keycloak-api-manager 4.0.0 → 5.0.0

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "keycloak-api-manager",
-  "version": "4.0.0",
-  "description": "Keycloak-api-manager is a lightweight Node.js wrapper for the Keycloak Admin REST API. It provides an easy-to-use functional methods and functions to manage realms, users, roles, clients, groups, and permissions directly from your application code — just like you would from the Keycloak admin console.",
+  "version": "5.0.0",
+  "description": "Enhanced Node.js wrapper for Keycloak Admin REST API. Professional alternative to @keycloak/keycloak-admin-client with advanced features, bug fixes, automatic token refresh, Organizations API support, fine-grained permissions, and comprehensive resource management. Battle-tested with 113+ integration tests.",
   "main": "index.js",
   "scripts": {
     "test": "npm --prefix test install && npm --prefix test test",
@@ -26,21 +26,34 @@
   },
   "keywords": [
     "keycloak",
-    "user",
-    "login",
-    "signin",
-    "session",
-    "ldap",
-    "federation",
+    "keycloak-admin-client",
+    "keycloak-admin",
+    "admin-rest-api",
+    "keycloak-wrapper",
+    "alternative",
+    "rest-api",
+    "admin-client",
+    "user-management",
+    "realm-management",
     "authentication",
-    "oauth",
-    "oauth2.0",
+    "authorization",
+    "fine-grained-permissions",
+    "organizations",
     "sso",
-    "api",
-    "client",
-    "admin",
-    "adapter",
-    "express"
+    "oauth2",
+    "oidc",
+    "identity-provider",
+    "ldap",
+    "federation",
+    "roles",
+    "groups",
+    "clients",
+    "scopes",
+    "session-management",
+    "token-refresh",
+    "admin-api",
+    "express",
+    "nodejs"
   ],
   "author": "aromanino (Crs4)",
   "license": "MIT",

package/test/.mocharc.json

@@ -1,4 +1,4 @@
 {
-  "file": ["setup.js"],
-  "spec": ["specs/*.test.js"]
+  "file": ["support/setup.js"],
+  "spec": ["specs/**/*.test.js"]
 }

package/test/config/secrets.json

@@ -0,0 +1,12 @@
+{
+  "test": {
+    "keycloak": {
+      "password": "admin"
+    },
+    "realm": {
+      "user": {
+        "password": "test-password"
+      }
+    }
+  }
+}

package/test/docker-keycloak/certs/keycloak.crt

@@ -0,0 +1,58 @@
+-----BEGIN CERTIFICATE-----
+MIIFDDCCA/SgAwIBAgISBcrNyeKnHT9iltEpgQZ8pj3MMA0GCSqGSIb3DQEBCwUA
+MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
+EwNSMTIwHhcNMjYwMTAxMTEzMDQzWhcNMjYwNDAxMTEzMDQyWjASMRAwDgYDVQQD
+EwdjcnM0Lml0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1n4wnSXd
+qDqYZLnuanckIHLJWRkK55umvqsTe5uyZOZmhycGn/3whfafhPl2doYhXA1QEvFW
+/JH0TXnuH6Zi0/ycDwfMsU7uHHyn4gUdpvri2w2AMM/x1AkuzN2y8tp1iCqNP92o
+IL/5XOSALUy5SG1VQNZg+gCOjwfbUSk8RzErMaJllsfsvQggbYNTK2xLD5sS7zIw
+ElD0D0hj5QEYyxHDi4nYSoI7eLaDoaXAoStNE99gac+CxlqRttAnmXCG7N3/Fy7n
+kNV6KogWLwMrf4ePL3otUStAbJcXxxrjObFtfw0y69q6QCaXtqMc6xzKWo81faqa
+Rf1bxTSlLYyDewIDAQABo4ICOTCCAjUwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
+MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQs
+M5fzkfsNr63Yq2IJRdEUalEXxjAfBgNVHSMEGDAWgBQAtSnyLY5vMeibTK14Pvrc
+6QzR0jAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAKGF2h0dHA6Ly9yMTIuaS5s
+ZW5jci5vcmcvMCwGA1UdEQQlMCOCCSouY3JzNC5pdIINKi5zcnYuY3JzNC5pdIIH
+Y3JzNC5pdDATBgNVHSAEDDAKMAgGBmeBDAECATAuBgNVHR8EJzAlMCOgIaAfhh1o
+dHRwOi8vcjEyLmMubGVuY3Iub3JnLzc3LmNybDCCAQwGCisGAQQB1nkCBAIEgf0E
+gfoA+AB+AHF+lfPCOIptseOEST0x4VqpYgh2LUIA4AUM0Ge1pmHiAAABm3mImfwA
+CAAABQAFv3tzBAMARzBFAiAhkme95Z1YQSTesVBfyrfjHRbHIrLj4shjyIksq+cu
+cAIhALHR2CZXOvy2+dyzVOuOASHHFylEajxaLYkhcPSSbZhqAHYA0W6ppWgHfmY1
+oD83pd28A6U8QRIU1IgY9ekxsyPLlQQAAAGbeYiaCwAABAMARzBFAiEA9XP3ngll
+yo2ms1ycX8Jew9rcy3WmfdE/cMgACFlo+vsCIA9T+KMahoSt7uYTaoXjhUtk/EMG
+JEDOGpveXX0Tu2s4MA0GCSqGSIb3DQEBCwUAA4IBAQBXnrWMbPgIGiJdQYvQgABA
+A3x2zgQF4pLOsP30nMqG7QoBL5WqW669quymTU3qHpZEm3aZs+J28IW9xjHP/Sp6
+TFgPk7S98mFntw2/oGU51w98a1F05MfB1yH/Ii5hEBeOFb1daVwBfe2/nKHNTQKU
+DKpGR76b2lwe+vQIavt1oMWYU47+RQYZJl0gyQLuJUok7xX0zPisF8OVqVy5HQ6o
+BFWYKNgJuQz9QBMwGhgwgSB8fxf7NZL+762wLat7xC9/EZ/4H1JfbOeDRgDLYZ95
+/Tg4LLbgwmchX6AKfFSzq6jNthiA/qSxDQ2Vh8TdF2/Grt1v856gem9UJcJsnH9G
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFBjCCAu6gAwIBAgIRAMISMktwqbSRcdxA9+KFJjwwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAzMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDEMMAoGA1UEAxMDUjEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA2pgodK2+lP474B7i5Ut1qywSf+2nAzJ+Npfs6DGPpRONC5kuHs0BUT1M
+5ShuCVUxqqUiXXL0LQfCTUA83wEjuXg39RplMjTmhnGdBO+ECFu9AhqZ66YBAJpz
+kG2Pogeg0JfT2kVhgTU9FPnEwF9q3AuWGrCf4yrqvSrWmMebcas7dA8827JgvlpL
+Thjp2ypzXIlhZZ7+7Tymy05v5J75AEaz/xlNKmOzjmbGGIVwx1Blbzt05UiDDwhY
+XS0jnV6j/ujbAKHS9OMZTfLuevYnnuXNnC2i8n+cF63vEzc50bTILEHWhsDp7CH4
+WRt/uTp8n1wBnWIEwii9Cq08yhDsGwIDAQABo4H4MIH1MA4GA1UdDwEB/wQEAwIB
+hjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwEgYDVR0TAQH/BAgwBgEB
+/wIBADAdBgNVHQ4EFgQUALUp8i2ObzHom0yteD763OkM0dIwHwYDVR0jBBgwFoAU
+ebRZ5nu25eQBc4AIiMgaWPbpm24wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAC
+hhZodHRwOi8veDEuaS5sZW5jci5vcmcvMBMGA1UdIAQMMAowCAYGZ4EMAQIBMCcG
+A1UdHwQgMB4wHKAaoBiGFmh0dHA6Ly94MS5jLmxlbmNyLm9yZy8wDQYJKoZIhvcN
+AQELBQADggIBAI910AnPanZIZTKS3rVEyIV29BWEjAK/duuz8eL5boSoVpHhkkv3
+4eoAeEiPdZLj5EZ7G2ArIK+gzhTlRQ1q4FKGpPPaFBSpqV/xbUb5UlAXQOnkHn3m
+FVj+qYv87/WeY+Bm4sN3Ox8BhyaU7UAQ3LeZ7N1X01xxQe4wIAAE3JVLUCiHmZL+
+qoCUtgYIFPgcg350QMUIWgxPXNGEncT921ne7nluI02V8pLUmClqXOsCwULw+PVO
+ZCB7qOMxxMBoCUeL2Ll4oMpOSr5pJCpLN3tRA2s6P1KLs9TSrVhOk+7LX28NMUlI
+usQ/nxLJID0RhAeFtPjyOCOscQBA53+NRjSCak7P4A5jX7ppmkcJECL+S0i3kXVU
+y5Me5BbrU8973jZNv/ax6+ZK6TM8jWmimL6of6OrX7ZU6E2WqazzsFrLG3o2kySb
+zlhSgJ81Cl4tv3SbYiYXnJExKQvzf83DYotox3f0fwv7xln1A2ZLplCb0O+l/AK0
+YE0DS2FPxSAHi0iwMfW2nNHJrXcY3LLHD77gRgje4Eveubi2xxa+Nmk/hmhLdIET
+iVDFanoCrMVIpQ59XWHkzdFmoHXHBV7oibVjGSO7ULSQ7MJ1Nz51phuDJSgAIU7A
+0zrLnOrAj/dfrlEWRhCvAgbuwLZX1A2sjNjXoPOHbsPiy+lO1KF8/XY7
+-----END CERTIFICATE-----

package/test/docker-keycloak/certs/keycloak.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDWfjCdJd2oOphk
+ue5qdyQgcslZGQrnm6a+qxN7m7Jk5maHJwaf/fCF9p+E+XZ2hiFcDVAS8Vb8kfRN
+ee4fpmLT/JwPB8yxTu4cfKfiBR2m+uLbDYAwz/HUCS7M3bLy2nWIKo0/3aggv/lc
+5IAtTLlIbVVA1mD6AI6PB9tRKTxHMSsxomWWx+y9CCBtg1MrbEsPmxLvMjASUPQP
+SGPlARjLEcOLidhKgjt4toOhpcChK00T32Bpz4LGWpG20CeZcIbs3f8XLueQ1Xoq
+iBYvAyt/h48vei1RK0BslxfHGuM5sW1/DTLr2rpAJpe2oxzrHMpajzV9qppF/VvF
+NKUtjIN7AgMBAAECggEBALIxl9WWVbWjKGPWC/orDLpgYmJA6cxMhZS1r7PrP6OP
+vfHePCTC5QWGRDRGw2HoQOKmtLVoBqpB30JWX7uvkT8oB8Z85lMPjcXg0eB1+5Jz
+r+/oIW1r9C4Biv3r2PTlBOug3kQGs9yxYEsKEmqP6QYAvujksSBBQi4ViuC8bzV8
+XxbV0nUb6Rba5wz3PzxbrOCsPNSbWpyb7VWz8ApIzb7X/OGFF12tClNUoXN8hMzI
+xoFBG3mDQjb9aDgJCP8RgrS/wfo0Ay+KAhTNUqgqUzj8awtICAaVCZt1ptrQkEsL
+tgmNiEA8zP6Rh+6hIv7o3XuV1GZMBRhAWrg+1PcXp4ECgYEA/fjub3xC3XW5yWqN
+JhB/SsDLGfMyFzRbNk+HPgJww46R6GobB7m3pmXov+xRmjK0PBQA9rdvZFqAsXIy
+67KAWgVpNEBVQnGI8w/sub5aeBJqkGUQzTnRnlA/DWaAf8q64r8Kgzvd8TlWwipB
+uXvLebxoWJL1gHLgDPL4tZKH/aECgYEA2DSSBrwMHcaO9p0bhvXhQAH1jXULntfk
+VcNvTszKPdKOrXyfLKJ8xnEU92tZW8Xw/XyHDrPbmgFJ8evuKvJQfYWUQ3PnPux5
+oVY2BzTRYnjXbPxoGYWpSFu/dlJP4HV/qc4Nar1iB8MtWk0drscoyFq6zcat8CLj
+vhpmrhSDE5sCgYEAjJ0PfmBBMRYmJ/M7dPC7WWsGyDZS7HALdDVx/o4hWtSLyi89
+Cfj0SkewJtqzj3k1OvIkWnTTUq+dAyHkOYUZ9T17svdPfTsZBOIzQd+3fTVNFOcv
+90Bk448wab3vtVFMSZBWRLSXvB/v/g6hVw3IaX08FJZBIL35eJHpy7X2XyECgYAU
+XH8UG0mY1EZKe2lIQIfCG20gsVEy2GosmYc2CJtTTy0YsY/cCEFv/t5Wnsl/lxin
+Br9BZzbbPhvUqL95U/C4oYfhAl1Y07RwuUnFS/gcKf0/ylWTcb8LjXhukDntjaNE
+Pp+M2eENkhgHVRPijecNV14YWwmuf9qq4Jmi81OU2QKBgF22ZG6SH7y34m/v6knX
+h4gCSSF9jKblNJ1Z737XOCYjpKFB2m5B20T/JDlwLca17NcZOR8J3KJZH2X7c2Ne
+utTdZpmcl6HB+zdHijnhgA51g5dBs2tO/G8z0moBxAWK2bwYldX7A6jaiUyM/kix
+e4PsNLp4TNicrABWSTgxOeBD
+-----END PRIVATE KEY-----

package/test/docker-keycloak/docker-compose-https.yml

@@ -29,6 +29,8 @@ services:
       # HTTPS configuration
       KC_HTTP_ENABLED: 'true'            # Admin console accessible via HTTP too
       KC_PROXY: reencrypt                # Trust reverse proxy headers
+      # Feature flags for testing (match docker-compose.yml)
+      KC_FEATURES: 'admin-fine-grained-authz:v1,organization,client-policies'
     volumes:
       # Mount certificates for HTTPS
       - "${KEYCLOAK_CERT_PATH}/keycloak.crt:/etc/keycloak/certs/keycloak.crt:ro"

package/test/docker-keycloak/docker-compose.yml

@@ -35,15 +35,15 @@ services:
       # HTTPS configuration (only applied if KC_SCHEME=https)
       KC_HTTP_ENABLED: 'true'            # Admin console accessible via HTTP too
       KC_PROXY: reencrypt                # Trust reverse proxy headers
+      # Feature flags for advanced functionality
+      KC_FEATURES: 'admin-fine-grained-authz:v1,organization,client-policies'
     volumes:
       # Mount certificates if HTTPS is enabled and path is provided
       - "${KEYCLOAK_CERT_PATH:-./certs}:/etc/keycloak/certs:ro"
     command:
       - start-dev
-      # Note: To add HTTPS flags dynamically, use environment variable substitution
-      # For HTTPS mode, add these flags before start-dev:
-      #   - --https-certificate-file=/etc/keycloak/certs/keycloak.crt
-      #   - --https-certificate-key-file=/etc/keycloak/certs/keycloak.key
+      - --https-certificate-file=/etc/keycloak/certs/keycloak.crt
+      - --https-certificate-key-file=/etc/keycloak/certs/keycloak.key
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8080/health/ready"]
       interval: 5s

package/test/helpers/matrix.js

@@ -0,0 +1,16 @@
+const fs = require('fs');
+const path = require('path');
+
+function loadMatrix(name) {
+  const filePath = path.join(__dirname, '..', 'matrix', `${name}.json`);
+  return JSON.parse(fs.readFileSync(filePath, 'utf8'));
+}
+
+function uniqueName(prefix) {
+  return `${prefix}-${Date.now()}-${Math.floor(Math.random() * 1000)}`;
+}
+
+module.exports = {
+  loadMatrix,
+  uniqueName,
+};

package/test/matrix/auth.json

@@ -0,0 +1,27 @@
+{
+  "name": "auth",
+  "cases": [
+    {
+      "name": "password-basic",
+      "grantType": "password"
+    },
+    {
+      "name": "password-with-scope",
+      "grantType": "password",
+      "scope": "openid profile email"
+    },
+    {
+      "name": "password-offline-token",
+      "grantType": "password",
+      "offlineToken": true
+    },
+    {
+      "name": "client-credentials",
+      "grantType": "client_credentials"
+    },
+    {
+      "name": "refresh-token",
+      "grantType": "refresh_token"
+    }
+  ]
+}

package/test/matrix/clients.json

@@ -0,0 +1,45 @@
+{
+  "name": "clients",
+  "cases": [
+    {
+      "name": "confidential-service-account",
+      "publicClient": false,
+      "serviceAccountsEnabled": true,
+      "directAccessGrantsEnabled": true,
+      "standardFlowEnabled": true,
+      "consentRequired": false
+    },
+    {
+      "name": "public-browser",
+      "publicClient": true,
+      "serviceAccountsEnabled": false,
+      "directAccessGrantsEnabled": true,
+      "standardFlowEnabled": true,
+      "consentRequired": false
+    },
+    {
+      "name": "confidential-no-service",
+      "publicClient": false,
+      "serviceAccountsEnabled": false,
+      "directAccessGrantsEnabled": false,
+      "standardFlowEnabled": true,
+      "consentRequired": false
+    },
+    {
+      "name": "confidential-client-credentials",
+      "publicClient": false,
+      "serviceAccountsEnabled": true,
+      "directAccessGrantsEnabled": false,
+      "standardFlowEnabled": false,
+      "consentRequired": false
+    },
+    {
+      "name": "confidential-consent-required",
+      "publicClient": false,
+      "serviceAccountsEnabled": false,
+      "directAccessGrantsEnabled": true,
+      "standardFlowEnabled": true,
+      "consentRequired": true
+    }
+  ]
+}

package/test/matrix/realms-components-idp.json

@@ -0,0 +1,37 @@
+{
+  "name": "realms-components-idp",
+  "realms": [
+    {
+      "name": "realm-basic",
+      "realmConfig": {
+        "enabled": true,
+        "registrationAllowed": false,
+        "rememberMe": true,
+        "loginWithEmailAllowed": true
+      }
+    },
+    {
+      "name": "realm-registration",
+      "realmConfig": {
+        "enabled": true,
+        "registrationAllowed": true,
+        "rememberMe": false,
+        "loginWithEmailAllowed": true
+      }
+    }
+  ],
+  "identityProviders": [
+    {
+      "name": "oidc-basic",
+      "providerId": "oidc",
+      "config": {
+        "authorizationUrl": "https://example.com/auth",
+        "tokenUrl": "https://example.com/token",
+        "userInfoUrl": "https://example.com/userinfo",
+        "clientId": "dummy-client-id",
+        "clientSecret": "dummy-client-secret",
+        "defaultScope": "openid profile email"
+      }
+    }
+  ]
+}

package/test/matrix/users-roles-groups.json

@@ -0,0 +1,26 @@
+{
+  "name": "users-roles-groups",
+  "cases": [
+    {
+      "name": "user-enabled-verified",
+      "user": {
+        "enabled": true,
+        "emailVerified": true
+      }
+    },
+    {
+      "name": "user-enabled-unverified",
+      "user": {
+        "enabled": true,
+        "emailVerified": false
+      }
+    },
+    {
+      "name": "user-disabled",
+      "user": {
+        "enabled": false,
+        "emailVerified": false
+      }
+    }
+  ]
+}