keycloak-api-manager 3.2.1 → 4.0.1

package/.env.example

@@ -0,0 +1,27 @@
+# Keycloak Container Configuration
+# This file is auto-generated by setup-keycloak.js script
+# 
+# For manual setup:
+# 1. Copy this file to .env
+# 2. Update the values as needed
+# 3. Run: docker-compose config
+# 4. Run: docker-compose up -d
+
+# HTTPS Configuration (true/false)
+KEYCLOAK_HTTPS=false
+
+# Certificate directory (only needed if KEYCLOAK_HTTPS=true)
+KEYCLOAK_CERT_PATH=./certs
+
+# Scheme (http or https)
+KEYCLOAK_SCHEME=http
+
+# Hostname (localhost for local, full hostname for remote)
+KEYCLOAK_HOSTNAME=localhost
+
+# HTTPS port (only used if KEYCLOAK_HTTPS=true)
+KEYCLOAK_HTTPS_PORT=8443
+
+# Certificate file names (in KEYCLOAK_CERT_PATH)
+KEYCLOAK_CERT_FILE=keycloak.crt
+KEYCLOAK_KEY_FILE=keycloak.key

package/Handlers/clientsHandler.js

@@ -11,6 +11,52 @@ exports.setKcAdminClient=function(kcAdminClient){
  kcAdminClientHandler=kcAdminClient;
 }
 
+/**
+ * Helper function to make direct HTTP calls to Keycloak Admin API.
+ * Used when @keycloak/keycloak-admin-client has bugs or inconsistencies.
+ * 
+ * @param {string} path - API path relative to baseUrl (e.g., '/admin/realms/...')
+ * @param {string} method - HTTP method (GET, POST, PUT, DELETE)
+ * @param {Object} body - Request body for POST/PUT requests
+ * @returns {Promise<any>} Response data from Keycloak
+ */
+async function directKeycloakApiCall(path, method = 'GET', body = null) {
+ const config = kcAdminClientHandler.baseUrl ? 
+  { baseUrl: kcAdminClientHandler.baseUrl, realmName: kcAdminClientHandler.realmName } :
+  kcAdminClientHandler.getConfig();
+  
+ const url = `${config.baseUrl}${path}`;
+ const token = kcAdminClientHandler.accessToken;
+ 
+ const options = {
+  method,
+  headers: {
+   'Authorization': `Bearer ${token}`,
+   'Content-Type': 'application/json',
+   'Accept': 'application/json'
+  }
+ };
+ 
+ if (body && (method === 'POST' || method === 'PUT')) {
+  options.body = JSON.stringify(body);
+ }
+ 
+ const response = await fetch(url, options);
+ 
+ if (!response.ok) {
+  const errorText = await response.text();
+  throw new Error(`HTTP ${response.status}: ${errorText}`);
+ }
+ 
+ const contentType = response.headers.get('content-type');
+ if (contentType && contentType.includes('application/json')) {
+  return await response.json();
+ }
+ 
+ return await response.text();
+}
+
+
 
 /**
  * ***************************** - CREATE - *******************************
@@ -239,8 +285,19 @@ exports.invalidateSecret=function(filter){
  *      - id: [required] The internal ID of the client (not clientId)
  *
  */
-exports.getInstallationProviders=function(filter){
- return (kcAdminClientHandler.clients.getInstallationProviders(filter));
+exports.getInstallationProviders=async function(filter){
+ try {
+  const token = kcAdminClientHandler.accessToken;
+  const realmName = kcAdminClientHandler.realmName;
+  const path = `/admin/realms/${realmName}/clients/${filter.id}/installation/providers`;
+  const { makeRequest } = require('./httpApiHelper');
+  return await makeRequest(token, 'GET', path);
+ } catch (err) {
+  if (kcAdminClientHandler.clients && kcAdminClientHandler.clients.getInstallationProviders) {
+   return kcAdminClientHandler.clients.getInstallationProviders(filter);
+  }
+  throw err;
+ }
 }
 
 
@@ -254,8 +311,19 @@ exports.getInstallationProviders=function(filter){
  * - filter: JSON structure that defines the filter parameters:
  *      - id: [required] The ID of the client (resource server) for which to list available policy providers.
  */
-exports.listPolicyProviders=function(filter){
- return (kcAdminClientHandler.clients.listPolicyProviders(filter));
+exports.listPolicyProviders=async function(filter){
+ try {
+  const token = kcAdminClientHandler.accessToken;
+  const realmName = kcAdminClientHandler.realmName;
+  const path = `/admin/realms/${realmName}/clients/${filter.id}/authz/resource-server/policy-providers`;
+  const { makeRequest } = require('./httpApiHelper');
+  return await makeRequest(token, 'GET', path);
+ } catch (err) {
+  if (kcAdminClientHandler.clients && kcAdminClientHandler.clients.listPolicyProviders) {
+   return kcAdminClientHandler.clients.listPolicyProviders(filter);
+  }
+  throw err;
+ }
 }
 
 
@@ -415,8 +483,9 @@ exports.listAvailableClientScopeMappings=function(filter){
  *           - name: [required] The role name
  *           - {other RoleRepresentation fields}
  */
-exports.addClientScopeMappings=function(filter){
- return (kcAdminClientHandler.clients.addClientScopeMappings(filter));
+exports.addClientScopeMappings=function(filter,roles){
+ const payload = roles || (filter && filter.roles);
+ return (kcAdminClientHandler.clients.addClientScopeMappings(filter,payload));
 }
 
 
@@ -462,8 +531,9 @@ exports.listCompositeClientScopeMappings=function(filter){
  *           - name: [required] The role name
  *           - {other RoleRepresentation fields}
  */
-exports.delClientScopeMappings=function(filter){
- return (kcAdminClientHandler.clients.delClientScopeMappings(filter));
+exports.delClientScopeMappings=function(filter,roles){
+ const payload = roles || (filter && filter.roles);
+ return (kcAdminClientHandler.clients.delClientScopeMappings(filter,payload));
 }
 
 
@@ -585,12 +655,28 @@ exports.listOfflineSessions=function(filter){
  * ***************************** - getSessionCount - *******************************
  * The method retrieves the number of active user sessions for a given client.
  * This includes online sessions, not offline sessions (those are retrieved with listOfflineSessions).
+ * 
  * @parameters:
  * - filter: JSON structure that defines the filter parameters:
  *     - id: [required] The client ID whose session must be retrieved
+ * 
+ * @returns {Promise<number>} A number representing the count of active sessions
+ * 
+ * @note The return value is automatically normalized to a number. In some Keycloak versions, 
+ * the API may return an object with a `count` property, but this method handles that internally 
+ * and always returns the numeric count directly.
  */
 exports.getSessionCount=function(filter){
- return (kcAdminClientHandler.clients.getSessionCount(filter));
+ return kcAdminClientHandler.clients.getSessionCount(filter)
+	.then((result) => {
+	 if (typeof result === 'number') {
+		return result;
+	 }
+	 if (result && typeof result.count === 'number') {
+		return result.count;
+	 }
+	 return result;
+	});
 }
 
 
@@ -602,12 +688,28 @@ exports.getSessionCount=function(filter){
  * The method retrieves the number of offline sessions associated with a given client.
  * Offline sessions represent sessions where the user has a valid offline token, typically used for long-lived access
  * without requiring active login.
+ * 
  * @parameters:
  * - filter: JSON structure that defines the filter parameters:
  *     - id: [required] The ID of the client for which you want to count offline sessions.
+ * 
+ * @returns {Promise<number>} A number representing the count of offline sessions
+ * 
+ * @note The return value is automatically normalized to a number. In some Keycloak versions, 
+ * the API may return an object with a `count` property, but this method handles that internally 
+ * and always returns the numeric count directly.
  */
 exports.getOfflineSessionCount=function(filter){
- return (kcAdminClientHandler.clients.getOfflineSessionCount(filter));
+ return kcAdminClientHandler.clients.getOfflineSessionCount(filter)
+	.then((result) => {
+	 if (typeof result === 'number') {
+		return result;
+	 }
+	 if (result && typeof result.count === 'number') {
+		return result.count;
+	 }
+	 return result;
+	});
 }
 
 
@@ -693,8 +795,20 @@ exports.generateKey=function(filter){
  *     - id: [required] The ID of the client whose key information should be retrieved
  *     - attr: [optional] The name of the client attribute to get
  */
-exports.getKeyInfo=function(filter){
- return (kcAdminClientHandler.clients.getKeyInfo(filter));
+exports.getKeyInfo=async function(filter){
+ try {
+  const token = kcAdminClientHandler.accessToken;
+  const realmName = kcAdminClientHandler.realmName;
+  const attr = filter.attr || 'jwt.credential';
+  const path = `/admin/realms/${realmName}/clients/${filter.id}/certificates/${attr}`;
+  const { makeRequest } = require('./httpApiHelper');
+  return await makeRequest(token, 'GET', path);
+ } catch (err) {
+  if (kcAdminClientHandler.clients && kcAdminClientHandler.clients.getKeyInfo) {
+   return kcAdminClientHandler.clients.getKeyInfo(filter);
+  }
+  throw err;
+ }
 }
 
 
@@ -800,13 +914,22 @@ exports.getAuthorizationScope=function(filter){
  * ***************************** - listAllResourcesByScope - *******************************
  * The method is used to retrieve all resources associated with a specific authorization scope for a given client.
  * This allows you to see which resources are governed by a particular scope in the client’s authorization settings.
+ *
  * @parameters:
  * - filter: JSON structure that defines the filter parameters:
  *      - id: [required] The ID of the client to which the scope belongs
  *      - scopeId [required] The ID of the authorization scope whose associated resources you want to list.
+ *
+ * @note This method uses a direct Keycloak Admin REST API call instead of
+ * @keycloak/keycloak-admin-client due to compatibility issues (missingNormalization)
+ * observed in some Keycloak/library combinations.
  */
-exports.listAllResourcesByScope=function(filter){
- return (kcAdminClientHandler.clients.listAllResourcesByScope(filter));
+exports.listAllResourcesByScope=async function(filter){
+	const config = kcAdminClientHandler.getConfig ? kcAdminClientHandler.getConfig() : 
+		{ realmName: kcAdminClientHandler.realmName };
+	const realm = filter.realm || config.realmName;
+	const path = `/admin/realms/${realm}/clients/${filter.id}/authz/resource-server/scope/${filter.scopeId}/resources`;
+	return await directKeycloakApiCall(path, 'GET');
 }
 
 
@@ -847,13 +970,21 @@ exports.listPermissionScope=function(filter){
  * The method is used to import a resource into a client.
  * This is part of Keycloak’s Authorization Services (UMA 2.0) and allows you to programmatically define
  * resources that a client can protect with policies and permissions.
+ *
  * @parameters:
  * - filter: JSON structure that defines the filter parameters:
  *     - id: [required] The ID of the client to which the resource should be imported
  * - resource [required]  The resource representation object. This typically includes attributes like name, uris, type, scopes, and other Keycloak resource configuration options.
+ *
+ * @note This method uses a direct Keycloak Admin REST API call to avoid response
+ * inconsistencies seen with @keycloak/keycloak-admin-client in some environments.
  */
-exports.importResource=function(filter,resource){
- return (kcAdminClientHandler.clients.importResource(filter,resource));
+exports.importResource=async function(filter,resource){
+	const config = kcAdminClientHandler.getConfig ? kcAdminClientHandler.getConfig() : 
+		{ realmName: kcAdminClientHandler.realmName };
+	const realm = filter.realm || config.realmName;
+	const path = `/admin/realms/${realm}/clients/${filter.id}/authz/resource-server/import`;
+	return await directKeycloakApiCall(path, 'POST', resource);
 }
 
 
@@ -1016,8 +1147,20 @@ exports.findPermissions=function(filter){
  * - status: JSON structure that defines the fine grain permission
  *     - enabled: [required] Whether fine-grained permissions should be enabled or disabled.
  */
-exports.updateFineGrainPermission=function(filter,status){
- return (kcAdminClientHandler.clients.updateFineGrainPermission(filter,status));
+exports.updateFineGrainPermission=async function(filter,status){
+ try {
+  const token = kcAdminClientHandler.accessToken;
+  const realmName = kcAdminClientHandler.realmName;
+  const path = `/admin/realms/${realmName}/clients/${filter.id}/management/permissions`;
+  const { makeRequest } = require('./httpApiHelper');
+  return await makeRequest(token, 'PUT', path, status);
+ } catch (err) {
+  // Fallback to library implementation if HTTP call fails
+  if (kcAdminClientHandler.clients && kcAdminClientHandler.clients.updateFineGrainPermission) {
+   return kcAdminClientHandler.clients.updateFineGrainPermission(filter,status);
+  }
+  throw err;
+ }
 }
 
 
@@ -1029,8 +1172,20 @@ exports.updateFineGrainPermission=function(filter,status){
  * - filter: JSON structure that defines the filter parameters:
  *     - id: [required] The ID of the client (the resource server) where permissions are defined
  */
-exports.listFineGrainPermissions=function(filter){
- return (kcAdminClientHandler.clients.listFineGrainPermissions(filter));
+exports.listFineGrainPermissions=async function(filter){
+ try {
+  const token = kcAdminClientHandler.accessToken;
+  const realmName = kcAdminClientHandler.realmName;
+  const path = `/admin/realms/${realmName}/clients/${filter.id}/management/permissions`;
+  const { makeRequest } = require('./httpApiHelper');
+  return await makeRequest(token, 'GET', path);
+ } catch (err) {
+  // Fallback to library implementation if HTTP call fails
+  if (kcAdminClientHandler.clients && kcAdminClientHandler.clients.listFineGrainPermissions) {
+   return kcAdminClientHandler.clients.listFineGrainPermissions(filter);
+  }
+  throw err;
+ }
 }
 
 
@@ -1083,13 +1238,22 @@ exports.getAssociatedResources=function(filter){
  * ***************************** - listScopesByResource - *******************************
  * The method is used to list all authorization scopes associated with a specific resource in a client’s resource server.
  * This allows administrators to understand which scopes are directly linked to a protected resource and therefore which permissions can be applied to it.
+ *
  * @parameters:
  * - filter: JSON structure that defines the filter parameters:
  *     - id: [required] The ID of the client (the resource server).
  *     - resourceId: [required] The ID of the resource for which to list scopes.
+ *
+ * @note This method uses a direct Keycloak Admin REST API call instead of
+ * @keycloak/keycloak-admin-client due to compatibility issues (missingNormalization)
+ * observed in some Keycloak/library combinations.
  */
-exports.listScopesByResource=function(filter){
- return (kcAdminClientHandler.clients.listScopesByResource(filter));
+exports.listScopesByResource=async function(filter){
+	const config = kcAdminClientHandler.getConfig ? kcAdminClientHandler.getConfig() : 
+		{ realmName: kcAdminClientHandler.realmName };
+	const realm = filter.realm || config.realmName;
+	const path = `/admin/realms/${realm}/clients/${filter.id}/authz/resource-server/resource/${filter.resourceId}/scopes`;
+	return await directKeycloakApiCall(path, 'GET');
 }
 
 
@@ -1263,8 +1427,19 @@ exports.evaluateListProtocolMapper=function(filter){
  *         - {others}
  *     - {others}
  */
-exports.addProtocolMapper=function(filter,protocolMapperRepresentation){
- return (kcAdminClientHandler.clients.addProtocolMapper(filter,protocolMapperRepresentation));
+exports.addProtocolMapper=async function(filter,protocolMapperRepresentation){
+ try {
+  const token = kcAdminClientHandler.accessToken;
+  const realmName = kcAdminClientHandler.realmName;
+  const path = `/admin/realms/${realmName}/clients/${filter.id}/protocol-mappers/models`;
+  const { makeRequest } = require('./httpApiHelper');
+  return await makeRequest(token, 'POST', path, protocolMapperRepresentation);
+ } catch (err) {
+  if (kcAdminClientHandler.clients && kcAdminClientHandler.clients.addProtocolMapper) {
+   return kcAdminClientHandler.clients.addProtocolMapper(filter,protocolMapperRepresentation);
+  }
+  throw err;
+ }
 }
 
 
@@ -1290,8 +1465,20 @@ exports.addProtocolMapper=function(filter,protocolMapperRepresentation){
  *          - {other}
  *    - {other}
  */
-exports.updateProtocolMapper=function(filter,protocolMapperRepresentation){
- return (kcAdminClientHandler.clients.updateProtocolMapper(filter,protocolMapperRepresentation));
+exports.updateProtocolMapper=async function(filter,protocolMapperRepresentation){
+ try {
+  const token = kcAdminClientHandler.accessToken;
+  const realmName = kcAdminClientHandler.realmName;
+  const path = `/admin/realms/${realmName}/clients/${filter.id}/protocol-mappers/models/${filter.mapperId}`;
+  const { makeRequest } = require('./httpApiHelper');
+  return await makeRequest(token, 'PUT', path, protocolMapperRepresentation);
+ } catch (err) {
+  // Fallback to library implementation if HTTP call fails
+  if (kcAdminClientHandler.clients && kcAdminClientHandler.clients.updateProtocolMapper) {
+   return kcAdminClientHandler.clients.updateProtocolMapper(filter,protocolMapperRepresentation);
+  }
+  throw err;
+ }
 }
 
 
@@ -1322,8 +1509,19 @@ exports.updateProtocolMapper=function(filter,protocolMapperRepresentation){
  *          - {other}
  *    - {other}
  */
-exports.addMultipleProtocolMappers=function(filter,protocolMapperRepresentation){
- return (kcAdminClientHandler.clients.addMultipleProtocolMappers(filter,protocolMapperRepresentation));
+exports.addMultipleProtocolMappers=async function(filter,protocolMapperRepresentation){
+ try {
+  const token = kcAdminClientHandler.accessToken;
+  const realmName = kcAdminClientHandler.realmName;
+  const path = `/admin/realms/${realmName}/clients/${filter.id}/protocol-mappers/add-models`;
+  const { makeRequest } = require('./httpApiHelper');
+  return await makeRequest(token, 'POST', path, protocolMapperRepresentation);
+ } catch (err) {
+  if (kcAdminClientHandler.clients && kcAdminClientHandler.clients.addMultipleProtocolMappers) {
+   return kcAdminClientHandler.clients.addMultipleProtocolMappers(filter,protocolMapperRepresentation);
+  }
+  throw err;
+ }
 }
 
 
@@ -1405,7 +1603,19 @@ exports.listProtocolMappers=function(filter){
  *     - id: [required] The internal client ID of the client
  *     - mapperId: [required] The ID of the protocol mapper to delete
  */
-exports.delProtocolMapper=function(filter){
- return (kcAdminClientHandler.clients.delProtocolMapper(filter));
+exports.delProtocolMapper=async function(filter){
+ try {
+  const token = kcAdminClientHandler.accessToken;
+  const realmName = kcAdminClientHandler.realmName;
+  const path = `/admin/realms/${realmName}/clients/${filter.id}/protocol-mappers/models/${filter.mapperId}`;
+  const { makeRequest } = require('./httpApiHelper');
+  return await makeRequest(token, 'DELETE', path);
+ } catch (err) {
+  // Fallback to library implementation if HTTP call fails
+  if (kcAdminClientHandler.clients && kcAdminClientHandler.clients.delProtocolMapper) {
+   return kcAdminClientHandler.clients.delProtocolMapper(filter);
+  }
+  throw err;
+ }
 }
 

package/Handlers/groupsHandler.js

@@ -26,6 +26,13 @@ exports.setKcAdminClient=function(kcAdminClient){
  *     - {other [optional] group description fields}
  */
 exports.create=function(groupRepresentation){
+ if(groupRepresentation && groupRepresentation.parentId){
+  const { parentId, ...childGroupRepresentation } = groupRepresentation;
+  return (kcAdminClientHandler.groups.createChildGroup(
+   { id: parentId },
+   childGroupRepresentation
+  ));
+ }
  return (kcAdminClientHandler.groups.create(groupRepresentation));
 }
 
@@ -82,7 +89,15 @@ exports.del=function(filter){
  *     - search: [optional] A text string to filter the group count by name
  */
 exports.count=function(filter){
- return (kcAdminClientHandler.groups.count(filter));
+ return (kcAdminClientHandler.groups.count(filter).then((response)=>{
+     if(typeof response === 'number'){
+      return response;
+     }
+     if(response && typeof response.count === 'number'){
+      return response.count;
+     }
+     return 0;
+ }));
 }
 
 

package/Handlers/httpApiHelper.js

@@ -0,0 +1,87 @@
+/**
+ * HTTP API Helper Module
+ * 
+ * Provides direct HTTP calls to Keycloak Admin API
+ * Used when @keycloak/keycloak-admin-client has limitations
+ */
+
+const http = require('http');
+const https = require('https');
+const { conf } = require('propertiesmanager');
+
+/**
+ * Make a direct HTTP request to Keycloak API
+ * @param {string} token - Bearer token
+ * @param {string} method - HTTP method (GET, POST, PUT, DELETE)
+ * @param {string} path - API path (e.g., /admin/realms/realm-name/clients/id)
+ * @param {object} body - Request body (optional)
+ * @returns {Promise<object>} Response data
+ */
+async function makeRequest(token, method, path, body = null) {
+  const keycloakConfig = (conf && conf.keycloak) || {};
+  const baseUrl = keycloakConfig.baseUrl;
+
+  if (!baseUrl) {
+    throw new Error('Keycloak baseUrl not configured');
+  }
+
+  const url = new URL(path, baseUrl);
+  const transport = url.protocol === 'https:' ? https : http;
+  const payload = body ? JSON.stringify(body) : null;
+
+  const options = {
+    method,
+    headers: {
+      'Accept': 'application/json',
+      'Authorization': `Bearer ${token}`,
+      ...(payload ? { 'Content-Type': 'application/json' } : {}),
+    },
+  };
+
+  return new Promise((resolve, reject) => {
+    const req = transport.request(url, options, (res) => {
+      let data = '';
+
+      res.on('data', (chunk) => {
+        data += chunk;
+      });
+
+      res.on('end', () => {
+        try {
+          if (res.statusCode >= 200 && res.statusCode < 300) {
+            const result = data ? JSON.parse(data) : null;
+            resolve(result);
+          } else {
+            let errorData = {};
+            try {
+              errorData = JSON.parse(data);
+            } catch {
+              errorData = { message: data };
+            }
+
+            const error = new Error(
+              errorData.error_description || 
+              errorData.message || 
+              `HTTP ${res.statusCode}`
+            );
+            error.statusCode = res.statusCode;
+            error.response = errorData;
+            reject(error);
+          }
+        } catch (parseErr) {
+          reject(parseErr);
+        }
+      });
+    });
+
+    req.on('error', reject);
+    if (payload) {
+      req.write(payload);
+    }
+    req.end();
+  });
+}
+
+module.exports = {
+  makeRequest,
+};

package/Handlers/realmsHandler.js

@@ -362,8 +362,19 @@ exports.clearAdminEvents=function(realmFilter){
  * - realmFilter: is a JSON object that accepts filter parameters
  *      - realm: [required] The name of the realm for which you want to retrieve the user management permission settings.
  */
-exports.getUsersManagementPermissions=function(realmFilter){
- return(kcAdminClientHandler.realms.getUsersManagementPermissions(realmFilter));
+exports.getUsersManagementPermissions=async function(realmFilter){
+ try {
+  const token = kcAdminClientHandler.accessToken;
+  const realmName = realmFilter.realm;
+  const path = `/admin/realms/${realmName}/users-management-permissions`;
+  const { makeRequest } = require('./httpApiHelper');
+  return await makeRequest(token, 'GET', path);
+ } catch (err) {
+  if (kcAdminClientHandler.realms && kcAdminClientHandler.realms.getUsersManagementPermissions) {
+   return kcAdminClientHandler.realms.getUsersManagementPermissions(realmFilter);
+  }
+  throw err;
+ }
 }
 
 
@@ -379,8 +390,19 @@ exports.getUsersManagementPermissions=function(realmFilter){
  *           - true: Activates fine-grained permissions for user management.
  *           - false: Disables fine-grained permissions and falls back to standard admin roles.
  */
-exports.updateUsersManagementPermissions=function(updateParameters){
- return(kcAdminClientHandler.realms.updateUsersManagementPermissions(updateParameters));
+exports.updateUsersManagementPermissions=async function(updateParameters){
+ try {
+  const token = kcAdminClientHandler.accessToken;
+  const realmName = updateParameters.realm;
+  const path = `/admin/realms/${realmName}/users-management-permissions`;
+  const { makeRequest } = require('./httpApiHelper');
+  return await makeRequest(token, 'PUT', path, { enabled: updateParameters.enabled });
+ } catch (err) {
+  if (kcAdminClientHandler.realms && kcAdminClientHandler.realms.updateUsersManagementPermissions) {
+   return kcAdminClientHandler.realms.updateUsersManagementPermissions(updateParameters);
+  }
+  throw err;
+ }
 }
 
 /**

package/Handlers/usersHandler.js

@@ -198,7 +198,15 @@ exports.delFromGroup=function(parameters){
  *       - search: [optional] a String containing group name such "cool-group",
  */
 exports.countGroups=function(filter){
- return (kcAdminClientHandler.users.countGroups(filter));
+ return (kcAdminClientHandler.users.countGroups(filter).then((response)=>{
+	 if(typeof response === 'number'){
+	  return response;
+	 }
+	 if(response && typeof response.count === 'number'){
+	  return response.count;
+	 }
+	 return 0;
+ }));
 }
 
 
@@ -426,8 +434,21 @@ exports.listSessions=function(filter){
  *     - id: [required] The ID of the user whose sessions will be listed
  *     - clientId: [optional] The client ID whose sessions are being checked
  */
-exports.listOfflineSessions=function(filter){
- return (kcAdminClientHandler.users.listOfflineSessions(filter));
+exports.listOfflineSessions=async function(filter){
+ const params = { ...filter };
+
+ if (params && params.clientId) {
+  try {
+   const clients = await kcAdminClientHandler.clients.find({ clientId: params.clientId });
+   if (Array.isArray(clients) && clients.length && clients[0].id) {
+	params.clientId = clients[0].id;
+   }
+  } catch (error) {
+   // Keep original clientId and let Keycloak validate it.
+  }
+ }
+
+ return (kcAdminClientHandler.users.listOfflineSessions(params));
 }
 
 
@@ -542,18 +563,30 @@ exports.delFromFederatedIdentity=function(options){
 
 /**
  * ***************************** - getUserStorageCredentialTypes - *******************************
- * For more details, see the keycloak-admin-client package in the Keycloak GitHub repository.
+ * Retrieves configured user-storage credential types for a specific user.
+ *
+ * @parameters:
+ * - filter is a JSON object that accepts this parameters:
+ *     - id: [required] The unique ID of the user.
+ *     - realm: [optional] The realm name.
  */
-exports.getUserStorageCredentialTypes=function(){
- return (kcAdminClientHandler.users.getUserStorageCredentialTypes());
+exports.getUserStorageCredentialTypes=function(filter){
+ return (kcAdminClientHandler.users.getUserStorageCredentialTypes(filter));
 }
 
 /**
- * ***************************** - CREATE - *******************************
- * For more details, see the keycloak-admin-client package in the Keycloak GitHub repository.
+ * ***************************** - updateCredentialLabel - *******************************
+ * Updates the label of a specific credential for a user.
+ *
+ * @parameters:
+ * - filter is a JSON object that accepts this parameters:
+ *     - id: [required] The unique ID of the user.
+ *     - credentialId: [required] The unique ID of the credential.
+ *     - realm: [optional] The realm name.
+ * - label: [required] String label to assign to the credential.
  */
-exports.updateCredentialLabel=function(){
- return (kcAdminClientHandler.users.updateCredentialLabel());
+exports.updateCredentialLabel=function(filter,label){
+ return (kcAdminClientHandler.users.updateCredentialLabel(filter,label));
 }