PHPackages mustafstarlabs/keycloak-admin-client - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. mustafstarlabs/keycloak-admin-client ActiveLibrary[Authentication & Authorization](/categories/authentication) mustafstarlabs/keycloak-admin-client ==================================== Connect to keycloak admin api easily v0.40.2(2y ago)09MITPHPPHP >=5.5.0 Since Sep 25Pushed 2y agoCompare [ Source](https://github.com/mustafstarlabs/keycloak-admin-client)[ Packagist](https://packagist.org/packages/mustafstarlabs/keycloak-admin-client)[ RSS](/packages/mustafstarlabs-keycloak-admin-client/feed)WikiDiscussions develop Synced 1mo ago READMEChangelog (3)Dependencies (2)Versions (44)Used By (0) [![Latest Version](https://camo.githubusercontent.com/85538bc4477db07d6a9782e5fb21dad38dd87f615756c5f40a26e40a0f43d15e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f762f7461672f4d6f68616d6d616457616c6565642f6b6579636c6f616b2d61646d696e2d636c69656e742e7376673f7374796c653d666c61742d737175617265)](https://github.com/MohammadWaleed/keycloak-admin-client/releases) [![Total Downloads](https://camo.githubusercontent.com/9b7692f25642a1829e479190cd4fcec12a01d2d06b19d69412cb7911df2771f2/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6d6f68616d6d61642d77616c6565642f6b6579636c6f616b2d61646d696e2d636c69656e742e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/mohammad-waleed/keycloak-admin-client) - [Introduction](#introduction) - [How to use](#how-to-use) - [Customization](#customization) - [Supported APIs](#supported-apis) - [Attack Detection](#attack-detection) - [Authentication Management](#authentication-management) - [Client Attribute Certificate](#client-attribute-certificate) - [Client Initial Access](#client-initial-access) - [Client Registration Policy](#client-registration-policy) - [Client Role Mappings](#client-role-mappings) - [Client Scopes](#client-scopes) - [Clients](#clients) - [Component](#component) - [Groups](#groups) - [Identity Providers](#identity-providers) - [Key](#key) - [Protocol Mappers](#protocol-mappers) - [Realms Admin](#realms-admin) - [Role Mapper](#role-mapper) - [Roles](#roles) - [Roles (by ID)](#roles-by-id) - [Scope Mappings](#scope-mappings) - [User Storage Provider](#user-storage-provider) - [Users](#users) - [Root](#root) Introduction ============ [](#introduction) This is a php client to connect to keycloak admin rest apis with no headache. Features: 1. Easy to use 2. No need to get token or generate it it's already handled by the client 3. No need to specify any urls other than the base uri 4. No encode/decode for json just data as you expect works with Keycloak 7.0 admin rest api How to use ========== [](#how-to-use) #### 1. Create new client [](#1-create-new-client) ``` $client = Keycloak\Admin\KeycloakClient::factory([ 'realm' => 'master', 'username' => 'admin', 'password' => '1234', 'client_id' => 'admin-cli', 'baseUri' => 'http://127.0.0.1:8180', ]); ``` #### 2. Use it [](#2-use-it) ``` $client->getUsers(); //Result // Array of users /* [ [ "id" => "39839a9b-de08-4d2c-b91a-a6ce2595b1f3", "createdTimestamp" => 1571663375749, "username" => "admin", "enabled" => true, "totp" => false, "emailVerified" => false, "disableableCredentialTypes" => [ "password", ], "requiredActions" => [], "notBefore" => 0, "access" => [ "manageGroupMembership" => true, "view" => true, "mapRoles" => true, "impersonate" => true, "manage" => true, ], ], ] */ $client->createUser([ 'username' => 'test', 'email' => 'test@test.com', 'enabled' => true, 'credentials' => [ [ 'type'=>'password', 'value'=>'1234', ], ], ]); ``` Customization ============= [](#customization) ### Supported credentials [](#supported-credentials) It is possible to change the credential's type used to authenticate by changing the configuration of the keycloak client. Currently, the following credentials are supported - password credentials, used by default - to authenticate with a user account ``` $client = Keycloak\Admin\KeycloakClient::factory([ ... 'grant_type' => 'password', 'username' => 'admin', 'password' => '1234', ]); ``` - client credentials - to authenticate with a client service account ``` $client = Keycloak\Admin\KeycloakClient::factory([ ... 'grant_type' => 'client_credentials', 'client_id' => 'admin-cli', 'client_secret' => '84ab3d98-a0c3-44c7-b532-306f222ce1ff', ]); ``` ### Injecting middleware [](#injecting-middleware) It is possible to inject [Guzzle client middleware](https://docs.guzzlephp.org/en/stable/handlers-and-middleware.html#middleware)in the keycloak client configuration using the `middlewares` keyword. For example: ``` use GuzzleHttp\Middleware; use Psr\Http\Message\RequestInterface; $client = Keycloak\Admin\KeycloakClient::factory([ ... 'middlewares' => [ // throws exceptions when request fails Middleware::httpErrors(), // other custom middlewares Middleware::mapRequest(function (RequestInterface $request) { return $request; }), ], ]); ``` ### Changing how the token is saved and stored [](#changing-how-the-token-is-saved-and-stored) By default, the token is saved at runtime. This means that the previous token is not used when creating a new client. You can customize how the token is stored in the client configuration by implementing your own `TokenStorage`, an interface which describes how the token is stored and retrieved. ``` class CustomTokenStorage implements TokenStorage { public function getToken() { // TODO } public function saveToken(array $token) { // TODO } } $client = Keycloak\Admin\KeycloakClient::factory([ ... 'token_storage' => new CustomTokenStorage(), ]); ``` ### Custom Keycloak endpoints [](#custom-keycloak-endpoints) It is possible to inject [Guzzle Service Operations](https://guzzle3.readthedocs.io/webservice-client/guzzle-service-descriptions.html#operations)in the keycloak client configuration using the `custom_operations` keyword. This way you can extend the built-in supported endpoints with custom. ``` $client = KeycloakClient::factory([ ... 'custom_operations' => [ 'getUsersByAttribute' => [ 'uri' => '/auth/realms/{realm}/userapi-rest/users/search-by-attr', 'description' => 'Get users by attribute Returns a list of users, filtered according to query parameters', 'httpMethod' => 'GET', 'parameters' => [ 'realm' => [ 'location' => 'uri', 'description' => 'The Realm name', 'type' => 'string', 'required' => true, ], 'attr' => [ 'location' => 'query', 'type' => 'string', 'required' => true, ], 'value' => [ 'location' => 'query', 'type' => 'string', 'required' => true, ], ], ], ] ]); ``` Supported APIs ============== [](#supported-apis) [Attack Detection](https://www.keycloak.org/docs-api/7.0/rest-api/index.html#_attack_detection_resource) -------------------------------------------------------------------------------------------------------- [](#attack-detection) APIFunction NameSupportedClear any user login failures for all users This can release temporary disabled usersclearAllLoginFailures✔️Get status of a username in brute force detectiongetBruteForceUserStatus✔️Clear any user login failures for the user This can release temporary disabled userclearUserLoginFailures✔️[Authentication Management](https://www.keycloak.org/docs-api/7.0/rest-api/index.html#_authentication_management_resource) -------------------------------------------------------------------------------------------------------------------------- [](#authentication-management) APIFunction NameSupportedGet authenticator providers Returns a list of authenticator providers.getAuthenticatorProviders✔️Get client authenticator providers Returns a list of client authenticator providers.getClientAuthenticatorProviders✔️Get authenticator provider’s configuration descriptiongetAuthenticatorConfigInfo✔️Get authenticator configurationgetAuthenticatorConfig✔️Update authenticator configurationupdateAuthenticatorConfig✔️Delete authenticator configurationdeleteAuthenticatorConfig✔️Add new authentication executioncreateAuthenticationExecution✔️Get Single ExecutiongetAuthenticationExecution✔️Delete executiondeleteAuthenticationExecution✔️Update execution with new configurationupdateAuthenticationExecution✔️Lower execution’s prioritylowerAuthenticationExecutionPriority✔️Raise execution’s priorityraiseAuthenticationExecutionPriority✔️Create a new authentication flowcreateAuthenticationFlow✔️Get authentication flows Returns a list of authentication flows.getAuthenticationFlows✔️Copy existing authentication flow under a new name The new name is given as 'newName' attribute of the passed JSON objectcopyAuthenticationFlow✔️Get authentication executions for a flowgetAuthenticationFlowExecutions✔️Update authentication executions for a flowupdateAuthenticationFlowExecutions✔️Add new authentication execution to a flowcreateAuthenticationFlowExecution✔️Add new flow with new execution to existing flowaddAuthenticationFlowExecution✔️Get authentication flow for idgetAuthenticationFlow✔️Update authentication flow for idupdateAuthenticationFlow✔️Delete an authentication flowdeleteAuthenticationFlow✔️Get form action providers Returns a list of form action providers.getFormActionProviders✔️Get form providers Returns a list of form providers.getFormProviders✔️Get configuration descriptions for all clientsgetClientsConfigDescriptions✔️Register a new required actionscreateRequiredAction✔️Get required actions Returns a list of required actions.getRequiredActions✔️Get required action for aliasgetAliasRequiredAction✔️Update required actionupdateRequiredAction✔️Delete required actiondeleteRequiredAction✔️Lower required action’s prioritylowerRequiredActionPriority✔️Raise required action’s priorityraiseRequiredActionPriority✔️Get unregistered required actions Returns a list of unregistered required actions.getUnregisteredRequiredActions✔️[Client Attribute Certificate](https://www.keycloak.org/docs-api/7.0/rest-api/index.html#_client_attribute_certificate_resource) -------------------------------------------------------------------------------------------------------------------------------- [](#client-attribute-certificate) APIFunction NameSupportedGet key info (try with attr = "jwt.credential")getClientKeyInfo✔️Get a keystore file for the client, containing private key and public certificate (note: write response content to a file)getClientKeyStore✔️Generate a new certificate with new key pairgenerateClientCertificate✔️Generate a new keypair and certificate, and get the private key file Generates a keypair and certificate and serves the private key in a specified keystore format.generateDownloadClientCertificate✔️Upload certificate and eventually private keyuploadClientCertificateAndPrivateKey✔️Upload only certificate, not private keyuploadClientCertificateOnly✔️[Client Initial Access](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_client_initial_access_resource) ------------------------------------------------------------------------------------------------------------------- [](#client-initial-access) APIFunction NameSupportedCreate a new initial access token.createClientInitialAccessToken✔️GET /{realm}/clients-initial-accessgetClientInitialAccessTokens✔️DELETE /{realm}/clients-initial-access/{id}deleteClientInitialAccessToken✔️[Client Registration Policy](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_client_registration_policy_resource) ----------------------------------------------------------------------------------------------------------------------------- [](#client-registration-policy) APIFunction NameSupportedBase path for retrieve providers with the configProperties properly filledgetClientRegistrationPolicyProviders✔️[Client Role Mappings](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_client_role_mappings_resource) ----------------------------------------------------------------------------------------------------------------- [](#client-role-mappings) APIFunction NameSupportedAdd client-level roles to the group role mappingaddGroupClientRoleMappings✔️Get client-level role mappings for the group, and the appgetGroupClientRoleMappings✔️Delete client-level roles from group role mappingdeleteGroupClientRoleMappings✔️Get available client-level roles that can be mapped to the groupgetAvailableGroupClientRoleMappings✔️Get effective client-level role mappings This recurses any composite roles for groupsgetGroupClientRoleMappingsWithComposite✔️Add client-level roles to the user role mappingaddUserClientRoleMappings✔️Get client-level role mappings for the user, and the appgetUserClientRoleMappings✔️Delete client-level roles from user role mappingdeleteUserClientRoleMappings✔️Get available client-level roles that can be mapped to the usergetAvailableUserClientRoleMappings✔️Get effective client-level role mappings This recurses any composite roles for usersgetUserClientRoleMappingsWithComposite✔️[Client Scopes](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_client_scopes_resource) --------------------------------------------------------------------------------------------------- [](#client-scopes) APIFunction NameSupportedCreate a new client scope Client Scope’s name must be unique!createClientScope✔️Get client scopes belonging to the realm Returns a list of client scopes belonging to the realmgetClientScopes✔️Get representation of the client scopegetClientScope✔️Update the client scopeupdateClientScope✔️Delete the client scopedeleteClientScope✔️[Clients](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_clients_resource) --------------------------------------------------------------------------------------- [](#clients) APIFunction NameSupportedCreate a new client Client’s client\_id must be unique!createClient✔️Get clients belonging to the realm Returns a list of clients belonging to the realmgetClients✔️Get representation of the clientgetClient✔️Update the clientupdateClient✔️Delete the clientdeleteClient✔️Generate a new secret for the clientgenerateClientSecret✔️Get the client secretgetClientSecret✔️Get default client scopes.getClientDefaultScopes✔️Set client scope as default scopesetClientScopeAsDefault✔️Remove client scope from default scopesremoveClientScopeAsDefault✔️Create JSON with payload of example access tokengetClientExampleAccessToken✔️Return list of all protocol mappers, which will be used when generating tokens issued for particular client.getClientProtocolMappers✔️Get effective scope mapping of all roles of particular role container, which this client is defacto allowed to have in the accessToken issued for him.getClientAllowedRoleMappingsInContainer✔️Get roles, which this client doesn’t have scope for and can’t have them in the accessToken issued for him.getClientNotAllowedRoleMappingsInContainer✔️Generate client adapter configuration takes one of these (keycloak-oidc-keycloak-json, keycloak-oidc-jboss-subsystem-cli, keycloak-oidc-jboss-subsystem, keycloak-saml, keycloak-saml-subsystem-cli, keycloak-saml-subsystem)getClientInstallationConfiguration✔️Return object stating whether client Authorization permissions have been initialized or not and a referencegetClientAuthorizationPermissionsStatus✔️Update client Authorization permissions initialization and a referenceupdateClientAuthorizationPermissionsStatus✔️Register a cluster node with the client Manually register cluster node to this client - usually it’s not needed to call this directly as adapter should handle by sending registration request to KeycloakregisterClientClusterNode✔️Unregister a cluster node from the clientunregisterClientClusterNode✔️Get application offline session count Returns a number of offline user sessions associated with this client { "count": number }getClientOfflineSessionsCount✔️Get offline sessions for client Returns a list of offline user sessions associated with this clientgetClientOfflineSessions✔️Get optional client scopes.getClientOptionalScopes✔️Assign client optional scopeassignClientOptionalScope✔️remove client optional scope assignmentunassignClientOptionalScope✔️Push the client’s revocation policy to its admin URL If the client has an admin URL, push revocation policy to it.pushClientRevocationPolicy✔️Generate a new registration access token for the clientgenerateClientRegistrationToken✔️Get a user dedicated to the service accountgetServiceAccountDedicatedUser✔️Get application session count Returns a number of user sessions associated with this client { "count": number }getClientSessionsCount✔️Test if registered cluster nodes are available Tests availability by sending 'ping' request to all cluster nodes.testClientNodesAvailability✔️Get user sessions for client Returns a list of user sessions associated with this clientgetClientSessions✔️[Component](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_component_resource) ------------------------------------------------------------------------------------------- [](#component) APIFunction NameSupportedCreate new componentcreateComponent✔️Get componentsgetComponents✔️Get componentgetComponent✔️Update componentupdateComponent✔️Delete componentdeleteComponent✔️List of subcomponent types that are available to configure for a particular parent component.getComponentSubTypes✔️[Groups](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_groups_resource) ------------------------------------------------------------------------------------- [](#groups) APIFunction NameSupportedcreate or add a top level realm groupSet or create child.createGroup✔️Get group hierarchy.getGroups✔️Returns the groups counts.getGroupsCount✔️Get GroupgetGroup✔️Update group, ignores subgroups.updateGroup✔️Delete GroupremoveGroup✔️Set or create child.createChildGroup✔️Return object stating whether client Authorization permissions have been initialized or not and a referencegetGroupManagementPermissions✔️Return object stating whether client Authorization permissions have been initialized or not and a referenceupdateGroupManagementPermissions✔️Get users Returns a list of users, filtered according to query parametersgetGroupMembers✔️[Identity Providers](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_identity_providers_resource) ------------------------------------------------------------------------------------------------------------- [](#identity-providers) APIFunction NameSupportedImport identity provider from uploaded JSON fileimportIdentityProvider✔️Create a new identity providercreateIdentityProvider✔️Get identity providersgetIdentityProviders✔️Get the identity providergetIdentityProvider✔️Update the identity providerupdateIdentityProvider✔️Delete the identity providerdeleteIdentityProvider✔️Export public broker configuration for identity providerexportIdentityProviderBrokerConfig✔️Return object stating whether client Authorization permissions have been initialized or not and a referencegetIdentityProviderManagementPermissions✔️Return object stating whether client Authorization permissions have been initialized or not and a referenceupdateIdentityProviderManagementPermissions✔️Get mapper types for identity provider (Keycloak gives exception report it)getIdentityProviderMapperTypes✔️Add a mapper to identity providercreateIdentityProviderMapper✔️Get mappers for identity providergetIdentityProviderMappers✔️Get mapper by id for the identity providergetIdentityProviderMapper✔️Update a mapper for the identity provider (not working for some reason gives Null Pointer Exception)updateIdentityProviderMapper✔️Delete a mapper for the identity providerdeleteIdentityProviderMapper✔️Get identity providersgetIdentityProviderById✔️[Key](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_key_resource) ------------------------------------------------------------------------------- [](#key) APIFunction NameSupportedGet Realm keysgetRealmKeys✔️[Protocol Mappers](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_protocol_mappers_resource) --------------------------------------------------------------------------------------------------------- [](#protocol-mappers) Note: Ids are sent as clientScopeId or clientId and mapperId everything else is just as the keycloak documentation APIFunction NameSupportedCreate multiple mapperscreateClientScopeProtocolMappers✔️Create a mappercreateClientScopeProtocolMapper✔️Get mappersgetClientScopeProtocolMappers✔️Get mapper by idgetClientScopeProtocolMapperById✔️Update the mapperupdateClientScopeProtocolMapper✔️Delete the mapperdeleteClientScopeProtocolMapper✔️Get mappers by name for a specific protocolgetClientScopeProtocolMappersByProtocolName✔️Create multiple mapperscreateClientProtocolMappers✔️Create a mappercreateClientProtocolMapper✔️Get mappersgetClientProtocolMappers✔️Get mapper by idgetClientProtocolMapperById✔️Update the mapperupdateClientProtocolMapper✔️Delete the mapperdeleteClientProtocolMapper✔️Get mappers by name for a specific protocolgetClientProtocolMappersByProtocolName✔️[Realms Admin](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_realms_admin_resource) ------------------------------------------------------------------------------------------------- [](#realms-admin) APIFunction NameSupportedImport a realm Imports a realm from a full representation of that realm.importRealm✔️Get the top-level representation of the realm It will not include nested information like User and Client representations.getRealm✔️Update the top-level information of the realm Any user, roles or client information in the representation will be ignored.updateRealm✔️Delete the realmdeleteRealm✔️Get admin events Returns all admin events, or filters events based on URL query parameters listed heregetAdminEvents✔️Delete all admin eventsdeleteAdminEvents✔️Clear cache of external public keys (Public keys of clients or Identity providers)clearExternalPublicKeysCache✔️Clear realm cacheclearRealmCache✔️Clear user cacheclearUserCache✔️Base path for importing clients under this realm.importClient✔️Get client session stats Returns a JSON map.getClientsSessionStats✔️GET /{realm}/credential-registratorsgetCredentialRegistrators✔️Get realm default client scopes.getDefaultClientScopes✔️PUT /{realm}/default-default-client-scopes/{clientScopeId}setScopeAsDefaultClientScope✔️DELETE /{realm}/default-default-client-scopes/{clientScopeId}unsetScopeAsDefaultClientScope✔️Get group hierarchy.getDefaultGroupHierarchy✔️PUT /{realm}/default-groups/{groupId}setGroupAsDefaultGroup✔️DELETE /{realm}/default-groups/{groupId}unsetGroupAsDefaultGroup✔️Get realm optional client scopes.getOptionalClientScopes✔️PUT /{realm}/default-optional-client-scopes/{clientScopeId}setScopeAsOptionalClientScope✔️DELETE /{realm}/default-optional-client-scopes/{clientScopeId}unsetScopeAsOptionalClientScope✔️Get events Returns all events, or filters them based on URL query parameters listed heregetAllEvents✔️Delete all eventsdeleteAllEvents✔️Get the events provider configuration Returns JSON object with events provider configurationgetEventsConfig✔️Update the events provider Change the events provider and/or its configurationupdateEventsConfig✔️Get user group by pathgetGroupByPath✔️Removes all user sessions. (Keycloak throws an exception when this one is called)logoutAllUsers❌Partial export of existing realm into a JSON file.partialExportRealm✔️Partial import from a JSON file to an existing realm.partialImportRealm✔️Push the realm’s revocation policy to any client that has an admin url associated with it. (Keycloak throws an exception when this one is called)pushRevocationPolicy❌Remove a specific user session.revokeUserSession✔️Test LDAP connectiontestLDAPConnection✔️Test SMTP connection with current logged in usertestSMTPConnection✔️Get User Management PermissionsgetUserManagementPermissions✔️Update User Management PermissionsupdateUserManagementPermissions✔️[Role Mapper](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_role_mapper_resource) ----------------------------------------------------------------------------------------------- [](#role-mapper) APIFunction NameSupportedGet role mappingsgetGroupRoleMappings✔️Add realm-level role mappings to the groupaddGlobalRolesToGroup✔️Get realm-level role mappingsgetGroupRealmRoleMappings✔️Delete realm-level role mappingsdeleteGroupRealmRoleMappings✔️Get realm-level roles that can be mappedgetAvailableGroupRealmRoleMappings✔️Get effective realm-level role mappings This will recurse all composite roles to get the result.getEffectiveGroupRealmRoleMappings✔️Get role mappingsgetUserRoleMappings✔️Add realm-level role mappings to the useraddGlobalRolesToUser✔️Get realm-level role mappingsgetUserRealmRoleMappings✔️Delete realm-level role mappingsdeleteUserRealmRoleMappings✔️Get realm-level roles that can be mappedgetAvailableUserRealmRoleMappings✔️Get effective realm-level role mappings This will recurse all composite roles to get the result.getEffectiveUserRealmRoleMappings✔️[Roles](https://www.keycloak.org/docs-api/7.0/rest-api/index.html#_roles_resource) ---------------------------------------------------------------------------------- [](#roles) APIFunction NameSupportedCreate a new role for the realm or client (Client Specific)createClientRole✔️Get all roles for the realm or client (Client Specific)getClientRoles✔️Get a role by name (Client Specific)getClientRole✔️Update a role by name (Client Specific)updateClientRole✔️Delete a role by name (Client Specific)deleteClientRole✔️Add a composite to the role (Client Specific)addCompositeRoleToClientRole✔️Get composites of the role (Client Specific)getClientRoleCompositeRoles✔️Remove roles from the role’s composite (Client Specific)deleteCompositeRoleFromClientRole✔️An app-level roles for the specified app for the role’s composite (Client Specific)getClientRoleCompositeRolesForClient✔️Get realm-level roles of the role’s composite (Client Specific)getClientRoleCompositeRolesForRealm✔️Return List of Groups that have the specified role name (Client Specific)getClientRoleGroups✔️Return object stating whether role Authoirzation permissions have been initialized or not and a reference (Client Specific)getClientRoleManagementPermissions✔️Update object stating whether role Authoirzation permissions have been initialized or not and a reference (Client Specific)updateClientRoleManagementPermissions✔️Return List of Users that have the specified role name (Client Specific)getClientRoleUsers✔️Create a new role for the realm or clientcreateRealmRole✔️Get all roles for the realm or clientgetRealmRoles✔️Get a role by namegetRealmRole✔️Update a role by nameupdateRealmRole✔️Delete a role by namedeleteRealmRole✔️Add a composite to the roleaddCompositeRoleToRealmRole✔️Get composites of the rolegetRealmRoleCompositeRoles✔️Remove roles from the role’s compositedeleteCompositeRoleFromRealmRole✔️An app-level roles for the specified app for the role’s compositegetRealmRoleCompositeRolesForClient✔️Get realm-level roles of the role’s compositegetRealmRoleCompositeRolesForRealm✔️Return List of Groups that have the specified role namegetRealmRoleGroups✔️Return object stating whether role Authoirzation permissions have been initialized or not and a referencegetRealmRoleManagementPermissions✔️Update object stating whether role Authoirzation permissions have been initialized or not and a referenceupdateRealmRoleManagementPermissions✔️Return List of Users that have the specified role namegetRealmRoleUsers✔️[Roles (by ID)](https://www.keycloak.org/docs-api/7.0/rest-api/index.html#_roles_by_id_resource) ------------------------------------------------------------------------------------------------ [](#roles-by-id) APIFunction NameSupportedGet a specific role’s representationgetRealmRoleById✔️Update the roleupdateRealmRoleById✔️Delete the roledeleteRealmRoleById✔️Make the role a composite role by associating some child rolesaddCompositeRoleToRealmRoleByRoleId✔️Get role’s children Returns a set of role’s children provided the role is a composite.getRealmRoleCompositeRolesByRoleId✔️Remove a set of roles from the role’s compositedeleteCompositeRoleFromRealmRoleByRoleId✔️Get client-level roles for the client that are in the role’s compositegetRealmRoleCompositeRolesForClientByRoleId✔️Get realm-level roles that are in the role’s compositegetRealmRoleCompositeRolesForRealmByRoleId✔️Return object stating whether role Authoirzation permissions have been initialized or not and a referencegetRealmRoleManagementPermissionsByRoleId✔️Return object stating whether role Authoirzation permissions have been initialized or not and a referenceupdateRealmRoleManagementPermissionsByRoleId✔️Scope Mappings ----------------------------- [](#scope-mappings) APIFunction NameSupportedGet all scope mappings for the client❌Add client-level roles to the client’s scope❌Get the roles associated with a client’s scope Returns roles for the client.❌Remove client-level roles from the client’s scope.❌The available client-level roles Returns the roles for the client that can be associated with the client’s scope❌Get effective client roles Returns the roles for the client that are associated with the client’s scope.❌Add a set of realm-level roles to the client’s scope❌Get realm-level roles associated with the client’s scope❌Remove a set of realm-level roles from the client’s scope❌Get realm-level roles that are available to attach to this client’s scope❌Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists.❌Get all scope mappings for the client❌Add client-level roles to the client’s scope❌Get the roles associated with a client’s scope Returns roles for the client.❌Remove client-level roles from the client’s scope.❌The available client-level roles Returns the roles for the client that can be associated with the client’s scope❌Get effective client roles Returns the roles for the client that are associated with the client’s scope.❌Add a set of realm-level roles to the client’s scope❌Get realm-level roles associated with the client’s scope❌Remove a set of realm-level roles from the client’s scope❌Get realm-level roles that are available to attach to this client’s scope❌Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists.❌User Storage Provider ------------------------------------ [](#user-storage-provider) APIFunction NameSupportedNeed this for admin console to display simple name of provider when displaying client detail KEYCLOAK-4328❌Need this for admin console to display simple name of provider when displaying user detail KEYCLOAK-4328❌Remove imported users❌Trigger sync of users Action can be "triggerFullSync" or "triggerChangedUsersSync"❌Unlink imported users from a storage provider❌Trigger sync of mapper data related to ldap mapper (roles, groups, …​) direction is "fedToKeycloak" or "keycloakToFed"❌Users -------------------- [](#users) APIFunction NameSupportedCreate a new user Username must be unique.createUser✔️Get users Returns a list of users, filtered according to query parametersgetUsers✔️GET /{realm}/users/countgetUserCount✔️Get representation of the usergetUser️️️✔️Update the userupdateUser️️️✔️Update partial data for the userupdatePartialUser️️️✔️Delete the userdeleteUser️️️✔️Get consents granted by the user❌Revoke consent and offline tokens for particular client from user❌Disable all credentials for a user of a specific type❌Send a update account email to the user An email contains a link the user can click to perform a set of required actions.executeActionsEmail✔️Get social logins associated with the user❌Add a social login provider to the user❌Remove a social login provider from user❌GET /{realm}/users/{id}/groupsgetUserGroups✔️GET /{realm}/users/{id}/groups/countgetUserGroupsCount✔️PUT /{realm}/users/{id}/groups/{groupId}addUserToGroup✔️DELETE /{realm}/users/{id}/groups/{groupId}deleteUserFromGroup✔️Impersonate the user❌Remove all user sessions associated with the user Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user.❌Get offline sessions associated with the user and client❌Remove TOTP from the user❌Set up a new password for the user.resetUserPassword✔️Send an email-verification email to the user An email contains a link the user can click to verify their email address.sendVerifyEmail✔️Get sessions associated with the user❌Root ------------------- [](#root) APIFunction NameSupportedGet themes, social providers, auth providers, and event listeners available on this server❌CORS preflight❌ ### Health Score 25 — LowBetter than 37% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity4 Limited adoption so far Community18 Small or concentrated contributor base Maturity55 Maturing project, gaining track record Bus Factor1 Top contributor holds 65.5% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~33 days Recently: every ~22 days Total 42 Last Release 1046d ago PHP version history (2 changes)v0.0.1PHP >=5.6.0 v0.40.0PHP >=5.5.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/517b6a01c0477def372f05667da8b6867a2d3e314e376f621c67af9692d2a657?d=identicon)[mustafstarlabs](/maintainers/mustafstarlabs) --- Top Contributors [![MohammadWaleed](https://avatars.githubusercontent.com/u/13835834?v=4)](https://github.com/MohammadWaleed "MohammadWaleed (114 commits)")[![syffer](https://avatars.githubusercontent.com/u/4788060?v=4)](https://github.com/syffer "syffer (12 commits)")[![oliverkroener](https://avatars.githubusercontent.com/u/4545439?v=4)](https://github.com/oliverkroener "oliverkroener (6 commits)")[![marc-farre](https://avatars.githubusercontent.com/u/23310825?v=4)](https://github.com/marc-farre "marc-farre (6 commits)")[![muhyextern](https://avatars.githubusercontent.com/u/128389174?v=4)](https://github.com/muhyextern "muhyextern (5 commits)")[![forfolias](https://avatars.githubusercontent.com/u/1847456?v=4)](https://github.com/forfolias "forfolias (4 commits)")[![El-Cesarito](https://avatars.githubusercontent.com/u/59838014?v=4)](https://github.com/El-Cesarito "El-Cesarito (4 commits)")[![korridor](https://avatars.githubusercontent.com/u/26689068?v=4)](https://github.com/korridor "korridor (3 commits)")[![foliengriller](https://avatars.githubusercontent.com/u/24498435?v=4)](https://github.com/foliengriller "foliengriller (2 commits)")[![mrdj07](https://avatars.githubusercontent.com/u/400701?v=4)](https://github.com/mrdj07 "mrdj07 (2 commits)")[![fabiofreterapido](https://avatars.githubusercontent.com/u/69166557?v=4)](https://github.com/fabiofreterapido "fabiofreterapido (2 commits)")[![Gwemox](https://avatars.githubusercontent.com/u/9432727?v=4)](https://github.com/Gwemox "Gwemox (2 commits)")[![xhezairbey](https://avatars.githubusercontent.com/u/463095?v=4)](https://github.com/xhezairbey "xhezairbey (2 commits)")[![zluiten](https://avatars.githubusercontent.com/u/1336070?v=4)](https://github.com/zluiten "zluiten (1 commits)")[![dgoosens](https://avatars.githubusercontent.com/u/1250047?v=4)](https://github.com/dgoosens "dgoosens (1 commits)")[![fidesio-xavier-masson](https://avatars.githubusercontent.com/u/8364667?v=4)](https://github.com/fidesio-xavier-masson "fidesio-xavier-masson (1 commits)")[![grachevko](https://avatars.githubusercontent.com/u/8628465?v=4)](https://github.com/grachevko "grachevko (1 commits)")[![leyarotheconquerer](https://avatars.githubusercontent.com/u/1657524?v=4)](https://github.com/leyarotheconquerer "leyarotheconquerer (1 commits)")[![mega](https://avatars.githubusercontent.com/u/107232?v=4)](https://github.com/mega "mega (1 commits)")[![micbis](https://avatars.githubusercontent.com/u/7167030?v=4)](https://github.com/micbis "micbis (1 commits)") ### Embed Badge ![Health badge](/badges/mustafstarlabs-keycloak-admin-client/health.svg) ``` [![Health](https://phpackages.com/badges/mustafstarlabs-keycloak-admin-client/health.svg)](https://phpackages.com/packages/mustafstarlabs-keycloak-admin-client) ``` ### Alternatives [josiasmontag/laravel-recaptchav3 Recaptcha V3 for Laravel package 2641.6M2](/packages/josiasmontag-laravel-recaptchav3)[mohammad-waleed/keycloak-admin-client Connect to keycloak admin api easily 106674.5k](/packages/mohammad-waleed-keycloak-admin-client)[simplesamlphp/simplesamlphp-module-oidc A SimpleSAMLphp module adding support for the OpenID Connect protocol 5016.9k1](/packages/simplesamlphp-simplesamlphp-module-oidc)[kinde-oss/kinde-auth-php Kinde PHP SDK for authentication 2369.5k3](/packages/kinde-oss-kinde-auth-php)[descope/descope-php Descope SDK for PHP 3814.0k](/packages/descope-descope-php)[njoguamos/laravel-turnstile A laravel wrapper for https://developers.cloudflare.com/turnstile/ 2315.9k2](/packages/njoguamos-laravel-turnstile) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)