keycloak-api-manager 6.0.1 → 6.0.2

package/Handlers/clientPoliciesHandler.js

@@ -42,7 +42,8 @@ exports.getPolicies = function(filter) {
  *     - profiles: (array) - Profiles to apply when policy matches
  */
 exports.updatePolicies = async function(filter, policiesRepresentation) {
-    // Direct API call since @keycloak/keycloak-admin-client doesn't support this
+    // Direct API call: admin-client support for client-policies update endpoints
+    // is incomplete/inconsistent across versions.
     const realm = filter?.realm || kcAdminClientHandler.realmName;
     const baseUrl = kcAdminClientHandler.baseUrl;
     const token = kcAdminClientHandler.accessToken;
@@ -95,7 +96,8 @@ exports.getProfiles = function(filter) {
  *       - configuration: (object) - Executor-specific configuration
  */
 exports.updateProfiles = async function(filter, profilesRepresentation) {
-    // Direct API call since @keycloak/keycloak-admin-client doesn't support this
+    // Direct API call: admin-client support for client-policies update endpoints
+    // is incomplete/inconsistent across versions.
     const realm = filter?.realm || kcAdminClientHandler.realmName;
     const baseUrl = kcAdminClientHandler.baseUrl;
     const token = kcAdminClientHandler.accessToken;

package/Handlers/clientsHandler.js

@@ -14,6 +14,7 @@ exports.setKcAdminClient=function(kcAdminClient){
 /**
  * Helper function to make direct HTTP calls to Keycloak Admin API.
  * Used when @keycloak/keycloak-admin-client has bugs or inconsistencies.
+ * This keeps behavior aligned with server endpoints even when upstream wrappers lag behind.
  * 
  * @param {string} path - API path relative to baseUrl (e.g., '/admin/realms/...')
  * @param {string} method - HTTP method (GET, POST, PUT, DELETE)
@@ -551,19 +552,6 @@ exports.listAvailableRealmScopeMappings=function(filter){
 }
 
 
-/**
- * ***************************** - listAvailableRealmScopeMappings - *******************************
- * The method is used to retrieve all realm-level roles that are available to be assigned to a specific client.
- * These are roles defined at the realm level that the client does not yet have mapped, allowing you to see what can be added.
- * @parameters:
- * - filter: JSON structure that defines the filter parameters:
- *     - id: [required] The ID of the client for which you want to list available realm-level role mappings.
- */
-exports.listAvailableRealmScopeMappings=function(filter){
- return (kcAdminClientHandler.clients.listAvailableRealmScopeMappings(filter));
-}
-
-
 /**
  * ***************************** - listRealmScopeMappings - *******************************
  * The method retrieves the realm-level roles currently assigned to a client as part of its scope mappings.

package/Handlers/organizationsHandler.js

@@ -17,7 +17,8 @@ exports.setKcAdminClient = function(kcAdminClient) {
 }
 
 /**
- * Helper function to make direct API calls to Keycloak
+ * Helper to perform direct Admin REST calls for Organizations endpoints.
+ * This bypasses admin-client gaps for some Keycloak versions/features.
  */
 async function makeDirectApiCall(method, endpoint, body = null) {
     const baseUrl = kcAdminClientHandler.baseUrl;

package/Handlers/realmsHandler.js

@@ -1,4 +1,3 @@
-
 /**
  * **************************************************************************************************
  * **************************************************************************************************

package/Handlers/userProfileHandler.js

@@ -23,7 +23,7 @@ exports.setKcAdminClient = function(kcAdminClient) {
  * @returns: User profile configuration object with attributes, groups, etc.
  */
 exports.getConfiguration = async function(filter) {
-    // Direct API call for better compatibility
+    // Direct API call: this endpoint is not consistently exposed across admin-client versions.
     const realm = filter?.realm || kcAdminClientHandler.realmName;
     const baseUrl = kcAdminClientHandler.baseUrl;
     const token = kcAdminClientHandler.accessToken;
@@ -63,7 +63,7 @@ exports.getConfiguration = async function(filter) {
  *   - unmanagedAttributePolicy: (string) - Policy for unmanaged attributes
  */
 exports.updateConfiguration = async function(filter, userProfileConfig) {
-    // Direct API call for better compatibility
+    // Direct API call: this endpoint is not consistently exposed across admin-client versions.
     const realm = filter?.realm || kcAdminClientHandler.realmName;
     const baseUrl = kcAdminClientHandler.baseUrl;
     const token = kcAdminClientHandler.accessToken;

package/OIDC_MIGRATION_PLAN.md

@@ -1,8 +1,8 @@
 # OIDC Methods Migration Plan - keycloak-api-manager
 
-## 🚀 Current Status: v6.0.0 - MIGRATION RELEASED
+## 🚀 Current Status: v6.0.1 - Migration Released
 
-✅ **OIDC Methods Deprecated:** All OIDC authentication methods are now marked `@deprecated` in v6.0.0.
+✅ **OIDC Methods Deprecated:** All OIDC authentication methods are marked `@deprecated` since v6.0.0.
 
 ✅ **keycloak-express-middleware v6.1.0 Released:** OIDC methods now available in middleware package with full test coverage.
 
@@ -14,7 +14,7 @@
 
 ## Overview
 
-L'architettura prevede una **migrazione pianificata** dei metodi OIDC (`auth()`, `login()`, `loginPKCE()`) da `keycloak-api-manager` a `keycloak-express-middleware`.
+This architecture follows a **planned migration** of OIDC methods (`auth()`, `login()`, `loginPKCE()`) from `keycloak-api-manager` to `keycloak-express-middleware`.
 
 ## Current State (v5.0.8)
 
@@ -24,7 +24,7 @@ L'architettura prevede una **migrazione pianificata** dei metodi OIDC (`auth()`,
 - ✅ `generateAuthorizationUrl(options)` - PKCE URL generator
 - ✅ `loginPKCE(credentials)` - PKCE token exchange
 
-## Current State (v6.0.0) - NOW
+## Current State (v6.0.1) - NOW
 
 **Status Changes in keycloak-api-manager:**
 - ⚠️ `auth(credentials)` - Marked @deprecated
@@ -125,7 +125,7 @@ keycloak-express-middleware (User Authentication)
 | Version | OIDC Methods | Status |
 |---------|------------|--------|
 | v5.0.8 | Supported | Legacy (should migrate) |
-| v6.0.0 | Deprecated | Current (shows warnings) |
+| v6.0.1 | Deprecated | Current (shows warnings) |
 | v7.0.0 | Removed | Future (no OIDC methods) |
 
 **NPM:** https://www.npmjs.com/package/keycloak-api-manager
@@ -225,16 +225,6 @@ const token = await keycloakMiddleware.loginPKCE({
 });
 ```
 
-**Migration Path:**
-```javascript
-// Move to middleware
-const token = await keycloakMiddleware.loginPKCE({
-  code: req.query.code,
-  redirect_uri: 'https://app/callback',
-  code_verifier: req.session.verifier
-});
-```
-
 ---
 
 ## What Stays in keycloak-api-manager

package/README.md

@@ -54,7 +54,7 @@ console.log(users.length);
 KeycloakManager.stop();
 ```
 
-> **💡 Tip:** For user authentication (login with credentials, PKCE flow, token exchange), use [`keycloak-express-middleware`](https://github.com/smartenv-crs4/keycloak-express-middleware) instead. See [PKCE Login Flow Guide](docs/guides/PKCE-Login-Flow.md#-migration-to-keycloak-express-middleware-recommended) for migration examples.
+> **💡 Tip:** For user authentication (including Authorization Code + PKCE), use [`keycloak-express-middleware`](https://github.com/smartenv-crs4/keycloak-express-middleware). OIDC methods in this package are deprecated and kept only for backward compatibility.
 
 ## Keycloak Feature Flags
 
@@ -102,9 +102,9 @@ Configured handler namespaces:
 
 All documentation is centralized under `docs/`.
 
-### Guides (Practical Implementation)
+### Guides
 
-- [PKCE Login Flow Guide](docs/guides/PKCE-Login-Flow.md) - Step-by-step guide for implementing OAuth2 Authorization Code + PKCE authentication
+- [OIDC Migration Plan](OIDC_MIGRATION_PLAN.md) - Deprecation status and migration notes to keycloak-express-middleware
 
 ### API Reference
 
@@ -163,7 +163,7 @@ docs/               # Centralized documentation
 
 ## Versioning and Compatibility
 
-- Package version: `6.0.0`
+- Package version: `6.0.1`
 - Keycloak Admin client dependency: `@keycloak/keycloak-admin-client`
 - Main compatibility target: Keycloak 25/26