keycloak-api-manager 3.2.0 → 3.2.1

package/.mocharc.json

@@ -0,0 +1,7 @@
+{
+  "require": ["test/mocha.env.js"],
+  "timeout": 15000,
+  "spec": "test/**/*.test.js",
+  "reporter": "spec",
+  "parallel": false
+}

package/Handlers/authenticationManagementHandler.js

@@ -218,7 +218,7 @@ exports.updateRequiredAction=function(filter,actionRepresentation){
  * @parameters:
  * - filter: parameter provided as a JSON object that accepts the following filter:
  *     - alias: [required] The alias (providerId) of the required action to update.
- * - actionRepresentation: The configuration object to update.
+ * - actionConfigRepresentation: The configuration object to update.
  */
 exports.updateRequiredActionConfig=function(filter, actionConfigRepresentation){
  return (kcAdminClientHandler.authenticationManagement.updateRequiredActionConfig(filter,actionConfigRepresentation));

package/Handlers/clientScopesHandler.js

@@ -20,8 +20,8 @@ exports.setKcAdminClient=function(kcAdminClient){
  * A client scope defines a set of protocol mappers and roles that can be applied to clients,
  * such as during login or token generation.
  */
-exports.create=function(scopeRappresentation){
- return (kcAdminClientHandler.clientScopes.create(scopeRappresentation ));
+exports.create=function(scopeRepresentation){
+ return (kcAdminClientHandler.clientScopes.create(scopeRepresentation ));
 }
 
 
@@ -35,13 +35,13 @@ exports.create=function(scopeRappresentation){
  * - filter: parameter provided as a JSON object that accepts the following filter:
  *     - id: [required] The unique ID of the client scope to update.
  *     - realm: [optional] The realm where the client scope exists.
- * - scopeRappresentation: The updated client scope object.
+ * - scopeRepresentation: The updated client scope object.
  *     - name: [optional] The name of the scope
  *     - description: [optional] The scope description
  *     - {other scope fields}
  */
-exports.update=function(filter,scopeRappresentation){
- return (kcAdminClientHandler.clientScopes.update(filter,scopeRappresentation ));
+exports.update=function(filter,scopeRepresentation){
+ return (kcAdminClientHandler.clientScopes.update(filter,scopeRepresentation ));
 }
 
 

package/Handlers/clientsHandler.js

@@ -195,7 +195,7 @@ exports.getClientSecret=function(filter){
  *      - id: [required] The internal ID of the client (not clientId)
  */
 exports.generateNewClientSecret=function(filter){
- return (kcAdminClientHandler.clients.creatgenerateNewClientSecrete(filter));
+ return (kcAdminClientHandler.clients.generateNewClientSecret(filter));
 }
 
 

package/Handlers/componentsHandler.js

@@ -60,8 +60,8 @@ exports.create=function(componentRepresentation){
  *          - bindCredential: ["secret"],
  *          - usersDn: ["ou=users,dc=example,dc=com"]
  */
-exports.update=function(filters, componentRepresentation){
- return (kcAdminClientHandler.components.update(filters, componentRepresentation));
+exports.update=function(filter, componentRepresentation){
+ return (kcAdminClientHandler.components.update(filter, componentRepresentation));
 }
 
 

package/Handlers/groupsHandler.js

@@ -25,8 +25,8 @@ exports.setKcAdminClient=function(kcAdminClient){
  *     - description: [optional] the new group Description
  *     - {other [optional] group description fields}
  */
-exports.create=function(groupRappresentation){
- return (kcAdminClientHandler.groups.create(groupRappresentation));
+exports.create=function(groupRepresentation){
+ return (kcAdminClientHandler.groups.create(groupRepresentation));
 }
 
 

package/Handlers/identityProvidersHandler.js

@@ -18,7 +18,7 @@ exports.setKcAdminClient=function(kcAdminClient){
  * or another SAML/OIDC provider.
  * This method requires specifying an alias, the provider type, and configuration settings such as client ID, client secret, and any other provider-specific options.
  * @parameters:
- * - identityProvidersRappresentation: parameter provided as a JSON object containing the configuration of the Identity Provider
+ * - identityProvidersRepresentation: parameter provided as a JSON object containing the configuration of the Identity Provider
  *      - alias: [required] Unique name for the IdP within the realm.
  *      - providerId: [required] Type of provider (google, facebook, oidc, saml, etc.).
  *      - enabled: [optional] Whether the IdP is enabled. Default is true.
@@ -29,8 +29,8 @@ exports.setKcAdminClient=function(kcAdminClient){
  *      - firstBrokerLoginFlowAlias: [optional] Flow to use on first login.
  *      - config : [optional] Provider-specific configuration, e.g., client ID, client secret, endpoints, etc.
  */
-exports.create=function(identityProvidersRappresentation){
- return (kcAdminClientHandler.identityProviders.create(identityProvidersRappresentation));
+exports.create=function(identityProvidersRepresentation){
+ return (kcAdminClientHandler.identityProviders.create(identityProvidersRepresentation));
 }
 
 /**

package/README.md

@@ -95,7 +95,7 @@ const express = require('express');
 // Initialize the manager with Keycloak credentials
 await KeycloakManager.configure({
     baseUrl: 'http://localhost:8080',   // Keycloak base URL
-    realm: 'master',                    // Realm where the admin user belongs
+    realmName: 'master',                // Realm where the admin user belongs (alias: realm)
     clientId: 'admin-cli',              // Keycloak admin client
     username: 'admin',                  // Admin username
     password: 'admin',                  // Admin password
@@ -165,7 +165,7 @@ const KeycloakManager = require('keycloak-api-manager');
 // Initialize the manager with Keycloak credentials
 await KeycloakManager.configure({
     baseUrl: 'http://localhost:8080',   // Keycloak base URL
-    realm: 'master',                    // Realm where the admin user belongs
+    realmName: 'master',                // Realm where the admin user belongs (alias: realm)
     clientId: 'admin-cli',              // Keycloak admin client
     username: 'admin',                  // Admin username
     password: 'admin',                  // Admin password
@@ -186,7 +186,8 @@ Parameters:
   exposed by this adapter, so any attempt to call KeycloakManager.{function} will result in a runtime error due to access on an undefined object
   Main supported options:
   - baseUrl: [required] Keycloak base Url
-  - realmName: [required] A String that specifies the realm to authenticate against, if different from the "keyCloakConfig.realm" parameter.  If you intend to use Keycloak administrator credentials, this should be set to 'master'.
+    - realmName: [required] A String that specifies the realm to authenticate against, if different from the "keyCloakConfig.realm" parameter.  If you intend to use Keycloak administrator credentials, this should be set to 'master'.
+    - realm: [optional] Alias of realmName for backward compatibility.
   - grantType: [required] The OAuth2 grant type used for authentication. example "password". Possible values: 'password', 'client_credentials', 'refresh_token', etc.
   - clientId: [required] string containing the client ID configured in Keycloak. Required for all grant types.
   - tokenLifeSpan: [required] Numeric Lifetime of an access token expressed in seconds. It indicates how often the access token should be renewed. If set incorrectly and the Keycloak token expires before the renewal interval defined by this parameter, errors and exceptions may occur
@@ -412,7 +413,7 @@ It’s useful for incremental updates or merging configuration pieces.
 **` -- @parameters -- `**
 - configuration: is a JSON object that accepts filter parameters
   - realm:[required] The name of the realm where the data should be imported.
-  - representation:[required] A JSON object representing part of the realm configuration to be imported(can include users, roles, groups, clients, etc.).
+  - rep:[required] A JSON object representing part of the realm configuration to be imported(can include users, roles, groups, clients, etc.).
     - ifResourceExists:[required] Defines the behavior when an imported resource already exists in the target realm.
         Options are:
       - 'FAIL' – the operation fails if a resource already exists.
@@ -1950,7 +1951,10 @@ Creates a new client with the provided configuration
 ```js
 const KeycloakManager = require('keycloak-api-manager');
  // create a client called my-client
- const client= await KeycloakManager.clients.create({name: "my-client", id:"client-id"});
+ const client= await KeycloakManager.clients.create({
+    name: "my-client",
+    clientId:"client-id"
+ });
 console.log("New Client Created:", client);
  ```
 
@@ -2333,7 +2337,7 @@ Default client scopes are automatically assigned to a client during token reques
 
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
-    - id: [required] The client ID of the client whose default client scopes you want to list.
+    - id: [required] The internal ID of the client whose default client scopes you want to list.
 
 ```js
 const KeycloakManager = require('keycloak-api-manager');
@@ -2353,7 +2357,7 @@ Optional scopes are those that a client can request explicitly but are not autom
 
 **` -- @parameters -- `**
 - filter: JSON structure that defines the filter parameters:
-    - id: [required] The client ID of the client whose optional client scopes you want to list.
+    - id: [required] The internal ID of the client whose optional client scopes you want to list.
 
 ```js
 const KeycloakManager = require('keycloak-api-manager');
@@ -4038,7 +4042,7 @@ Client scopes are reusable sets of protocol mappers and role scope mappings whic
 can be assigned to clients to define what information about the user is included in tokens and what roles are available.
 
 #### `entity clientScopes functions`
-##### `function create(scopeRappresentation)`
+##### `function create(scopeRepresentation)`
 method is used to create a new client scope in a Keycloak realm.
 A client scope defines a set of protocol mappers and roles that can be applied to clients,
 such as during login or token generation.
@@ -4053,7 +4057,7 @@ const KeycloakManager = require('keycloak-api-manager');
  ```
 
 
-##### `function update(filter,scopeRappresentation)`
+##### `function update(filter,scopeRepresentation)`
 The method updates the configuration of an existing client scope in a realm.
 You can modify properties such as the scope’s name, description, attributes, or protocol mappers.
 
@@ -4061,7 +4065,7 @@ You can modify properties such as the scope’s name, description, attributes, o
 - filter: parameter provided as a JSON object that accepts the following filter:
     - id: [required] The unique ID of the client scope to update.
     - realm: [optional] The realm where the client scope exists. 
-- scopeRappresentation: The updated client scope object. for example:
+- scopeRepresentation: The updated client scope object. for example:
   - name: [optional] The name of the scope
   - description: [optional] The scope description
   - other scope fields....
@@ -4890,14 +4894,14 @@ These are providers like Google, Facebook, GitHub, SAML, OIDC, etc.
 
 #### `entity identityProviders functions`
 
-##### `function identityProviders.create(identityProvidersRappresentation)`
+##### `function identityProviders.create(identityProvidersRepresentation)`
 The method is used to create a new Identity Provider (IdP) in a Keycloak realm. 
 An IdP allows users to authenticate via external providers such as Google, Facebook, GitHub, 
 or another SAML/OIDC provider. 
 This method requires specifying an alias, the provider type, and configuration settings such as client ID, client secret, and any other provider-specific options.
 
 **` -- @parameters -- `**
-- identityProvidersRappresentation: parameter provided as a JSON object containing the configuration of the Identity Provider
+- identityProvidersRepresentation: parameter provided as a JSON object containing the configuration of the Identity Provider
     - alias: [required] Unique name for the IdP within the realm. 
     - providerId: [required] Type of provider (google, facebook, oidc, saml, etc.). 
     - enabled: [optional] Whether the IdP is enabled. Default is true. 
@@ -5280,7 +5284,7 @@ Groups are collections of users and can have roles and attributes assigned to th
 Groups help organize users and assign permissions in a scalable way
 
 #### `entity groups functions`
-##### `function create(groupRappresentation)`
+##### `function create(groupRepresentation)`
 Create a new group in the current realme
 
 **` -- @parameters -- `**
@@ -5732,7 +5736,7 @@ Get a role by its Id
 
 **` -- @parameters -- `**
 - filters: parameter provided as a JSON object that accepts the following parameters:
-    - Id (string, required) — The Id of the role to retrieve.
+    - id (string, required) — The id of the role to retrieve.
     - realm (string, optional if set globally) — The realm where the role is defined.
 ```js
 const KeycloakManager = require('keycloak-api-manager');
@@ -5759,7 +5763,7 @@ Update a role by its Id
 
 **` -- @parameters -- `**
 - filters: parameter provided as a JSON object that accepts the following parameters:
-    - name (string, required) — The exact name of the role to retrieve.
+    - id (string, required) — The id of the role to retrieve.
     - realm (string, optional if set globally) — The realm where the role is defined.
 - role_dictionary: A JSON object representing a role dictionary as defined in Keycloak
 ```js
@@ -6289,7 +6293,7 @@ This allows you to modify settings such as OTP policies, password requirements,
 **` -- @parameters -- `**
 - filter: parameter provided as a JSON object that accepts the following filter:
     - alias: [required] The alias (providerId) of the required action to update.
-- actionRepresentation: The configuration object to update. 
+- actionConfigRepresentation: The configuration object to update. 
   
   
 ```js

package/docker-compose.yml

@@ -0,0 +1,27 @@
+version: '3.8'
+
+services:
+  keycloak:
+    image: keycloak/keycloak:latest
+    container_name: keycloak-test
+    ports:
+      - "8080:8080"
+    environment:
+      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_ADMIN_PASSWORD: admin
+      KC_DB: dev-mem
+      KC_METRICS_ENABLED: 'false'
+      KC_HEALTH_ENABLED: 'true'
+    command:
+      - start-dev
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8080/health/ready"]
+      interval: 5s
+      timeout: 5s
+      retries: 12
+    networks:
+      - keycloak-network
+
+networks:
+  keycloak-network:
+    driver: bridge

package/index.mjs

@@ -0,0 +1,21 @@
+/**
+ * ESM wrapper for keycloak-api-manager
+ * This file provides ES Module support while the core is still CommonJS
+ */
+
+import { createRequire } from 'module';
+import { fileURLToPath } from 'url';
+import path from 'path';
+
+const require = createRequire(import.meta.url);
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+const keycloakApiManager = require('./index.js');
+
+export const configure = keycloakApiManager.configure;
+export const setConfig = keycloakApiManager.setConfig;
+export const getToken = keycloakApiManager.getToken;
+export const auth = keycloakApiManager.auth;
+
+export default keycloakApiManager;

package/package.json

@@ -1,10 +1,17 @@
 {
   "name": "keycloak-api-manager",
-  "version": "3.2.0",
+  "version": "3.2.1",
   "description": "Keycloak-api-manager is a lightweight Node.js wrapper for the Keycloak Admin REST API. It provides an easy-to-use functional methods and functions to manage realms, users, roles, clients, groups, and permissions directly from your application code — just like you would from the Keycloak admin console.",
   "main": "index.js",
+  "exports": {
+    ".": {
+      "import": "./index.mjs",
+      "require": "./index.js"
+    }
+  },
   "scripts": {
-    "test": "mocha"
+    "test": "mocha",
+    "test:watch": "mocha --watch --watch-extensions js"
   },
   "dependencies": {
     "@keycloak/keycloak-admin-client": "^26.3.2",
@@ -23,6 +30,11 @@
     "serve-favicon": "^2.5.0",
     "underscore": "^1.13.7"
   },
+  "devDependencies": {
+    "chai": "^4.3.10",
+    "mocha": "^10.2.0",
+    "dockerode": "^4.0.2"
+  },
   "keywords": [
     "keycloak",
     "user",

package/test/authenticationManagement.test.js

@@ -0,0 +1,329 @@
+const { expect } = require('chai');
+const { getAdminClient } = require('./config');
+
+describe('Authentication Management Handler', function () {
+  this.timeout(20000);
+  let client;
+  let testFlowId;
+  let testFlowAlias;
+  let testExecutionId;
+  let testRequiredActionAlias;
+
+  before(function () {
+    client = getAdminClient();
+    testFlowAlias = `test-flow-${Date.now()}`;
+  });
+
+  // ==================== AUTHENTICATION FLOWS ====================
+  describe('Authentication Flows', function () {
+    describe('getFlows', function () {
+      it('should list all authentication flows', async function () {
+        const flows = await client.authenticationManagement.getFlows({
+          realm: 'test-realm',
+        });
+
+        expect(flows).to.be.an('array');
+        expect(flows.length).to.be.greaterThan(0);
+      });
+    });
+
+    describe('createFlow', function () {
+      it('should create an authentication flow', async function () {
+        const flowRep = {
+          alias: testFlowAlias,
+          description: 'Test Flow Description',
+          flowType: 'basic-flow',
+          builtIn: false,
+        };
+
+        const result = await client.authenticationManagement.createFlow(
+          { realm: 'test-realm' },
+          flowRep
+        );
+
+        expect(result).to.have.property('id');
+        testFlowId = result.id;
+      });
+    });
+
+    describe('getFlow', function () {
+      it('should retrieve a specific flow', async function () {
+        if (testFlowId) {
+          const flow = await client.authenticationManagement.getFlow({
+            realm: 'test-realm',
+            id: testFlowId,
+          });
+
+          expect(flow).to.exist;
+          expect(flow.id).to.equal(testFlowId);
+        }
+      });
+    });
+
+    describe('updateFlow', function () {
+      it('should update flow configuration', async function () {
+        if (testFlowId) {
+          const updateRep = {
+            description: 'Updated Description',
+          };
+
+          await client.authenticationManagement.updateFlow(
+            { realm: 'test-realm', id: testFlowId },
+            updateRep
+          );
+
+          const updated = await client.authenticationManagement.getFlow({
+            realm: 'test-realm',
+            id: testFlowId,
+          });
+
+          expect(updated.description).to.equal('Updated Description');
+        }
+      });
+    });
+
+    describe('copyFlow', function () {
+      it('should copy an authentication flow', async function () {
+        if (testFlowId) {
+          try {
+            const flowCopy = await client.authenticationManagement.copyFlow(
+              { realm: 'test-realm', id: testFlowId },
+              { newName: `copied-${testFlowAlias}` }
+            );
+
+            expect(flowCopy).to.exist;
+          } catch (err) {
+            // Copy might not be supported in all versions
+          }
+        }
+      });
+    });
+  });
+
+  // ==================== FLOW EXECUTIONS ====================
+  describe('Flow Executions', function () {
+    describe('getExecutions', function () {
+      it('should retrieve flow executions', async function () {
+        if (testFlowId) {
+          const executions = await client.authenticationManagement.getExecutions({
+            realm: 'test-realm',
+            flowAlias: testFlowAlias,
+          });
+
+          expect(executions).to.be.an('array');
+        }
+      });
+    });
+
+    describe('addExecutionToFlow', function () {
+      it('should add an execution to a flow', async function () {
+        if (testFlowId) {
+          try {
+            const execution = await client.authenticationManagement.addExecutionToFlow(
+              { realm: 'test-realm', flowAlias: testFlowAlias },
+              { provider: 'auth-cookie' }
+            );
+
+            expect(execution).to.exist;
+            testExecutionId = execution.id;
+          } catch (err) {
+            // Execution might not be allowed
+          }
+        }
+      });
+    });
+
+    describe('updateExecution', function () {
+      it('should update an execution', async function () {
+        if (testExecutionId && testFlowAlias) {
+          try {
+            const updateRep = {
+              requirement: 'CONDITIONAL',
+            };
+
+            await client.authenticationManagement.updateExecution(
+              { realm: 'test-realm', flowAlias: testFlowAlias },
+              updateRep
+            );
+
+            // Verify no error thrown
+          } catch (err) {
+            // Update might fail for some providers
+          }
+        }
+      });
+    });
+
+    describe('raisePriorityExecution', function () {
+      it('should raise execution priority', async function () {
+        if (testExecutionId && testFlowAlias) {
+          try {
+            await client.authenticationManagement.raisePriorityExecution({
+              realm: 'test-realm',
+              flowAlias: testFlowAlias,
+              executionId: testExecutionId,
+            });
+
+            // Verify no error thrown
+          } catch (err) {
+            // Priority adjust might not be supported
+          }
+        }
+      });
+    });
+
+    describe('lowerPriorityExecution', function () {
+      it('should lower execution priority', async function () {
+        if (testExecutionId && testFlowAlias) {
+          try {
+            await client.authenticationManagement.lowerPriorityExecution({
+              realm: 'test-realm',
+              flowAlias: testFlowAlias,
+              executionId: testExecutionId,
+            });
+
+            // Verify no error thrown
+          } catch (err) {
+            // Priority adjust might not be supported
+          }
+        }
+      });
+    });
+  });
+
+  // ==================== REQUIRED ACTIONS ====================
+  describe('Required Actions', function () {
+    describe('getRequiredActions', function () {
+      it('should list all required actions', async function () {
+        const actions = await client.authenticationManagement.getRequiredActions();
+
+        expect(actions).to.be.an('array');
+        expect(actions.length).to.be.greaterThan(0);
+      });
+    });
+
+    describe('getUnregisteredRequiredActions', function () {
+      it('should list unregistered required actions', async function () {
+        const unregistered = await client.authenticationManagement.getUnregisteredRequiredActions();
+
+        expect(unregistered).to.be.an('array');
+      });
+    });
+
+    describe('getRequiredActionForAlias', function () {
+      it('should retrieve a required action by alias', async function () {
+        const actions = await client.authenticationManagement.getRequiredActions();
+        if (actions.length > 0) {
+          const action = await client.authenticationManagement.getRequiredActionForAlias({
+            alias: actions[0].alias,
+          });
+
+          expect(action).to.exist;
+          testRequiredActionAlias = action.alias;
+        }
+      });
+    });
+
+    describe('updateRequiredAction', function () {
+      it('should update a required action', async function () {
+        if (testRequiredActionAlias) {
+          try {
+            const updateRep = {
+              enabled: true,
+            };
+
+            await client.authenticationManagement.updateRequiredAction(
+              { alias: testRequiredActionAlias },
+              updateRep
+            );
+
+            // Verify no error thrown
+          } catch (err) {
+            // Update might not be allowed
+          }
+        }
+      });
+    });
+
+    describe('raiseRequiredActionPriority', function () {
+      it('should raise required action priority', async function () {
+        if (testRequiredActionAlias) {
+          try {
+            await client.authenticationManagement.raiseRequiredActionPriority({
+              alias: testRequiredActionAlias,
+            });
+
+            // Verify no error thrown
+          } catch (err) {
+            // Priority adjust might not be supported
+          }
+        }
+      });
+    });
+
+    describe('lowerRequiredActionPriority', function () {
+      it('should lower required action priority', async function () {
+        if (testRequiredActionAlias) {
+          try {
+            await client.authenticationManagement.lowerRequiredActionPriority({
+              alias: testRequiredActionAlias,
+            });
+
+            // Verify no error thrown
+          } catch (err) {
+            // Priority adjust might not be supported
+          }
+        }
+      });
+    });
+  });
+
+  // ==================== PROVIDER INFORMATION ====================
+  describe('Authenticator Providers', function () {
+    describe('getAuthenticatorProviders', function () {
+      it('should retrieve authenticator providers', async function () {
+        const providers = await client.authenticationManagement.getAuthenticatorProviders();
+
+        expect(providers).to.be.an('array');
+      });
+    });
+
+    describe('getClientAuthenticatorProviders', function () {
+      it('should retrieve client authenticator providers', async function () {
+        const providers = await client.authenticationManagement.getClientAuthenticatorProviders();
+
+        expect(providers).to.be.an('array');
+      });
+    });
+
+    describe('getFormProviders', function () {
+      it('should retrieve form providers', async function () {
+        const providers = await client.authenticationManagement.getFormProviders();
+
+        expect(providers).to.be.an('array');
+      });
+    });
+
+    describe('getFormActionProviders', function () {
+      it('should retrieve form action providers', async function () {
+        const providers = await client.authenticationManagement.getFormActionProviders();
+
+        expect(providers).to.be.an('array');
+      });
+    });
+  });
+
+  // ==================== CLEANUP ====================
+  after(async function () {
+    try {
+      if (testFlowId) {
+        await client.authenticationManagement.deleteFlow({
+          realm: 'test-realm',
+          id: testFlowId,
+        });
+      }
+    } catch (err) {
+      console.error('Cleanup error:', err.message);
+    }
+  });
+});