter,identityProviderRepresentation));
+}
+
+
+/**
+ * ***************************** - findFactory - *******************************
+ * The method retrieves information about a specific Identity Provider factory available in Keycloak.
+ * A factory represents a provider type (e.g., "oidc", "saml", "github") and contains metadata about how that provider can be configured.
+ * This is useful when you want to check what configuration options are supported before creating or updating an Identity Provider.
+ * @parameters:
+ * - filter: pparameter provided as a JSON object that accepts the following filter:
+ *     - providerId: [required] The ID of the Identity Provider factory to look up (e.g., "oidc", "saml", "google").
+ */
+exports.findFactory=function(filter){
+ return (kcAdminClientHandler.identityProviders.findFactory(filter));
+}
+
+
+/**
+ * ***************************** - findMappers - *******************************
+ * The method retrieves all mappers associated with a specific Identity Provider in Keycloak.
+ * Mappers define how information from the external Identity Provider (e.g., Google, SAML, GitHub) is mapped into Keycloak attributes, roles, or claims.
+ * This is useful to list all transformations and mappings applied to users authenticating via that provider.
+ * @parameters:
+ * - filter: parameter provided as a JSON object that accepts the following filter:
+ *     - alias: [required] The alias of the Identity Provider (set when the provider was created)
+ */
+exports.findMappers=function(filter){
+ return (kcAdminClientHandler.identityProviders.findMappers(filter));
+}
+
+
+/**
+ * ***************************** - findOneMapper - *******************************
+ * The method retrieves a single mapper associated with a specific Identity Provider in Keycloak.
+ * It’s useful when you need to inspect the configuration of a mapper before updating or deleting it.
+ * @parameters:
+ * - filter: parameter provided as a JSON object that accepts the following filter:
+ *     - alias: [required] The alias of the Identity Provider
+ *     - id: [required] The unique ID of the mapper to fetch
+ */
+exports.findOneMapper=function(filter){
+ return (kcAdminClientHandler.identityProviders.findOneMapper(filter));
+}
+
+
+
+/**
+ * ***************************** - updateMapper - *******************************
+ * The method updates an existing mapper for a given Identity Provider in Keycloak.
+ * Mappers define how attributes, roles, or claims from an external Identity Provider (e.g., Google, GitHub, SAML)
+ * are mapped into Keycloak user attributes or tokens.
+ * This method allows you to change the configuration of an existing mapper (e.g., modify the claim name, attribute name, or role assignment).
+ * @parameters:
+ * - filter: parameter provided as a JSON object that accepts the following filter:
+ *     - alias: [required] The alias of the Identity Provider (set during IdP creation).
+ *     - id: [required] The ID of the mapper to update.
+ * - mapperRepresentation: parameter provided as a JSON object that represent the updated mapper configuration object.
+ *     - id : [optional] The mapper ID.
+ *     - name: [optional] The mapper name.
+ *     - identityProviderAlias: [optional] The IdP alias.
+ *     - identityProviderMapper: [optional] The type of mapper (e.g., "oidc-user-attribute-idp-mapper").
+ *     - config: [optional] The new mapping configuration.
+ */
+exports.updateMapper=function(filter,mapperRepresentation){
+ return (kcAdminClientHandler.identityProviders.updateMapper(filter,mapperRepresentation));
+}
+
+
+
+/**
+ * ***************************** - importFromUrl - *******************************
+ * The method lets you import an Identity Provider configuration directly from a metadata URL (e.g., OIDC discovery document or SAML metadata XML).
+ * This saves you from manually entering configuration details, since Keycloak can auto-fill them from the provided URL.
+ * @parameters:
+ * - filter: parameter provided as a JSON object that accepts the following filter:
+ *     - fromUrl : [required] The URL of the IdP metadata (OIDC discovery endpoint or SAML metadata).
+ *     - providerId : [required]The type of IdP (e.g., "oidc", "saml").
+ *     - trustEmail: [optional] Whether to automatically trust emails from this IdP.
+ *     - alias: [optional] Alias for the Identity Provider (unique name).
+ */
+exports.importFromUrl=function(filter){
+ return (kcAdminClientHandler.identityProviders.importFromUrl(filter));
+}
+
+/**
+ * ***************************** - updatePermission - *******************************
+ * The method allows you to enable or disable fine-grained admin permissions for a specific Identity Provider in Keycloak.
+ * When enabled, Keycloak creates client roles (scopes) that let you define which users or groups can view or manage the Identity Provider.
+ * @parameters:
+ * - filter: parameter provided as a JSON object that accepts the following filter:
+ *     - alias: [required] The alias of the Identity Provider.
+ * - permissionRepresentation: parameter provided as a JSON object that represent the updated permission object.
+ *     - enabled: [optional] true to enable permissions, false to disable.
+ *     - realm: [optional] The realm where the IdP is defined.
+ *     - {other permisssion fields}
+ */
+exports.updatePermission=function(filter,permissionRepresentation){
+ return (kcAdminClientHandler.identityProviders.updatePermission(filter,permissionRepresentation));
+}
+
+
+/**
+ * ***************************** - listPermissions - *******************************
+ * The method retrieves the current fine-grained permission settings for a specific Identity Provider in Keycloak.
+ * It returns whether permissions are enabled and, if so, which scope roles are associated with managing and viewing the Identity Provider.
+ * @parameters:
+ * - filter: parameter provided as a JSON object that accepts the following filter:
+ *     - alias: [required] The alias of the Identity Provider.
+ *     - realm: [optional] The realm where the IdP is defined.
+ */
+exports.listPermissions=function(filter){
+ return (kcAdminClientHandler.identityProviders.listPermissions(filter));
+}