keycloak-api-manager 3.0.0 → 3.2.0

package/.idea/vcs.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="" vcs="Git" />
+  </component>
+</project>

package/.idea/workspace.xml

@@ -4,7 +4,10 @@
     <option name="autoReloadType" value="SELECTIVE" />
   </component>
   <component name="ChangeListManager">
-    <list default="true" id="880daed6-aedf-444b-8c4d-611b1320145a" name="Changes" comment="" />
+    <list default="true" id="880daed6-aedf-444b-8c4d-611b1320145a" name="Changes" comment="">
+      <change beforePath="$PROJECT_DIR$/README.md" beforeDir="false" afterPath="$PROJECT_DIR$/README.md" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/index.js" beforeDir="false" afterPath="$PROJECT_DIR$/index.js" afterDir="false" />
+    </list>
     <option name="SHOW_DIALOG" value="false" />
     <option name="HIGHLIGHT_CONFLICTS" value="true" />
     <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
@@ -79,7 +82,9 @@
       <option name="presentableId" value="Default" />
       <updated>1759849149064</updated>
       <workItem from="1759849150239" duration="1214000" />
-      <workItem from="1759917554117" duration="67183000" />
+      <workItem from="1759917554117" duration="69806000" />
+      <workItem from="1761132079959" duration="3320000" />
+      <workItem from="1762186403063" duration="2616000" />
     </task>
     <servers />
   </component>

package/README.md

@@ -200,6 +200,101 @@ Parameters:
   - refreshToken: [Optional] string containing a valid refresh token to request a new access token when using the refresh_token grant type.
 ---
 
+## 🧰 Available Helper Functions
+
+### `function setConfig(config)`
+This function updates the runtime configuration of the Keycloak-api-manager Admin Client instance.
+It allows switching the target realm, base URL, or HTTP request options without reinitializing the client or re-authenticating.
+It’s useful when you need to interact with multiple realms or environments dynamically using the same admin client instance.
+
+**` -- @parameters -- `**
+- config: is a JSON object that accepts the following parameters:
+  - realmName: [optional] The name of the target realm for subsequent API requests. 
+  - baseUrl: [optional] The base URL of the Keycloak server (e.g., https://auth.example.com). 
+  - requestOptions: [optional] Custom HTTP options (headers, timeout, etc.) applied to API calls. 
+  - realmPath: [optional] A custom realm path if your Keycloak instance uses a non-standard realm route.
+  - other fields
+
+**` -- @notes -- `**
+Calling setConfig does not perform authentication 
+- it only changes configuration values in memory.
+- The authentication token already stored in the admin client remains active until it expires.
+- Only the properties explicitly passed in the config object are updated; all others remain unchanged.
+
+If the authenticated user does not have permissions in the new realmName, subsequent calls may fail with a 403 or 404.
+
+Typically used in multi-realm or multi-environment management scripts.
+
+```js
+const KcAdminClient = require('keycloak-api-manager');
+
+
+// Switch context to another realm dynamically
+kcAdminClient.setConfig({
+  realmName: 'customer-realm',
+});
+
+// All subsequent API calls will target "customer-realm"
+const users = await kcAdminClient.users.find();
+console.log(users);
+```
+
+### `function getToken()`
+This function retrieves the current authentication tokens used by the Keycloak-api-manager Admin Client to communicate with the Keycloak REST API.
+It returns both the access token (used for API authorization) and the refresh token (used to renew the session when the access token expires).
+
+**` -- @returns -- `**
+A JSON object containing:
+- accessToken: The active access token string currently held by the Keycloak Admin Client. 
+- refreshToken: The corresponding refresh token string, if available, used to request a new access token without re-authentication.
+
+**` -- @notes -- `**
+The tokens are managed internally by the Keycloak Admin Client after successful authentication via kcAdminClient.auth().
+The accessToken typically expires after a short period (e.g., 60 seconds by default).
+You can use these tokens to call Keycloak REST endpoints manually or to debug authorization issues.
+If the client is not authenticated or the session has expired, both values may be undefined.
+
+```js
+const KcAdminClient = require('keycloak-api-manager');
+
+// Example: retrieve and print current tokens
+try {
+  const tokens = KcAdminClient.getToken();
+  console.log('Access Token:', tokens.accessToken);
+  console.log('Refresh Token:', tokens.refreshToken);
+} catch (error) {
+  console.error('Failed to retrieve tokens:', error);
+}
+
+```
+### `function auth(credentials)`
+This function allows a user or client to authenticate against a Keycloak realm and obtain an access token (and optionally a refresh token).
+It sends a direct HTTP POST request to the Keycloak OpenID Connect token endpoint using the provided credentials.
+
+**` -- @parameters -- `**
+credentials: a JSON object containing authentication details. Supported fields include:
+- username: [optional] Username of the user (required for password grant). 
+- password: [optional] Password of the user (required for password grant). 
+- grant_type: [required] The OAuth2 grant type (e.g. "password", "client_credentials", "refresh_token"). 
+
+
+```js
+const KeycloakManager = require('keycloak-api-manager');
+
+// Example: authenticate a user via password grant
+try {
+  const tokenResponse = await KeycloakManager.auth({
+    username: "demo",
+    password: "demo123",
+    grant_type: "password",
+  });
+
+  console.log("Access Token:", tokenResponse.access_token);
+} catch (error) {
+  console.error("Authentication failed:", error);
+}
+
+```
 
 ## 🔧 Available Admin Functions
 All administrative functions that rely on Keycloak's Admin API must be invoked using the
@@ -226,6 +321,7 @@ each realm manages its own set of users, roles, groups, and clients independentl
 ##### `function create(realm-dictionary)`
 create is a method used to create a new realm.
 This method accepts a realm representation object containing details such as is, name
+
 **` -- @parameters -- `**
 - realm-dictionary: is a JSON object that accepts filter parameters
   - id:[required] The internal ID of the realm. If omitted, Keycloak uses the realm name as the ID.
@@ -244,6 +340,7 @@ const KeycloakManager = require('keycloak-api-manager');
 ##### `function update(filter,realm-dictionary)`
 Updates the configuration of an existing realm. 
 You can use this method to modify settings such as login behavior, themes, token lifespans, and more.
+
 **` -- @parameters -- `**
 - filter:is a JSON object that accepts filter parameters
   - realm:[required] The identifier of the realm you want to update.
@@ -265,6 +362,7 @@ const KeycloakManager = require('keycloak-api-manager');
 ##### `function del(filter)`
 Deletes a specific realm from the Keycloak server. 
 This operation is irreversible and removes all users, clients, roles, groups, and settings associated with the realm.
+
 **` -- @parameters -- `**
 - filter: is a JSON object that accepts filter parameters
   - realm:[required] The name of the realm to delete.
@@ -291,6 +389,7 @@ console.log("Retrieved realms:",realms);
 ##### `function findOne(filter)`
 Retrieves the full configuration and metadata of a specific realm by its name (realm ID). 
 This includes settings like login policies, themes, password policies, etc.
+
 **` -- @parameters -- `**
 - filter: is a JSON object that accepts filter parameters
   - realm:[required] The name (ID) of the realm you want to retrieve.
@@ -309,6 +408,7 @@ console.log("Retrieved realm:",realmConfig);
 Performs a partial import of realm configuration into a Keycloak realm. 
 This allows you to import users, roles, groups, clients, and other components without replacing the entire realm.
 It’s useful for incremental updates or merging configuration pieces.
+
 **` -- @parameters -- `**
 - configuration: is a JSON object that accepts filter parameters
   - realm:[required] The name of the realm where the data should be imported.
@@ -346,6 +446,7 @@ const result = await KeycloakManager.realms.partialImport({
 ##### `function export(configuration)`
 Exports the configuration of a specific realm. 
 This method returns the full realm representation in JSON format, including roles, users, clients, groups, and other components depending on the provided options.
+
 **` -- @parameters -- `**
 - configuration: is a JSON object that accepts filter parameters
   - realm:[required] The name of the realm to export.
@@ -368,6 +469,7 @@ console.log(JSON.stringify(exportedRealm, null, 2));
 ##### `function getClientRegistrationPolicyProviders(configuration)`
 Fetches the list of available client registration policy providers for the specified realm.
 These providers define how new clients can be registered and what rules or validations apply (e.g., allowed scopes, required attributes).
+
 **` -- @parameters -- `**
 - configuration: is a JSON object that accepts filter parameters
   - realm:[required] The name of the realm where you want to list client registration policy providers.
@@ -385,6 +487,7 @@ await KeycloakManager.realms.getClientRegistrationPolicyProviders({
 ##### `function createClientsInitialAccess(realmFilter,options)`
 Creates a new Initial Access Token for dynamic client registration. 
 This token allows clients to register themselves with the realm using the Dynamic Client Registration API. Useful when you want to allow programmatic client creation in a controlled way.
+
 **` -- @parameters -- `**
 - realmFilter: is a JSON object that accepts filter parameters
   - realm:[required] The name of the realm where the initial access token should be created.
@@ -414,6 +517,7 @@ console.log("Initial Access Token:", initialAccess.token);
 ##### `function getClientsInitialAccess(realmFilter)`
 Retrieves all existing Initial Access Tokens for dynamic client registration in a given realm. 
 These tokens are used to allow programmatic or automated registration of clients via the Dynamic Client Registration API.
+
 **` -- @parameters -- `**
 - realmFilter: is a JSON object that accepts filter parameters
   - realm:[required] The name of the realm from which to list all initial access tokens.
@@ -437,6 +541,7 @@ console.log("Initial Access Tokens:", tokens);
 ##### `function delClientsInitialAccess(realmFilter)`
 Deletes a specific Initial Access Token used for dynamic client registration in a given realm.
 This revokes the token, preventing any future use.
+
 **` -- @parameters -- `**
 - realmFilter: is a JSON object that accepts filter parameters
   - realm:[required] The name of the realm where the token was created.
@@ -454,6 +559,7 @@ await KeycloakManager.realms.delClientsInitialAccess({
 ##### `function addDefaultGroup(realmFilter)`
 Adds an existing group to the list of default groups for a given realm.
 Users created in this realm will automatically be added to all default groups.
+
 **` -- @parameters -- `**
 - realmFilter: is a JSON object that accepts filter parameters
   - realm:[required] The name of the realm where the default group will be set.
@@ -470,6 +576,7 @@ await KeycloakManager.realms.addDefaultGroup({
 ##### `function removeDefaultGroup(realmFilter)`
 Removes a group from the list of default groups in a realm. 
 Default groups are automatically assigned to new users when they are created.
+
 **` -- @parameters -- `**
 - realmFilter: is a JSON object that accepts filter parameters
   - realm:[required] The name of the realm from which to remove the default group.
@@ -487,6 +594,7 @@ await KeycloakManager.realms.removeDefaultGroup({
 ##### `function getDefaultGroups(realmFilter)`
 Retrieves a list of all default groups for a specified realm.
 These are the groups that new users will automatically be added to upon creation.
+
 **` -- @parameters -- `**
 - realmFilter: is a JSON object that accepts filter parameters
   - realm:[required] The name of the realm from which to retrieve default groups.
@@ -504,6 +612,7 @@ console.log(defaultGroups);
 ##### `function getGroupByPath(realmFilter)`
 Retrieves a group object by specifying its hierarchical path in a realm. 
 This is useful when you know the group’s full path (e.g., /parent/child) but not its ID.
+
 **` -- @parameters -- `**
 - realmFilter: is a JSON object that accepts filter parameters
   - realm:[required] The name of the realm where the group is located.
@@ -526,6 +635,7 @@ console.log(defaultGroups);
 Retrieves the event configuration settings for a specific realm.
 This includes settings related to the event listeners, enabled event types, admin events, and more.
 Useful for auditing and tracking activities inside Keycloak.
+
 **` -- @parameters -- `**
 - realmFilter: is a JSON object that accepts filter parameters
     - realm:[required] The name of the realm from which to retrieve the event configuration.
@@ -553,6 +663,7 @@ console.log(config);
 Updates the event configuration for a given realm.
 This includes enabling/disabling events, setting specific event types to track,
 enabling admin event logging, and choosing which event listeners to use.
+
 **` -- @parameters -- `**
 - realmFilter: is a JSON object that accepts filter parameters
     - realm:[required] The name of the realm where the configuration will be updated.
@@ -582,6 +693,7 @@ const config= await KeycloakManager.realms.updateConfigEvents(
 Retrieves a list of events that occurred in a specified realm. 
 You can filter the results by event type, user, date range, and other criteria. 
 Useful for auditing login, logout, and other user-related activities.
+
 **` -- @parameters -- `**
 - realmFilter: is a JSON object that accepts filter parameters
     - realm: [required] The name of the realm to fetch events from. 
@@ -609,6 +721,7 @@ const config= await KeycloakManager.realms.findEvents({
 Retrieves administrative events that occurred in a specific realm. 
 Admin events are triggered by actions such as creating users, updating roles, or modifying realm settings. 
 This is useful for auditing changes made via the admin API or admin console.
+
 **` -- @parameters -- `**
 - realmFilter: is a JSON object that accepts filter parameters
     - realm: [required] The name of the realm to retrieve admin events from. 
@@ -642,6 +755,7 @@ const config= await KeycloakManager.realms.findAdminEvents({
 Deletes all user events (not admin events) from the event store of a specific realm. 
 Useful for resetting or cleaning up event logs related to user actions such as logins, logouts, failed login attempts, etc.
 This does not clear administrative events. To remove those, use realms.clearAdminEvents().
+
 **` -- @parameters -- `**
 - realmFilter: is a JSON object that accepts filter parameters
     - realm: [required] The name of the realm from which to clear user events.
@@ -659,6 +773,7 @@ const config= await KeycloakManager.realms.clearEvents({
 Deletes all admin events from the event store of a specific realm. 
 Admin events include actions such as creating users, updating roles, changing client settings, etc., 
 performed by administrators via the Admin Console or Admin REST API.
+
 **` -- @parameters -- `**
 - realmFilter: is a JSON object that accepts filter parameters
     - realm: [required] The name of the realm from which to clear administrative events.
@@ -711,6 +826,7 @@ console.log(permissions.enabled); // true or false
 Enables or disables fine-grained user management permissions in a specified realm. 
 This controls whether operations on users (such as creating, editing, or deleting users)
 are protected using Keycloak's authorization services.
+
 **` -- @parameters -- `**
 - update-parameters: is a JSON object that accepts this parameters
     - realm: [required] The name of the realm for which you want to update the user management permission settings.
@@ -747,6 +863,7 @@ console.log(permissions.enabled); // true
 ##### `function getKeys(filter)`
 Retrieves the realm keys metadata, including public keys, certificates, and active key information 
 used for token signing, encryption, and other cryptographic operations in the specified realm.
+
 **` -- @parameters -- `**
 - filter: is a JSON object that accepts this parameters
     - realm: [required] The name of the realm for which you want to retrieve key metadata.
@@ -786,6 +903,7 @@ console.log(Keys);
 
 ##### `function getClientSessionStats(filter)`
 Retrieves statistics about active client sessions in the specified realm. This includes the number of active sessions per client.
+
 **` -- @parameters -- `**
 - filter: is a JSON object that accepts this parameters
     - realm: [required]  The name of the realm for which you want to retrieve client session statistics.
@@ -814,6 +932,7 @@ console.log(stats);
 ##### `function pushRevocation(filter)`
 Immediately pushes a revocation policy to all clients in the specified realm. 
 This forces clients to revalidate tokens, effectively revoking cached access tokens and enforcing updated policies.
+
 **` -- @parameters -- `**
 - filter: is a JSON object that accepts this parameters
     - realm: [required]  The name of the realm where the revocation should be pushed.
@@ -833,6 +952,7 @@ console.log(pushR);
 ##### `function logoutAll(filter)`
 Logs out all active sessions for all users in the specified realm. 
 This invalidates all user sessions, forcing every user to re-authenticate.
+
 **` -- @parameters -- `**
 - filter: is a JSON object that accepts this parameters
     - realm: [required] The name of the realm from which to log out all users.
@@ -853,6 +973,7 @@ console.log('logout results:',logout);
 Tests the connection to an LDAP server using the provided configuration parameters. 
 This is useful to verify that Keycloak can reach and authenticate with the LDAP server before 
 fully integrating it into the realm configuration.
+
 **` -- @parameters -- `**
 - filter: is a JSON object that accepts this filter parameters
     - realm: [required] Name of the realm where the LDAP provider is being tested.
@@ -894,6 +1015,7 @@ const KeycloakManager = require('keycloak-api-manager');
 This function queries the LDAP server configured for a specific realm to retrieve and display its supported capabilities.
 It helps validate the connection and understand which LDAP features are available,
 such as supported controls, extensions, authentication mechanisms, and more.
+
 **` -- @parameters -- `**
 - filter: is a JSON object that accepts this filter parameters
     - realm: [required] Name of the realm where the LDAP provider is being tested.
@@ -935,6 +1057,7 @@ const KeycloakManager = require('keycloak-api-manager');
 Tests the SMTP connection using the provided configuration. 
 This allows you to verify that Keycloak can connect and send emails through the configured 
 SMTP server before applying the settings to the realm.
+
 **` -- @parameters -- `**
 - filter: is a JSON object that accepts this filter parameters
     - realm: [required] The name of the realm where the SMTP server will be tested.
@@ -974,6 +1097,7 @@ const KeycloakManager = require('keycloak-api-manager');
 ##### `function getRealmLocalizationTexts(filter)`
 Retrieves all localization texts (custom messages and labels) defined for a specific realm and locale. 
 Localization texts are used to override default Keycloak UI messages for login forms, error pages, and other user-facing content
+
 **` -- @parameters -- `**
 - filter: is a JSON object that accepts this filter parameters
     - realm: [required] The name of the realm from which to fetch localization texts.
@@ -994,6 +1118,7 @@ console.log(texts);
 ##### `function addLocalization(filter,value)`
 Adds or updates a localization text (custom UI message or label) for a specific realm and locale in Keycloak. 
 This allows you to override default messages in the login screens and other UI components with custom translations.
+
 **` -- @parameters -- `**
 - filter: is a JSON object that accepts this filter parameters
     - realm: [required] The name of the realm where the localization should be applied.
@@ -1016,6 +1141,7 @@ await KeycloakManager.realms.addLocalization({
 ##### `function getRealmSpecificLocales(filter)`
 Retrieves the list of locales (language codes) for which custom localization texts have been defined in a specific realm. 
 This function is useful to determine which locales have at least one overridden message.
+
 **` -- @parameters -- `**
 - filter: is a JSON object that accepts this filter parameters
     - realm: [required] The name of the realm for which to fetch the list of custom locales.
@@ -1046,6 +1172,7 @@ console.log(specificLocales.thekey); // new Value String for key:theKey
 ##### `function deleteRealmLocalizationTexts(filter)`
 Deletes a specific custom localization text entry for a given locale and key within a realm. 
 This is useful when you want to remove a previously added or overridden message from the realm's custom localization.
+
 **` -- @parameters -- `**
 - filter: is a JSON object that accepts this filter parameters
     - realm: [required] The name of the realm where the localization entry exists.
@@ -1078,6 +1205,7 @@ create is a method used to create a new user in the specified realm.
 This method accepts a user representation object containing details such as username, email, enabled status, 
 credentials, and other user attributes that can be get by getProfile function. 
 It is typically used when you want to programmatically add new users to your Keycloak realm via the Admin API.
+
 **` -- @parameters -- `**
 - userRepresentation: An object containing the user fields to be updated.
 ```js
@@ -1098,6 +1226,7 @@ const KeycloakManager = require('keycloak-api-manager');
 ##### `function del(filter)`
 Deletes a user from the specified realm. Once removed, the user and all associated data (such as credentials, 
 sessions, and group/role memberships) are permanently deleted.
+
 **` -- @parameters -- `**
 - id: [Required] the user ID to delete
 - realm [Optional] the realm name (defaults to current realm)
@@ -1112,6 +1241,7 @@ const KeycloakManager = require('keycloak-api-manager');
 find method is used to retrieve a list of users in a specific realm. 
 It supports optional filtering parameters such as username, email, first name, last name, and more. 
 Searching by attributes is only available from Keycloak > 15
+
 **` -- @parameters -- `**
 - filter: parameter provided as a JSON object that accepts the following filter:
   - q: A string containing a query filter by custom attributes, such as 'username:admin'. 
@@ -1152,6 +1282,7 @@ count method returns the total number of users in a given realm.
 It optionally accepts filtering parameters similar to those in users.find() such 
 as username, email, firstName, lastName and so on to count only users that match specific criteria.
 Searching by attributes is only available from Keycloak > 15
+
 **` -- @parameters -- `**
  - filter is a JSON object that accepts filter parameters, such as { email: 'test@keycloak.org' }
 ```js
@@ -1170,6 +1301,7 @@ console.log('User found:', user_count);
 update method is used to update the details of a specific user in a Keycloak realm.
 It requires at least the user’s ID(searchParams) and the updated data(userRepresentation). 
 You can modify fields like firstName, lastName, email, enabled, and more.
+
 **` -- @parameters -- `**
  - searchParams: is a JSON object that accepts filter parameters
    - id: [Required] the user ID to update
@@ -1189,6 +1321,7 @@ const user_count = await KeycloakManager.users.update({ id: 'user-Id' }, {
 resetPassword method is used to set a new password for a specific user. 
 This action replaces the user's existing credentials. You can also set whether the user is required to 
 change the password on next login.
+
 **` -- @parameters -- `**
  - newCredentialsParameters: is a JSON object that accepts filter parameters
    - id: [Required] the user ID to update
@@ -1215,6 +1348,7 @@ getCredentials() method retrieves the list of credentials (e.g., passwords, OTPs
 currently associated with a given user in a specific realm.
 This is useful for auditing, checking what types of credentials a user has set up, 
 or managing credentials such as password reset, WebAuthn deletion, etc.
+
 **` -- @parameters -- `**
  - getCredentials: is a JSON object that accepts filter parameters
    - id: [Required] the user ID to update
@@ -1230,6 +1364,7 @@ console.log(ressult);
 ##### `function deleteCredential(accountInfo)`
 deleteCredential method allows you to delete a specific credential (e.g., password, OTP, WebAuthn, etc.) from a user. 
 This is useful when you want to invalidate or remove a credential, forcing the user to reconfigure or reset it.
+
 **` -- @parameters -- `**
  - accountInfo: is a JSON object that accepts this parameters
    - id: [Required] the user ID to update
@@ -1256,6 +1391,7 @@ const KeycloakManager = require('keycloak-api-manager');
 
 ##### `function addToGroup(parameters)`
 Adds a user to a specific group within the realm.
+
 **` -- @parameters -- `**
 - parameters: is a JSON object that accepts this parameters 
   - id [required]: The user ID of the user you want to add to the group. 
@@ -1271,6 +1407,7 @@ const KeycloakManager = require('keycloak-api-manager');
  ```
 ##### `function delFromGroup(parameters)`
 Removes a user from a specific group in Keycloak.
+
 **` -- @parameters -- `**
 - parameters: is a JSON object that accepts this parameters 
   - id [required]: The user ID of the user you want to remove to the group. 
@@ -1287,6 +1424,7 @@ const KeycloakManager = require('keycloak-api-manager');
 
 ##### `function countGroups(filter)`
 Retrieves the number of groups that a given user is a member of.
+
 **` -- @parameters -- `**
 - filter is a JSON object that accepts filter parameters, such as { id: '' }
   - id: [required] The user ID of the user whose group membership count you want to retrieve.
@@ -1300,6 +1438,7 @@ console.log('Groups found:', user_count);
  ```
 ##### `function listGroups(filter)`
 Returns the list of groups that a given user is a member of.
+
 **` -- @parameters -- `**
 - filter is a JSON object that accepts filter parameters, such as { id: '' }
   - id: [required] The user ID of the user whose group membership you want to retrieve.
@@ -1794,6 +1933,7 @@ Clients represent entities that want to interact with Keycloak for authenticatio
 
 ##### `function create(client_dictionary)`
 Creates a new client with the provided configuration
+
 **` -- @parameters -- `**
 - client_dictionary:  An object(JSON) of type ClientRepresentation, containing the configuration for the new client.
     - clientId: [required] string	The unique identifier for the client (required). 
@@ -1819,6 +1959,7 @@ console.log("New Client Created:", client);
 Retrieves a list of all clients in the current realm, optionally filtered by query parameters. 
 This method is useful for listing all registered applications or services in Keycloak or searching 
 for a specific one using filters like clientId.
+
 **` -- @parameters -- `**
 - filter: A JSON structure used to filter results based on specific fields:
   - clientId: [optional] string filter to search clients by their clientId. 
@@ -1835,6 +1976,7 @@ console.log("Clients:", clients);
 ##### `function findOne(filter)`
 Retrieves detailed information about a specific client within a realm by its unique client ID. 
 This method fetches the client’s configuration, including its settings, roles, protocols, and other metadata.
+
 **` -- @parameters -- `**
 - filter: A JSON structure used to filter results based on specific fields:
   - id: [optional] 	The unique identifier of the client to retrieve
@@ -1849,6 +1991,7 @@ console.log("Clients:", clients);
 ##### `function del(filter)`
 Deletes a client from the realm using its internal ID. 
 This operation is irreversible and will remove the client and all its associated roles, permissions, and configurations.
+
 **` -- @parameters -- `**
 - filter: A JSON structure used to filter results based on specific fields:
   - id: [required] The internal ID of the client to delete (not clientId)
@@ -1863,6 +2006,7 @@ console.log(`Client successfully deleted.`);
 ##### `function update(filter,clientRepresentation)`
 Updates the configuration of an existing client in the realm. 
 You can modify various attributes such as the client name, redirect URIs, protocol, access type, and more.
+
 **` -- @parameters -- `**
 - filter: A JSON structure used to filter results based on specific fields:
   - id: [required] The unique ID of the client you want to update
@@ -1888,6 +2032,7 @@ console.log(`Client successfully updated.`);
 Creates a new client role under a specific client. 
 Client roles are roles associated with a specific client (application), and are useful 
 for fine-grained access control within that client.
+
 **` -- @parameters -- `**
 - role_parameters: JSON structure that defines the role like:
     - id: [required] The internal ID of the client where the role will be created. 
@@ -1910,6 +2055,7 @@ console.log("Client role:", role);
 ##### `function findRole(filter)`
 Retrieves a specific client role by name from a given client. 
 This is useful when you want to inspect or verify the properties of a role defined within a particular client.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The internal ID of the client (not the clientId string) where the role is defined.
@@ -1929,6 +2075,7 @@ console.log("Client role:", role);
 ##### `function updateRole(filter,roleRepresentation)`
 Updates the attributes of a specific client role in Keycloak. 
 This includes changing the role's name, description, or any associated metadata.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The internal ID of the client (not the clientId string) where the role is defined.
@@ -1953,6 +2100,7 @@ Deletes a client role by its name for a specific client.
 This permanently removes the role from the specified client in Keycloak.
 A promise that resolves to void if the deletion is successful. 
 If the role does not exist or the operation fails, an error will be thrown.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The internal ID of the client (not the clientId string) where the role is defined.
@@ -1971,6 +2119,7 @@ const role= await KeycloakManager.clients.delRole({
 ##### `function listRoles(filter)`
 Retrieves all roles defined for a specific client within the realm. 
 These roles can be used to assign permissions to users or groups for the specific client application.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The internal ID of the client (not clientId)
@@ -1988,6 +2137,7 @@ console.log("Client roles:", roles);
 ##### `function getClientSecret(filter)`
 Retrieves the client secret associated with a confidential client in Keycloak. 
 This is typically used for clients using client_credentials or authorization_code flows where the secret is required to authenticate the client.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The internal ID of the client (not clientId)
@@ -2006,6 +2156,7 @@ console.log("Client secret:", secret);
 ##### `function generateNewClientSecret(filter)`
 Generates a new client secret for a confidential client in Keycloak. This will overwrite the existing secret and return the newly generated one. 
 It is useful when rotating credentials or recovering access.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The internal ID of the client (not clientId)
@@ -2024,6 +2175,7 @@ console.log("New client secret:", secret.value);
 ##### `function generateRegistrationAccessToken(filter)`
 Generates a new registration access token for a client. This token allows the client to make authorized requests to the client registration REST API. 
 It’s particularly useful in dynamic client registration workflows or when automating client updates via external systems.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The internal ID of the client (not clientId)
@@ -2318,6 +2470,7 @@ console.log("Roles successfully mapped to client!");
 ##### `function clients.listClientScopeMappings(filter)`
 The method is used to list all client role mappings assigned to a client.
 It shows which roles from another client (source) are already mapped to the target client.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the target client (where roles are mapped)
@@ -2340,6 +2493,7 @@ console.log("Mapped roles:", assignedRoles);
 ##### `function clients.listCompositeClientScopeMappings(filter)`
 The method is used to list both direct and composite (inherited) client role mappings that are assigned to a target client.
 It differs from listClientScopeMappings because it expands composite roles and shows all roles that are effectively available to the client.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the target client (the one receiving the mappings)
@@ -2362,6 +2516,7 @@ console.log("Effective (composite) role mappings:", effectiveRoles);
 ##### `function clients.delClientScopeMappings(filter)`
 The method is used to remove one or more client role mappings from a target client.
 It is the reverse of clients.addClientScopeMappings
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] ID of the target client (the client losing the roles)
@@ -2394,6 +2549,7 @@ console.log("Roles removed from client mappings");
 ##### `function clients.listAvailableRealmScopeMappings(filter)`
 The method is used to retrieve all realm-level roles that are available to be assigned to a specific client. 
 These are roles defined at the realm level that the client does not yet have mapped, allowing you to see what can be added.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client for which you want to list available realm-level role mappings.
@@ -2413,6 +2569,7 @@ console.log("Available realm roles for client:", availableRealmRoles);
 ##### `function clients.listAvailableRealmScopeMappings(filter)`
 The method is used to retrieve all realm-level roles that are available to be assigned to a specific client. 
 These are roles defined at the realm level that the client does not yet have mapped, allowing you to see what can be added.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client for which you want to list available realm-level role mappings.
@@ -2433,6 +2590,7 @@ console.log("Available realm roles for client:", availableRealmRoles);
 ##### `function clients.listRealmScopeMappings(filter)`
 The method retrieves the realm-level roles currently assigned to a client as part of its scope mappings.
 This shows which realm roles the client is allowed to request on behalf of users.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The client ID whose realm-level scope mappings you want to list
@@ -2452,6 +2610,7 @@ console.log("Realm roles mapped to client:", roles.map(r => r.name));
 ##### `function clients.listCompositeRealmScopeMappings(filter)`
 The method retrieves all composite realm-level roles associated with a client through its scope mappings.
 This includes not only the roles directly mapped to the client, but also roles inherited through composite roles.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The client ID whose composite realm scope mappings you want to list
@@ -2472,6 +2631,7 @@ console.log("Realm composite roles mapped to client:", roles.map(r => r.name));
 ##### `function clients.addRealmScopeMappings(filter,roles)`
 The method is used to assign realm-level role mappings to a specific client.
 This effectively grants the client access to the specified realm roles.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The client ID that will receive the new realm-level role mappings.
@@ -2491,6 +2651,7 @@ await KeycloakManager.clients.addRealmScopeMappings(
 ##### `function clients.delRealmScopeMappings(filter,roles)`
 The method removes realm-level roles from a client’s scope mappings.
 This is the opposite of clients.addRealmScopeMappings.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The client ID whose realm role mapping must be removed.
@@ -2509,6 +2670,7 @@ await KeycloakManager.clients.delRealmScopeMappings(
 
 ##### `function clients.listSessions(filter)`
 The method retrieves active user sessions for a specific client.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The client ID whose session must be retrieved 
@@ -2536,6 +2698,7 @@ sessions.forEach(s =>
 ##### `function clients.listOfflineSessions(filter)`
 The method retrieves offline sessions associated with a given client.
 Offline sessions are created when a client uses offline tokens (refresh tokens with offline_access scope)
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The client ID whose session must be retrieved 
@@ -2562,6 +2725,7 @@ sessions.forEach(s =>
 ##### `function clients.getSessionCount(filter)`
 The method retrieves the number of active user sessions for a given client.
 This includes online sessions, not offline sessions (those are retrieved with listOfflineSessions).
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The client ID whose session must be retrieved
@@ -2582,6 +2746,7 @@ console.log(`Client internal-client-id has ${sessionCount.count} active sessions
 The method retrieves the number of offline sessions associated with a given client. 
 Offline sessions represent sessions where the user has a valid offline token, typically used for long-lived access 
 without requiring active login.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client for which you want to count offline sessions.
@@ -2602,6 +2767,7 @@ console.log(`Client internal-client-id has ${sessionCount.count} offline session
 The method is used to register a cluster node for a specific Keycloak client. 
 This is relevant in scenarios where you are running Keycloak in a clustered environment and want to synchronize 
 client sessions and node information across multiple instances.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client for which you want to add a cluster node. 
@@ -2623,6 +2789,7 @@ await KeycloakManager.clients.addClusterNode({
 The method in Keycloak Admin Client is used to remove a previously registered cluster node for a specific client. 
 This is useful in clustered environments when a node is no longer active or should be deregistered from the
 client session synchronization.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client for which you want to remove a cluster node.
@@ -2642,6 +2809,7 @@ await KeycloakManager.clients.deleteClusterNode({
 ##### `function clients.generateAndDownloadKey(filter,config)`
 The method is used to generate a new cryptographic key for a client and download it. 
 This is typically used for clients that require client credentials, JWT signing, or encryption.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client for which you want to generate the key
@@ -2686,6 +2854,7 @@ console.log('Keystore saved ad client-keystore.jks');
 The method is used to generate a new cryptographic key for a client without automatically downloading it. 
 This is useful for creating new signing or encryption keys associated with a client directly within Keycloak.
 Unlike clients.generateAndDownloadKey, this method only generates the key and stores it in Keycloak. It does not return the key material to the caller
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client for which you want to generate the key
@@ -2711,6 +2880,7 @@ console.log('New RSA key successfully generated for client');
 ##### `function clients.getKeyInfo(filter)`
 The method is used to retrieve metadata about the keys associated with a specific client.
 It does not return the actual key material but provides information such as the key type, provider, algorithm, and status.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client whose key information should be retrieved
@@ -2736,6 +2906,7 @@ console.log("Client key info:", keyInfo);
 ##### `function clients.downloadKey(filter,config)`
 The method Downloads a client’s cryptographic key (certificate) from Keycloak. 
 This is typically used when you need to retrieve the public certificate of a client for token validation, signing, or encryption purposes.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client whose key information should be downloaded
@@ -2786,6 +2957,7 @@ console.log(cert);
 The method in the Keycloak Admin Client is used to create a new authorization scope for a specific client.
 Authorization scopes are part of Keycloak’s Authorization Services and represent fine-grained permissions 
 that can later be linked to resources and policies.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] TThe ID of the client for which the scope will be created 
@@ -2813,6 +2985,7 @@ await KeycloakManager.clients.createAuthorizationScope(
 ##### `function clients.listAllScopes(filter)`
 The method is used to retrieve all available scopes for a specific client.
 This includes both default scopes and optional scopes that can be assigned to the client.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client whose scopes you want to list
@@ -2833,6 +3006,7 @@ console.log(scopes);
 ##### `function clients.updateAuthorizationScope(filter,AuthorizationScopeRepresentation)`
 The method is used to update an existing authorization scope for a specific client. 
 Authorization scopes define permissions that can be used in policies and permissions for the client’s resources.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client to which the scope belongs 
@@ -2867,6 +3041,7 @@ console.log('Authorization scope updated successfully');
 ##### `function clients.getAuthorizationScope(filter)`
 The method is used to retrieve the details of a specific authorization scope associated with a client. 
 Authorization scopes define permissions that can be applied to resources and policies in Keycloak.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client to which the scope belongs 
@@ -2888,6 +3063,7 @@ console.log('Authorization scope details:', scope);
 ##### `function clients.listAllResourcesByScope(filter)`
 The method is used to retrieve all resources associated with a specific authorization scope for a given client. 
 This allows you to see which resources are governed by a particular scope in the client’s authorization settings.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client to which the scope belongs 
@@ -2910,6 +3086,7 @@ console.log('Resources associated with this scope:', resources);
 ##### `function clients.listAllPermissionsByScope(filter)`
 The method is used to retrieve all permissions associated with a specific authorization scope for a given client. 
 This is helpful for understanding which permissions (policies and rules) are applied when a particular scope is used.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client to query 
@@ -2935,6 +3112,7 @@ console.log('Permissions associated with this scope:', permissions);
 The method is used to retrieve all scopes associated with a specific permission for a given client. 
 This allows you to see which scopes a permission controls, helping you manage fine-grained access rules 
 in Keycloak’s Authorization Services (UMA 2.0) framework.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client whose permission scopes you want to list
@@ -2961,6 +3139,7 @@ console.log('Permission Scopes:', permissionScopes);
 The method is used to import a resource into a client. 
 This is part of Keycloak’s Authorization Services (UMA 2.0) and allows you to programmatically define 
 resources that a client can protect with policies and permissions.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client to which the resource should be imported 
@@ -2994,6 +3173,7 @@ console.log('Resource imported successfully');
 The method is used to export a resource from a client. 
 This allows you to retrieve the full configuration of a resource, including its URIs, scopes, 
 and associated permissions, which can then be backed up, replicated, or modified externally.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client from which to export the resource 
@@ -3016,6 +3196,7 @@ console.log('Exported Resource:', exportedResource);
 The method is used to create a new resource under a specific client. 
 A resource represents a protected entity in Keycloak’s authorization services, such as a REST endpoint,
 a document, or any application-specific asset. This allows you to manage fine-grained access control via policies and permissions.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client where the resource will be created
@@ -3050,6 +3231,7 @@ console.log('Created Resource:', createdResource);
 The method is used to retrieve a specific resource of a client by its ID. 
 Resources in Keycloak represent protected entities, such as APIs, documents, or any application-specific assets, 
 that can have associated scopes, policies, and permissions for fine-grained access control.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client that owns the resource 
@@ -3071,6 +3253,7 @@ console.log('Retrieved Resource:', resource);
 The method is used to retrieve the resource server settings of a client. 
 A resource server in Keycloak represents a client that is enabled with Authorization Services, 
 meaning it can define resources, scopes, permissions, and policies for fine-grained access control.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client whose resource server configuration you want to retrieve
@@ -3091,6 +3274,7 @@ console.log('Resource Server:', resourceServer);
 The method is used to update the configuration of a client’s resource server. 
 A resource server defines authorization settings such as resources, scopes, permissions, 
 and policies that control fine-grained access to protected assets.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client whose resource server configuration should be updated
@@ -3121,6 +3305,7 @@ console.log("Resource server updated successfully");
 ##### `function clients.listPermissionsByResource(filter)`
 The method is used to retrieve all permissions associated with a specific resource within a client’s resource server. 
 This is part of the Keycloak Authorization Services API and helps administrators inspect which permissions are linked to a given protected resource.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
   - id: [required] The ID of the client (the resource server). 
@@ -3144,6 +3329,7 @@ console.log("Permissions for resource:", permissions);
 The method is used to create a new permission for a client.
 Permissions define which users or roles can access specific resources or scopes within the client,
 based on policies you configure. This is part of Keycloak’s Authorization Services (UMA 2.0) framework.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client for which the permission will be created
@@ -3181,6 +3367,7 @@ console.log('Permission created');
 The method is used to search for permissions within a client’s resource server.
 Permissions in Keycloak represent rules that define how policies are applied to resources or scopes,
 and this method allows you to list and filter them based on specific criteria.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client (the resource server) where permissions are defined 
@@ -3209,6 +3396,7 @@ console.log("Permissions found:", permissions);
 The method updates the fine-grained admin permissions configuration for a specific client.
 Fine-grained permissions allow you to control which users/roles can manage different aspects of a client 
 (e.g., who can manage roles, protocol mappers, or scope assignments).
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client (the resource server) where permissions are defined 
@@ -3229,6 +3417,7 @@ console.log("Fine-grained permissions updated successfully");
 ##### `function clients.listFineGrainPermissions(filter)`
 The method retrieves the current fine-grained admin permission settings for a given client.
 This is useful for checking which permissions are configured (e.g., managing roles, protocol mappers, or client scopes).
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client (the resource server) where permissions are defined
@@ -3248,6 +3437,7 @@ console.log("Fine-grained permissions for client:", permissions);
 ##### `function clients.getAssociatedScopes(filter)`
 The method is used to retrieve all scopes associated with a specific permission within a client’s resource server.
 In Keycloak’s Authorization Services, permissions can be linked to one or more scopes to define the contexts in which they apply. This method allows you to query those associations.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client whose permission scopes you want to list
@@ -3268,6 +3458,7 @@ console.log("Associated scopes:", scopes);
 ##### `function clients.getAssociatedPolicies(filter)`
 The method is used to retrieve all policies associated with a specific permission within a client’s resource server.
 n Keycloak Authorization Services, permissions can be tied to one or more policies that define the conditions under which access is granted. This method lets you fetch those policy associations
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client whose permission policies you want to list
@@ -3290,6 +3481,7 @@ console.log("Associated policies:", policies);
 ##### `function clients.getAssociatedResources(filter)`
 The method is used to retrieve all resources linked to a specific permission in a client’s resource server.
 In Keycloak Authorization Services, permissions can be scoped to one or more resources (such as APIs, endpoints, or domain-specific entities). This method allows you to query those resource associations.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client whose permission resource you want to list
@@ -3312,6 +3504,7 @@ console.log("Associated resources:", resources);
 ##### `function clients.listScopesByResource(filter)`
 The method is used to list all authorization scopes associated with a specific resource in a client’s resource server. 
 This allows administrators to understand which scopes are directly linked to a protected resource and therefore which permissions can be applied to it.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
   - id: [required] The ID of the client (the resource server). 
@@ -3335,6 +3528,7 @@ console.log("Scopes for resource:", scopes);
 ##### `function clients.listResources(filter)`
 The method is used to retrieve all resources defined in a client’s resource server. 
 Resources represent protected entities (such as APIs, files, or services) that can be associated with scopes and permissions in Keycloak’s authorization services.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
   - id: [required] The ID of the client (the resource server) 
@@ -3362,6 +3556,7 @@ console.log("Resources:", resources);
 ##### `function clients.updateResource(filter,resourceRepresentation)`
 The method is used to update an existing resource in a client’s resource server. 
 Resources represent protected entities (APIs, files, services, etc.) that can be secured with scopes and permissions under Keycloak’s Authorization Services
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
   - id: [required] The ID of the client (the resource server)
@@ -3403,6 +3598,7 @@ console.log("Resource updated successfully");
 The method is used to create a new policy for a client’s resource server under Keycloak’s Authorization Services.
 Policies define the rules that determine whether access should be granted or denied to a given resource, scope, or permission. 
 They can be based on users, roles, groups, conditions, or custom logic.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
   - id: [required] The ID of the client (the resource server) where the policy will be created.
@@ -3452,6 +3648,7 @@ console.log("Policy created successfully");
 ##### `function clients.listDependentPolicies(filter)`
 The method is used to list all policies that depend on a given policy within a client’s resource server.
 This is useful when you want to understand how a policy is referenced by other policies, permissions, or configurations, helping you manage complex authorization structures.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
   - id: [required] The ID of the client (the resource server) where the policy exists. 
@@ -3478,6 +3675,7 @@ console.log("Dependent policies:", dependentPolicies);
 ##### `function clients.evaluateGenerateAccessToken(filter)`
 The method is used to generate or simulate an access token for a specific client, typically for testing or evaluating the token
 contents without performing a full user login. This can help you verify client roles, scopes, and protocol mappers included in the token
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] ID of the client for which you want to generate or evaluate the access token
@@ -3505,6 +3703,7 @@ console.log("Generated access token:", token);
 The method is used to generate or simulate an ID token for a specific client, usually for testing or evaluating the token without
 performing a full user login. This allows you to verify which claims, scopes, and protocol mappers are included in the ID 
 token for the client.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] ID of the client for which you want to generate or evaluate the ID token
@@ -3531,6 +3730,7 @@ console.log("Generated ID token:", token);
 The method is used to generate or simulate a UserInfo response for a specific client, typically for testing or evaluating what 
 user information would be returned by the UserInfo endpoint for that client. This helps verify which claims are included in the 
 UserInfo response without performing a full login flow.
+
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
     - id: [required] The ID of the client for which you want to generate the UserInfo response
@@ -4147,6 +4347,7 @@ if (mapper) {
 ##### `function findProtocolMappersByProtocol(filter)`
 The method retrieves all protocol mappers of a given protocol (e.g., openid-connect or saml) for a specific client scope in a realm.
 This is useful when you want to filter protocol mappers by the authentication protocol they are associated with.
+
 **` -- @parameters -- `**
 - filter: parameter provided as a JSON object that accepts the following filter:
   - id: [required] The ID of the client scope to search within.
@@ -4174,6 +4375,7 @@ if (mapper) {
 The method deletes a protocol mapper from a specific client scope in a realm.
 Protocol mappers define how user attributes, roles, or other information are mapped into tokens (ID token, access token, or user info) in Keycloak. 
 Deleting a mapper removes its configuration from the client scope.
+
 **` -- @parameters -- `**
 - filter: parameter provided as a JSON object that accepts the following filter:
   - id: [required] The ID of the client scope containing the protocol mapper.
@@ -4197,6 +4399,7 @@ console.log("Protocol mapper deleted successfully");
 ##### `function listProtocolMappers(filter)`
 The method retrieves all protocol mappers associated with a specific client scope in a realm.
 Protocol mappers define how user attributes, roles, or other data are mapped into tokens (ID token, access token, or user info) in Keycloak.
+
 **` -- @parameters -- `**
 - filter: parameter provided as a JSON object that accepts the following filter:
   - id: [required] The ID of the client scope to list protocol mappers from.
@@ -4219,6 +4422,7 @@ console.log("Protocol mappers for client scope:", mappers);
 The method adds multiple protocol mappers to a specific client scope in a realm.
 Protocol mappers define how user attributes, roles, or other data are mapped into tokens (ID token, access token, or user info) in Keycloak. 
 With this method, you can configure several mappers in a single request.
+
 **` -- @parameters -- `**
 - filter: parameter provided as a JSON object that accepts the following filter:
   - id: [required] The ID of the client scope where the protocol mappers should be added.
@@ -4351,6 +4555,7 @@ console.log("Protocol mapper updated successfully");
 The method retrieves all scope mappings for a given client scope in a realm. 
 Scope mappings define which roles (from realm roles or client roles) are granted to a client scope. 
 These roles determine the permissions and access tokens issued for clients using this scope.
+
 **` -- @parameters -- `**
 - filter: parameter provided as a JSON object that accepts the following filter:
     - id: [required] The ID of the client scope to list scope mapping.
@@ -4690,6 +4895,7 @@ The method is used to create a new Identity Provider (IdP) in a Keycloak realm.
 An IdP allows users to authenticate via external providers such as Google, Facebook, GitHub, 
 or another SAML/OIDC provider. 
 This method requires specifying an alias, the provider type, and configuration settings such as client ID, client secret, and any other provider-specific options.
+
 **` -- @parameters -- `**
 - identityProvidersRappresentation: parameter provided as a JSON object containing the configuration of the Identity Provider
     - alias: [required] Unique name for the IdP within the realm. 
@@ -4725,6 +4931,7 @@ console.log("Created Identity Provider:", newIdP);
 ##### `function identityProviders.createMapper(mapperParams)`
 The method creates a new mapper for an existing Identity Provider in the current realm. 
 The mapper defines how attributes, roles, or claims from the Identity Provider are mapped to the Keycloak user model.
+
 **` -- @parameters -- `**
 - mapperParams: parameter provided as a JSON object containing the fields to create a new mapper
     - alias: [required] The alias of the Identity Provider to which the mapper will be attached. 
@@ -4752,6 +4959,7 @@ const KeycloakManager = require('keycloak-api-manager');
 ##### `function identityProviders.findMappers(filter)`
 The method retrieves all mappers associated with a specific Identity Provider in the current realm. 
 These mappers define how attributes, roles, or claims from the external Identity Provider are mapped to the Keycloak user model.
+
 **` -- @parameters -- `**
 - filter: pparameter provided as a JSON object that accepts the following filter:
     - alias: [required] TThe alias of the Identity Provider whose mappers you want to fetch.
@@ -4772,6 +4980,7 @@ console.log(mappers);
 ##### `function identityProviders.delMapper(filter)`
 The method deletes a specific mapper associated with an Identity Provider in the current realm. 
 This is useful when you need to remove a mapping rule that translates attributes, roles, or claims from the external Identity Provider into Keycloak.
+
 **` -- @parameters -- `**
 - filter: pparameter provided as a JSON object that accepts the following filter:
     - alias: [required] The alias of the Identity Provider that owns the mapper. 
@@ -4792,6 +5001,7 @@ console.log("Mapper deleted successfully");
 ##### `function identityProviders.findOneMapper(filter)`
 The method retrieves the details of a specific mapper associated with an Identity Provider in the current realm. 
 This allows you to inspect a mapper’s configuration, such as how attributes or claims from the external Identity Provider are mapped into Keycloak.
+
 **` -- @parameters -- `**
 - filter: pparameter provided as a JSON object that accepts the following filter:
     - alias: [required] The alias of the Identity Provider. 
@@ -4812,6 +5022,7 @@ console.log("Mapper details:", mapper);
 The method removes an Identity Provider from the current realm. 
 This action deletes the provider configuration, including all its associated mappers and settings. 
 After deletion, users will no longer be able to authenticate using that Identity Provider.
+
 **` -- @parameters -- `**
 - filter: pparameter provided as a JSON object that accepts the following filter:
     - alias: [required] The alias of the Identity Provider you want to delete.
@@ -4829,6 +5040,7 @@ console.log(`Identity Provider deleted successfully`);
 ##### `function identityProviders.findOne(filter)`
 The method retrieves the configuration details of a specific Identity Provider in the current realm. 
 It is useful when you need to inspect the provider’s settings, such as its alias, display name, authentication flow, or other configuration parameters.
+
 **` -- @parameters -- `**
 - filter: pparameter provided as a JSON object that accepts the following filter:
     - alias: [required] The alias of the Identity Provider you want to find.
@@ -4866,6 +5078,7 @@ providers.forEach((provider) => {
 ##### `function identityProviders.update(filter,identityProviderRepresentation)`
 The method updates the configuration of a specific Identity Provider in the current realm. 
 It allows you to modify settings such as client ID, secret, authorization URLs, or any custom configuration fields exposed by the provider.
+
 **` -- @parameters -- `**
 - filter: pparameter provided as a JSON object that accepts the following filter:
     - alias: [required] The alias of the Identity Provider to update. 
@@ -4892,6 +5105,7 @@ const KeycloakManager = require('keycloak-api-manager');
 The method retrieves information about a specific Identity Provider factory available in Keycloak. 
 A factory represents a provider type (e.g., "oidc", "saml", "github") and contains metadata about how that provider can be configured. 
 This is useful when you want to check what configuration options are supported before creating or updating an Identity Provider.
+
 **` -- @parameters -- `**
 - filter: pparameter provided as a JSON object that accepts the following filter:
   - providerId: [required] The ID of the Identity Provider factory to look up (e.g., "oidc", "saml", "google").
@@ -4912,6 +5126,7 @@ console.log("Factory details:", factory);
 The method retrieves all mappers associated with a specific Identity Provider in Keycloak. 
 Mappers define how information from the external Identity Provider (e.g., Google, SAML, GitHub) is mapped into Keycloak attributes, roles, or claims. 
 This is useful to list all transformations and mappings applied to users authenticating via that provider.
+
 **` -- @parameters -- `**
 - filter: parameter provided as a JSON object that accepts the following filter:
   - alias: [required] The alias of the Identity Provider (set when the provider was created).
@@ -4929,6 +5144,7 @@ console.log("Mappers for Google IdP:", mappers);
 ##### `function identityProviders.findOneMapper(filter)`
 The method retrieves a single mapper associated with a specific Identity Provider in Keycloak.
 It’s useful when you need to inspect the configuration of a mapper before updating or deleting it.
+
 **` -- @parameters -- `**
 - filter: parameter provided as a JSON object that accepts the following filter:
   - alias: [required] The alias of the Identity Provider. 
@@ -4953,6 +5169,7 @@ if (mapper) {
 The method updates an existing mapper for a given Identity Provider in Keycloak.
 Mappers define how attributes, roles, or claims from an external Identity Provider (e.g., Google, GitHub, SAML) are mapped into Keycloak user attributes or tokens.
 This method allows you to change the configuration of an existing mapper (e.g., modify the claim name, attribute name, or role assignment).
+
 **` -- @parameters -- `**
 - filter: parameter provided as a JSON object that accepts the following filter:
     - alias: [required] The alias of the Identity Provider (set during IdP creation). 
@@ -4991,6 +5208,7 @@ console.log("Mapper updated successfully!");
 ##### `function identityProviders.importFromUrl(filter)`
 The method lets you import an Identity Provider configuration directly from a metadata URL (e.g., OIDC discovery document or SAML metadata XML).
 This saves you from manually entering configuration details, since Keycloak can auto-fill them from the provided URL.
+
 **` -- @parameters -- `**
 - filter: parameter provided as a JSON object that accepts the following filter:
   - fromUrl : [required] The URL of the IdP metadata (OIDC discovery endpoint or SAML metadata). 
@@ -5014,6 +5232,7 @@ console.log("Imported IdP:", importedIdp);
 ##### `function identityProviders.updatePermission(filter,permissionRepresentation)`
 The method allows you to enable or disable fine-grained admin permissions for a specific Identity Provider in Keycloak.
 When enabled, Keycloak creates client roles (scopes) that let you define which users or groups can view or manage the Identity Provider.
+
 **` -- @parameters -- `**
 - filter: parameter provided as a JSON object that accepts the following filter: 
   - alias: [required] The alias of the Identity Provider. 
@@ -5036,6 +5255,7 @@ console.log("Updated permission:", updatedPermissions);
 ##### `function identityProviders.listPermissions(filter)`
 The method retrieves the current fine-grained permission settings for a specific Identity Provider in Keycloak.
 It returns whether permissions are enabled and, if so, which scope roles are associated with managing and viewing the Identity Provider.
+
 **` -- @parameters -- `**
 - filter: parameter provided as a JSON object that accepts the following filter: 
   - alias: [required] The alias of the Identity Provider. 
@@ -5062,6 +5282,7 @@ Groups help organize users and assign permissions in a scalable way
 #### `entity groups functions`
 ##### `function create(groupRappresentation)`
 Create a new group in the current realme
+
 **` -- @parameters -- `**
 - groupRepresentation:An object representing the new state of the group. You can update properties such as:
     - name: [optional] New name of the group
@@ -5082,6 +5303,7 @@ const KeycloakManager = require('keycloak-api-manager');
 find method is used to retrieve a list of groups in a specific realm.
 It supports optional filtering parameters.
 Searching by attributes is only available from Keycloak > 15
+
 **` -- @parameters -- `**
 - filter: parameter provided as a JSON object that accepts the following filter:
     - {builtin attribute}: To find groips by builtin attributes such as name, id
@@ -5115,6 +5337,7 @@ else console.log('Group not found');
 ##### `function del(filter)`
 Deletes a group from the realm.
 Return a promise that resolves when the group is successfully deleted. No content is returned on success.
+
 **` -- @parameters -- `**
 - filter: parameter provided as a JSON object that accepts the following filter:
     - id: The ID of the group to delete.
@@ -5128,6 +5351,7 @@ const group = await KeycloakManager.groups.del({ id: 'group-id' });
 ##### `function count(filter)`
 Retrieves the total number of groups present in the specified realm. 
 This is useful for pagination, reporting, or general statistics regarding group usage in a Keycloak realm.
+
 **` -- @parameters -- `**
 - filter: parameter provided as a JSON object that accepts the following filter:
   - realm: [optional] The name of the realm. If omitted, the default realm is used. 
@@ -5149,6 +5373,7 @@ console.log('Total cool-group groups:', result.count);
 ##### `function update(filter,groupRepresentation)`
 Updates an existing group’s information in a Keycloak realm. 
 You can modify the group’s name, attributes, or hierarchy by providing the group ID and the updated data.
+
 **` -- @parameters -- `**
 - filter: parameter provided as a JSON object that accepts the following filter:
   - id: [required] The unique ID of the group you want to update. 
@@ -5173,6 +5398,7 @@ await KeycloakManager.groups.update(
 ##### `function listSubGroups(filter)`
 Retrieves a paginated list of direct subgroups for a specified parent group. 
 This method is useful when navigating hierarchical group structures within a Keycloak realm.
+
 **` -- @parameters -- `**
 - filter: parameter provided as a JSON object that accepts the following filter:
   - parentId: [required] ID of the parent group whose subgroups you want to list.
@@ -5196,6 +5422,7 @@ await KeycloakManager.groups.listSubGroups({
 ##### `function addRealmRoleMappings(role_mapping)`
 Adds one or more realm-level roles to a specific group. 
 This operation grants all users within that group the associated realm roles, effectively assigning permissions at a group level.
+
 **` -- @parameters -- `**
 - role_mapping: parameter provided as a JSON object that accepts the following parameters:
   - id: [required] 	The ID of the group to which roles will be added.
@@ -5219,6 +5446,7 @@ await KeycloakManager.groups.addRealmRoleMappings({
 ##### `function listAvailableRealmRoleMappings(filters)`
 Retrieves all available realm-level roles that can be assigned to a specific group but are not yet assigned. 
 This helps in identifying which roles are still eligible for addition to the group.
+
 **` -- @parameters -- `**
 - filters: parameter provided as a JSON object that accepts the following parameters:
   - id: [required] The ID of the group you want to inspect.
@@ -5238,6 +5466,7 @@ console.log('Available realm roles for group:', availableRoles);
 ##### `function listRoleMappings(filters)`
 Retrieves all role mappings for a specific group, including both realm roles and client roles. 
 This method is useful for understanding the complete set of roles that are assigned to a group.
+
 **` -- @parameters -- `**
 - filters: parameter provided as a JSON object that accepts the following parameters:
   - id: [required] The ID of the group whose roles to fetch
@@ -5260,6 +5489,7 @@ console.log('Client roles:', roleMappings.clientMappings);
 ##### `function listRealmRoleMappings(filters)`
 Returns the list of realm-level roles that are directly assigned to a specific group. 
 These roles are defined at the realm level and are not tied to any specific client.
+
 **` -- @parameters -- `**
 - filters: parameter provided as a JSON object that accepts the following parameters:
   - id: [required] TThe ID of the group to retrieve roles for
@@ -5279,6 +5509,7 @@ console.log('Realm roles assigned to group:', realmRoles.map(role => role.name))
 ##### `function listCompositeRealmRoleMappings(filters)`
 Retrieves all composite realm-level roles assigned to a group.
 This includes both directly assigned roles and those inherited through composite roles.
+
 **` -- @parameters -- `**
 - filters: parameter provided as a JSON object that accepts the following parameters:
   - id: [required] TThe ID of the group to retrieve roles for
@@ -5299,6 +5530,7 @@ console.log('All (composite) realm roles for group:', compositeRealmRoles.map(ro
 Removes one or more realm-level roles from a group's role mappings. 
 This operation only affects roles that are directly assigned.
 Composite roles inherited indirectly will not be removed.
+
 **` -- @parameters -- `**
 - filters: parameter provided as a JSON object that accepts the following parameters:
   - id: [required] TThe ID of the group to retrieve roles for
@@ -5321,6 +5553,7 @@ await KeycloakManager.groups.delRealmRoleMappings({
 ##### `function addClientRoleMappings(filters)`
 Assigns one or more client-level roles to a specific group. 
 This allows all users belonging to that group to inherit the specified roles for a given client.
+
 **` -- @parameters -- `**
 - filters: parameter provided as a JSON object that accepts the following parameters:
   - id: [required] The ID of the group
@@ -5345,6 +5578,7 @@ await KeycloakManager.groups.addClientRoleMappings({
 ##### `function listAvailableClientRoleMappings(filters)`
 Retrieves the list of client roles that are available to be assigned to a specific group but are not currently mapped. 
 This is useful when you want to show assignable roles for a group in a specific client context.
+
 **` -- @parameters -- `**
 - filters: parameter provided as a JSON object that accepts the following parameters:
   - id: [required] The ID of the group
@@ -5364,6 +5598,7 @@ console.log('Available roles:', availableRoles);
 ##### `function listClientRoleMappings(filters)`
 Retrieves the list of client roles that are currently assigned (mapped) to a specific group for a given client. 
 This allows you to see which roles from a client the group already has.
+
 **` -- @parameters -- `**
 - filters: parameter provided as a JSON object that accepts the following parameters:
   - id: [required] The ID of the group
@@ -5383,6 +5618,7 @@ console.log('Assigned client roles:', availableRoles);
 ##### `function listCompositeClientRoleMappings(filters)`
 Retrieves the list of composite client roles assigned to a specific group. 
 Composite roles are roles that aggregate other roles, so this method returns client roles that include one or more roles grouped under a composite role assigned to the group.
+
 **` -- @parameters -- `**
 - filters: parameter provided as a JSON object that accepts the following parameters:
   - id: [required] The ID of the group
@@ -5402,6 +5638,7 @@ console.log('Composite client roles assigned to group:', compositeClientRoles);
 ##### `function delClientRoleMappings(filters)`
 Removes specific client role mappings from a group. 
 This function deletes one or more client roles that were assigned to the group, effectively revoking those client roles from the group.
+
 **` -- @parameters -- `**
 - filters: parameter provided as a JSON object that accepts the following parameters:
   - id: [required] The ID of the group
@@ -5445,6 +5682,7 @@ allowing you to group multiple permissions into a single, higher-level role.
 A composite role can include roles from the same realm as well
 as roles from different clients.
 When you assign a composite role to a user, they automatically inherit all the roles it contains.
+
 **` -- @parameters -- `**
 - filters: parameter provided as a JSON object that accepts the following parameters:
     - roleId: [required] The id of the role to which composite roles will be added.
@@ -5478,6 +5716,7 @@ const KeycloakManager = require('keycloak-api-manager');
  ```
 ##### `function findOneByName(filters)`
 Get a role by name
+
 **` -- @parameters -- `**
 - filters: parameter provided as a JSON object that accepts the following parameters:
     - name (string, required) — The exact name of the role to retrieve.
@@ -5490,6 +5729,7 @@ const KeycloakManager = require('keycloak-api-manager');
 
 ##### `function findOneById(filters)`
 Get a role by its Id
+
 **` -- @parameters -- `**
 - filters: parameter provided as a JSON object that accepts the following parameters:
     - Id (string, required) — The Id of the role to retrieve.
@@ -5502,6 +5742,7 @@ const KeycloakManager = require('keycloak-api-manager');
 
 ##### `function updateByName(filters,role_dictionary)`
 Update a role by its name
+
 **` -- @parameters -- `**
 - filters: parameter provided as a JSON object that accepts the following parameters:
     - name (string, required) — The exact name of the role to retrieve.
@@ -5515,6 +5756,7 @@ const KeycloakManager = require('keycloak-api-manager');
 
 ##### `function updateById(filters,role_dictionary)`
 Update a role by its Id
+
 **` -- @parameters -- `**
 - filters: parameter provided as a JSON object that accepts the following parameters:
     - name (string, required) — The exact name of the role to retrieve.
@@ -5528,6 +5770,7 @@ const KeycloakManager = require('keycloak-api-manager');
 
 ##### `function delByName(filters)`
 Delete a role by its name
+
 **` -- @parameters -- `**
 - filters: parameter provided as a JSON object that accepts the following parameters:
     - name (string, required) — The exact name of the role to retrieve.
@@ -5570,6 +5813,7 @@ that have been added to the composite role. It requires the roleId of the target
 parameter and returns an array of RoleRepresentation objects. If the role is not composite
 or has no associated realm roles, the result will be an empty array. This method is useful
 for understanding and managing hierarchical role structures within a realm in Keycloak.
+
 **` -- @parameters -- `**
 - filters: parameter provided as a JSON object that accepts the following parameters:
     - roleId: (string, required) — The Id of the role to retrieve.
@@ -5589,6 +5833,7 @@ are part of the composite role. It requires the roleId of the composite role
 and the clientId of the client whose roles you want to retrieve. The function returns an array of
 RoleRepresentation objects representing the client roles included in the composite.
 This helps manage and inspect client-specific role hierarchies within the composite role structure in Keycloak.
+
 **` -- @parameters -- `**
 - filters: parameter provided as a JSON object that accepts the following parameters:
     - roleId: (string, required) — The Id of the role to retrieve

package/index.js

@@ -96,7 +96,7 @@ exports.setConfig=function(configToOverride){
 }
 //TODO: Remove da documentare
 // restituisce il token utilizzato dalla libreria per comunicare con la keycloak API
-exports.getToken=function(configToOverride){
+exports.getToken=function(){
         return({
                 accessToken:kcAdminClient.accessToken,
                 refreshToken:kcAdminClient.refreshToken,
@@ -113,9 +113,6 @@ exports.auth=async function(credentials){
                 headers: {'content-type': 'application/www-form-urlencoded', 'Authorization': "Bearer " + kcAdminClient.accessToken },
                 form: credentials
         }
-
-
-
         return new Promise((resolve, reject) => {
                 request.post(options, function (error, response, body) {
                         if (error) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "keycloak-api-manager",
-  "version": "3.0.0",
+  "version": "3.2.0",
   "description": "Keycloak-api-manager is a lightweight Node.js wrapper for the Keycloak Admin REST API. It provides an easy-to-use functional methods and functions to manage realms, users, roles, clients, groups, and permissions directly from your application code — just like you would from the Keycloak admin console.",
   "main": "index.js",
   "scripts": {