PHPackages slps970093/keycloak-admin-client - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [API Development](/categories/api) 4. / 5. slps970093/keycloak-admin-client ActiveLibrary[API Development](/categories/api) slps970093/keycloak-admin-client ================================ Connect to keycloak admin api easily v0.38.1(6mo ago)08MITPHPPHP >=7.1 Since Nov 3Pushed 6mo agoCompare [ Source](https://github.com/slps970093/keycloak-admin-client)[ Packagist](https://packagist.org/packages/slps970093/keycloak-admin-client)[ RSS](/packages/slps970093-keycloak-admin-client/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (2)Versions (2)Used By (0) fork this project [link](https://github.com/MohammadWaleed/keycloak-admin-client) - [Introduction](#introduction) - [How to use](#how-to-use) - [Customization](#customization) - [Supported APIs](#supported-apis) - [Attack Detection](#attack-detection) - [Authentication Management](#authentication-management) - [Client Attribute Certificate](#client-attribute-certificate) - [Client Initial Access](#client-initial-access) - [Client Registration Policy](#client-registration-policy) - [Client Role Mappings](#client-role-mappings) - [Client Scopes](#client-scopes) - [Clients](#clients) - [Component](#component) - [Groups](#groups) - [Identity Providers](#identity-providers) - [Key](#key) - [Protocol Mappers](#protocol-mappers) - [Realms Admin](#realms-admin) - [Role Mapper](#role-mapper) - [Roles](#roles) - [Roles (by ID)](#roles-by-id) - [Scope Mappings](#scope-mappings) - [User Storage Provider](#user-storage-provider) - [Users](#users) - [Root](#root) Introduction ============ [](#introduction) This is a php client to connect to keycloak admin rest apis with no headache. Features: 1. Easy to use 2. No need to get token or generate it - it's already handled by the client 3. No need to specify any urls other than the base uri 4. No encode/decode for json just data as you expect Works with Keycloak 7.0+ admin REST API. -> "Administration REST API" How to use ========== [](#how-to-use) #### 1. Create new client [](#1-create-new-client) ``` $client = Keycloak\Admin\KeycloakClient::factory([ 'realm' => 'master', 'username' => 'admin', 'password' => '1234', 'client_id' => 'admin-cli', 'baseUri' => 'http://127.0.0.1:8180', ]); ``` Since version 0.30, if your Keycloak base URL starts with `auth/`, add it to `baseUri` (e.g. ). Base URL for Keycloak versions 7 to 16 have systematically `auth/`. On Keycloak 17+ it depends on your settings. #### 2. Use it [](#2-use-it) ``` $client->getUsers(); //Result // Array of users /* [ [ "id" => "39839a9b-de08-4d2c-b91a-a6ce2595b1f3", "createdTimestamp" => 1571663375749, "username" => "admin", "enabled" => true, "totp" => false, "emailVerified" => false, "disableableCredentialTypes" => [ "password", ], "requiredActions" => [], "notBefore" => 0, "access" => [ "manageGroupMembership" => true, "view" => true, "mapRoles" => true, "impersonate" => true, "manage" => true, ], ], ] */ $client->createUser([ 'username' => 'test', 'email' => 'test@test.com', 'enabled' => true, 'credentials' => [ [ 'type'=>'password', 'value'=>'1234', ], ], ]); ``` Customization ============= [](#customization) ### Supported credentials [](#supported-credentials) It is possible to change the credential's type used to authenticate by changing the configuration of the keycloak client. Currently, the following credentials are supported - password credentials, used by default - to authenticate with a user account ``` $client = Keycloak\Admin\KeycloakClient::factory([ ... 'grant_type' => 'password', 'username' => 'admin', 'password' => '1234', ]); ``` - client credentials - to authenticate with a client service account ``` $client = Keycloak\Admin\KeycloakClient::factory([ ... 'grant_type' => 'client_credentials', 'client_id' => 'admin-cli', 'client_secret' => '84ab3d98-a0c3-44c7-b532-306f222ce1ff', ]); ``` ### Injecting middleware [](#injecting-middleware) It is possible to inject [Guzzle client middleware](https://docs.guzzlephp.org/en/stable/handlers-and-middleware.html#middleware)in the keycloak client configuration using the `middlewares` keyword. For example: ``` use GuzzleHttp\Middleware; use Psr\Http\Message\RequestInterface; $client = Keycloak\Admin\KeycloakClient::factory([ ... 'middlewares' => [ // throws exceptions when request fails Middleware::httpErrors(), // other custom middlewares Middleware::mapRequest(function (RequestInterface $request) { return $request; }), ], ]); ``` ### Changing how the token is saved and stored [](#changing-how-the-token-is-saved-and-stored) By default, the token is saved at runtime. This means that the previous token is not used when creating a new client. You can customize how the token is stored in the client configuration by implementing your own `TokenStorage`, an interface which describes how the token is stored and retrieved. ``` class CustomTokenStorage implements TokenStorage { public function getToken() { // TODO } public function saveToken(array $token) { // TODO } } $client = Keycloak\Admin\KeycloakClient::factory([ ... 'token_storage' => new CustomTokenStorage(), ]); ``` ### Custom Keycloak endpoints [](#custom-keycloak-endpoints) It is possible to inject [Guzzle Service Operations](https://guzzle3.readthedocs.io/webservice-client/guzzle-service-descriptions.html#operations)in the keycloak client configuration using the `custom_operations` keyword. This way you can extend the built-in supported endpoints with custom. ``` $client = KeycloakClient::factory([ ... 'custom_operations' => [ 'getUsersByAttribute' => [ 'uri' => '/auth/realms/{realm}/userapi-rest/users/search-by-attr', 'description' => 'Get users by attribute Returns a list of users, filtered according to query parameters', 'httpMethod' => 'GET', 'parameters' => [ 'realm' => [ 'location' => 'uri', 'description' => 'The Realm name', 'type' => 'string', 'required' => true, ], 'attr' => [ 'location' => 'query', 'type' => 'string', 'required' => true, ], 'value' => [ 'location' => 'query', 'type' => 'string', 'required' => true, ], ], ], ] ]); ``` Supported APIs ============== [](#supported-apis) [Attack Detection](https://www.keycloak.org/docs-api/7.0/rest-api/index.html#_attack_detection_resource) -------------------------------------------------------------------------------------------------------- [](#attack-detection) APIFunction NameSupportedClear any user login failures for all users This can release temporary disabled usersclearAllLoginFailures✔️Get status of a username in brute force detectiongetBruteForceUserStatus✔️Clear any user login failures for the user This can release temporary disabled userclearUserLoginFailures✔️[Authentication Management](https://www.keycloak.org/docs-api/7.0/rest-api/index.html#_authentication_management_resource) -------------------------------------------------------------------------------------------------------------------------- [](#authentication-management) APIFunction NameSupportedGet authenticator providers Returns a list of authenticator providers.getAuthenticatorProviders✔️Get client authenticator providers Returns a list of client authenticator providers.getClientAuthenticatorProviders✔️Get authenticator provider’s configuration descriptiongetAuthenticatorConfigInfo✔️Get authenticator configurationgetAuthenticatorConfig✔️Update authenticator configurationupdateAuthenticatorConfig✔️Delete authenticator configurationdeleteAuthenticatorConfig✔️Add new authentication executioncreateAuthenticationExecution✔️Get Single ExecutiongetAuthenticationExecution✔️Delete executiondeleteAuthenticationExecution✔️Update execution with new configurationupdateAuthenticationExecution✔️Lower execution’s prioritylowerAuthenticationExecutionPriority✔️Raise execution’s priorityraiseAuthenticationExecutionPriority✔️Create a new authentication flowcreateAuthenticationFlow✔️Get authentication flows Returns a list of authentication flows.getAuthenticationFlows✔️Copy existing authentication flow under a new name The new name is given as 'newName' attribute of the passed JSON objectcopyAuthenticationFlow✔️Get authentication executions for a flowgetAuthenticationFlowExecutions✔️Update authentication executions for a flowupdateAuthenticationFlowExecutions✔️Add new authentication execution to a flowcreateAuthenticationFlowExecution✔️Add new flow with new execution to existing flowaddAuthenticationFlowExecution✔️Get authentication flow for idgetAuthenticationFlow✔️Update authentication flow for idupdateAuthenticationFlow✔️Delete an authentication flowdeleteAuthenticationFlow✔️Get form action providers Returns a list of form action providers.getFormActionProviders✔️Get form providers Returns a list of form providers.getFormProviders✔️Get configuration descriptions for all clientsgetClientsConfigDescriptions✔️Register a new required actionscreateRequiredAction✔️Get required actions Returns a list of required actions.getRequiredActions✔️Get required action for aliasgetAliasRequiredAction✔️Update required actionupdateRequiredAction✔️Delete required actiondeleteRequiredAction✔️Lower required action’s prioritylowerRequiredActionPriority✔️Raise required action’s priorityraiseRequiredActionPriority✔️Get unregistered required actions Returns a list of unregistered required actions.getUnregisteredRequiredActions✔️[Client Attribute Certificate](https://www.keycloak.org/docs-api/7.0/rest-api/index.html#_client_attribute_certificate_resource) -------------------------------------------------------------------------------------------------------------------------------- [](#client-attribute-certificate) APIFunction NameSupportedGet key info (try with attr = "jwt.credential")getClientKeyInfo✔️Get a keystore file for the client, containing private key and public certificate (note: write response content to a file)getClientKeyStore✔️Generate a new certificate with new key pairgenerateClientCertificate✔️Generate a new keypair and certificate, and get the private key file Generates a keypair and certificate and serves the private key in a specified keystore format.generateDownloadClientCertificate✔️Upload certificate and eventually private keyuploadClientCertificateAndPrivateKey✔️Upload only certificate, not private keyuploadClientCertificateOnly✔️[Client Initial Access](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_client_initial_access_resource) ------------------------------------------------------------------------------------------------------------------- [](#client-initial-access) APIFunction NameSupportedCreate a new initial access token.createClientInitialAccessToken✔️GET /{realm}/clients-initial-accessgetClientInitialAccessTokens✔️DELETE /{realm}/clients-initial-access/{id}deleteClientInitialAccessToken✔️[Client Registration Policy](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_client_registration_policy_resource) ----------------------------------------------------------------------------------------------------------------------------- [](#client-registration-policy) APIFunction NameSupportedBase path for retrieve providers with the configProperties properly filledgetClientRegistrationPolicyProviders✔️[Client Role Mappings](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_client_role_mappings_resource) ----------------------------------------------------------------------------------------------------------------- [](#client-role-mappings) APIFunction NameSupportedAdd client-level roles to the group role mappingaddGroupClientRoleMappings✔️Get client-level role mappings for the group, and the appgetGroupClientRoleMappings✔️Delete client-level roles from group role mappingdeleteGroupClientRoleMappings✔️Get available client-level roles that can be mapped to the groupgetAvailableGroupClientRoleMappings✔️Get effective client-level role mappings This recurses any composite roles for groupsgetGroupClientRoleMappingsWithComposite✔️Add client-level roles to the user role mappingaddUserClientRoleMappings✔️Get client-level role mappings for the user, and the appgetUserClientRoleMappings✔️Delete client-level roles from user role mappingdeleteUserClientRoleMappings✔️Get available client-level roles that can be mapped to the usergetAvailableUserClientRoleMappings✔️Get effective client-level role mappings This recurses any composite roles for usersgetUserClientRoleMappingsWithComposite✔️[Client Scopes](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_client_scopes_resource) --------------------------------------------------------------------------------------------------- [](#client-scopes) APIFunction NameSupportedCreate a new client scope Client Scope’s name must be unique!createClientScope✔️Get client scopes belonging to the realm Returns a list of client scopes belonging to the realmgetClientScopes✔️Get representation of the client scopegetClientScope✔️Update the client scopeupdateClientScope✔️Delete the client scopedeleteClientScope✔️[Clients](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_clients_resource) --------------------------------------------------------------------------------------- [](#clients) APIFunction NameSupportedCreate a new client Client’s client\_id must be unique!createClient✔️Get clients belonging to the realm Returns a list of clients belonging to the realmgetClients✔️Get representation of the clientgetClient✔️Update the clientupdateClient✔️Delete the clientdeleteClient✔️Generate a new secret for the clientgenerateClientSecret✔️Get the client secretgetClientSecret✔️Get default client scopes.getClientDefaultScopes✔️Set client scope as default scopesetClientScopeAsDefault✔️Set client scope as optional scopesetClientScopeAsOptional✔️Remove client scope from default scopesremoveClientScopeAsDefault✔️Remove client scope from optional scopesremoveClientScopeAsOptional✔️Create JSON with payload of example access tokengetClientExampleAccessToken✔️Return list of all protocol mappers, which will be used when generating tokens issued for particular client.getClientProtocolMappers✔️Get effective scope mapping of all roles of particular role container, which this client is defacto allowed to have in the accessToken issued for him.getClientAllowedRoleMappingsInContainer✔️Get roles, which this client doesn’t have scope for and can’t have them in the accessToken issued for him.getClientNotAllowedRoleMappingsInContainer✔️Generate client adapter configuration takes one of these (keycloak-oidc-keycloak-json, keycloak-oidc-jboss-subsystem-cli, keycloak-oidc-jboss-subsystem, keycloak-saml, keycloak-saml-subsystem-cli, keycloak-saml-subsystem)getClientInstallationConfiguration✔️Return object stating whether client Authorization permissions have been initialized or not and a referencegetClientAuthorizationPermissionsStatus✔️Update client Authorization permissions initialization and a referenceupdateClientAuthorizationPermissionsStatus✔️Register a cluster node with the client Manually register cluster node to this client - usually it’s not needed to call this directly as adapter should handle by sending registration request to KeycloakregisterClientClusterNode✔️Unregister a cluster node from the clientunregisterClientClusterNode✔️Get application offline session count Returns a number of offline user sessions associated with this client { "count": number }getClientOfflineSessionsCount✔️Get offline sessions for client Returns a list of offline user sessions associated with this clientgetClientOfflineSessions✔️Get optional client scopes.getClientOptionalScopes✔️Assign client optional scopeassignClientOptionalScope✔️remove client optional scope assignmentunassignClientOptionalScope✔️Push the client’s revocation policy to its admin URL If the client has an admin URL, push revocation policy to it.pushClientRevocationPolicy✔️Generate a new registration access token for the clientgenerateClientRegistrationToken✔️Get a user dedicated to the service accountgetServiceAccountDedicatedUser✔️Get application session count Returns a number of user sessions associated with this client { "count": number }getClientSessionsCount✔️Test if registered cluster nodes are available Tests availability by sending 'ping' request to all cluster nodes.testClientNodesAvailability✔️Get user sessions for client Returns a list of user sessions associated with this clientgetClientSessions✔️[Component](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_component_resource) ------------------------------------------------------------------------------------------- [](#component) APIFunction NameSupportedCreate new componentcreateComponent✔️Get componentsgetComponents✔️Get componentgetComponent✔️Update componentupdateComponent✔️Delete componentdeleteComponent✔️List of subcomponent types that are available to configure for a particular parent component.getComponentSubTypes✔️[Groups](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_groups_resource) ------------------------------------------------------------------------------------- [](#groups) APIFunction NameSupportedcreate or add a top level realm groupSet or create child.createGroup✔️Get group hierarchy.getGroups✔️Returns the groups counts.getGroupsCount✔️Get GroupgetGroup✔️Get Group Children (subgroups)getGroupChildren✔️Update group, ignores subgroups.updateGroup✔️Delete GroupremoveGroup✔️Set or create child.createChildGroup✔️Return object stating whether client Authorization permissions have been initialized or not and a referencegetGroupManagementPermissions✔️Return object stating whether client Authorization permissions have been initialized or not and a referenceupdateGroupManagementPermissions✔️Get users Returns a list of users, filtered according to query parametersgetGroupMembers✔️[Identity Providers](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_identity_providers_resource) ------------------------------------------------------------------------------------------------------------- [](#identity-providers) APIFunction NameSupportedImport identity provider from uploaded JSON fileimportIdentityProvider✔️Create a new identity providercreateIdentityProvider✔️Get identity providersgetIdentityProviders✔️Get the identity providergetIdentityProvider✔️Update the identity providerupdateIdentityProvider✔️Delete the identity providerdeleteIdentityProvider✔️Export public broker configuration for identity providerexportIdentityProviderBrokerConfig✔️Return object stating whether client Authorization permissions have been initialized or not and a referencegetIdentityProviderManagementPermissions✔️Return object stating whether client Authorization permissions have been initialized or not and a referenceupdateIdentityProviderManagementPermissions✔️Get mapper types for identity provider (Keycloak gives exception report it)getIdentityProviderMapperTypes✔️Add a mapper to identity providercreateIdentityProviderMapper✔️Get mappers for identity providergetIdentityProviderMappers✔️Get mapper by id for the identity providergetIdentityProviderMapper✔️Update a mapper for the identity provider (not working for some reason gives Null Pointer Exception)updateIdentityProviderMapper✔️Delete a mapper for the identity providerdeleteIdentityProviderMapper✔️Get identity providersgetIdentityProviderById✔️[Key](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_key_resource) ------------------------------------------------------------------------------- [](#key) APIFunction NameSupportedGet Realm keysgetRealmKeys✔️[Protocol Mappers](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_protocol_mappers_resource) --------------------------------------------------------------------------------------------------------- [](#protocol-mappers) Note: Ids are sent as clientScopeId or clientId and mapperId everything else is just as the keycloak documentation APIFunction NameSupportedCreate multiple mapperscreateClientScopeProtocolMappers✔️Create a mappercreateClientScopeProtocolMapper✔️Get mappersgetClientScopeProtocolMappers✔️Get mapper by idgetClientScopeProtocolMapperById✔️Update the mapperupdateClientScopeProtocolMapper✔️Delete the mapperdeleteClientScopeProtocolMapper✔️Get mappers by name for a specific protocolgetClientScopeProtocolMappersByProtocolName✔️Create multiple mapperscreateClientProtocolMappers✔️Create a mappercreateClientProtocolMapper✔️Get mappersgetClientProtocolMappers✔️Get mapper by idgetClientProtocolMapperById✔️Update the mapperupdateClientProtocolMapper✔️Delete the mapperdeleteClientProtocolMapper✔️Get mappers by name for a specific protocolgetClientProtocolMappersByProtocolName✔️[Realms Admin](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_realms_admin_resource) ------------------------------------------------------------------------------------------------- [](#realms-admin) APIFunction NameSupportedGet accessible realms Returns a list of accessible realms. The list is filtered based on what realms the caller is allowed to view.getRealms✔️Import a realm Imports a realm from a full representation of that realm.importRealm✔️Get the top-level representation of the realm It will not include nested information like User and Client representations.getRealm✔️Update the top-level information of the realm Any user, roles or client information in the representation will be ignored.updateRealm✔️Delete the realmdeleteRealm✔️Get admin events Returns all admin events, or filters events based on URL query parameters listed heregetAdminEvents✔️Delete all admin eventsdeleteAdminEvents✔️Clear cache of external public keys (Public keys of clients or Identity providers)clearExternalPublicKeysCache✔️Clear realm cacheclearRealmCache✔️Clear user cacheclearUserCache✔️Base path for importing clients under this realm.importClient✔️Get client session stats Returns a JSON map.getClientsSessionStats✔️GET /{realm}/credential-registratorsgetCredentialRegistrators✔️Get realm default client scopes.getDefaultClientScopes✔️PUT /{realm}/default-default-client-scopes/{clientScopeId}setScopeAsDefaultClientScope✔️DELETE /{realm}/default-default-client-scopes/{clientScopeId}unsetScopeAsDefaultClientScope✔️Get group hierarchy.getDefaultGroupHierarchy✔️PUT /{realm}/default-groups/{groupId}setGroupAsDefaultGroup✔️DELETE /{realm}/default-groups/{groupId}unsetGroupAsDefaultGroup✔️Get realm optional client scopes.getOptionalClientScopes✔️PUT /{realm}/default-optional-client-scopes/{clientScopeId}setScopeAsOptionalClientScope✔️DELETE /{realm}/default-optional-client-scopes/{clientScopeId}unsetScopeAsOptionalClientScope✔️Get events Returns all events, or filters them based on URL query parameters listed heregetAllEvents✔️Delete all eventsdeleteAllEvents✔️Get the events provider configuration Returns JSON object with events provider configurationgetEventsConfig✔️Update the events provider Change the events provider and/or its configurationupdateEventsConfig✔️Get user group by pathgetGroupByPath✔️GET /{realm}/localizationgetLocalizationLocales✔️POST /{realm}/localization/{locale}updateLocalizationTexts✔️GET /{realm}/localization/{locale}getLocalizationTexts✔️DELETE /{realm}/localization/{locale}deleteLocalizationTexts✔️GET /{realm}/localization/{locale}/{key}getLocalizationText✔️PUT /{realm}/localization/{locale}/{key}saveLocalizationText✔️Removes all user sessions. (Keycloak throws an exception when this one is called)logoutAllUsers❌Partial export of existing realm into a JSON file.partialExportRealm✔️Partial import from a JSON file to an existing realm.partialImportRealm✔️Push the realm’s revocation policy to any client that has an admin url associated with it. (Keycloak throws an exception when this one is called)pushRevocationPolicy❌Remove a specific user session.revokeUserSession✔️Test LDAP connectiontestLDAPConnection✔️Test SMTP connection with current logged in usertestSMTPConnection✔️Get User Management PermissionsgetUserManagementPermissions✔️Update User Management PermissionsupdateUserManagementPermissions✔️[Role Mapper](https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_role_mapper_resource) ----------------------------------------------------------------------------------------------- [](#role-mapper) APIFunction NameSupportedGet role mappingsgetGroupRoleMappings✔️Add realm-level role mappings to the groupaddGlobalRolesToGroup✔️Get realm-level role mappingsgetGroupRealmRoleMappings✔️Delete realm-level role mappingsdeleteGroupRealmRoleMappings✔️Get realm-level roles that can be mappedgetAvailableGroupRealmRoleMappings✔️Get effective realm-level role mappings This will recurse all composite roles to get the result.getEffectiveGroupRealmRoleMappings✔️Get role mappingsgetUserRoleMappings✔️Add realm-level role mappings to the useraddGlobalRolesToUser✔️Get realm-level role mappingsgetUserRealmRoleMappings✔️Delete realm-level role mappingsdeleteUserRealmRoleMappings✔️Get realm-level roles that can be mappedgetAvailableUserRealmRoleMappings✔️Get effective realm-level role mappings This will recurse all composite roles to get the result.getEffectiveUserRealmRoleMappings✔️[Roles](https://www.keycloak.org/docs-api/7.0/rest-api/index.html#_roles_resource) ---------------------------------------------------------------------------------- [](#roles) APIFunction NameSupportedCreate a new role for the realm or client (Client Specific)createClientRole✔️Get all roles for the realm or client (Client Specific)getClientRoles✔️Get a role by name (Client Specific)getClientRole✔️Update a role by name (Client Specific)updateClientRole✔️Delete a role by name (Client Specific)deleteClientRole✔️Add a composite to the role (Client Specific)addCompositeRoleToClientRole✔️Get composites of the role (Client Specific)getClientRoleCompositeRoles✔️Remove roles from the role’s composite (Client Specific)deleteCompositeRoleFromClientRole✔️An app-level roles for the specified app for the role’s composite (Client Specific)getClientRoleCompositeRolesForClient✔️Get realm-level roles of the role’s composite (Client Specific)getClientRoleCompositeRolesForRealm✔️Return List of Groups that have the specified role name (Client Specific)getClientRoleGroups✔️Return object stating whether role Authoirzation permissions have been initialized or not and a reference (Client Specific)getClientRoleManagementPermissions✔️Update object stating whether role Authoirzation permissions have been initialized or not and a reference (Client Specific)updateClientRoleManagementPermissions✔️Return List of Users that have the specified role name (Client Specific)getClientRoleUsers✔️Create a new role for the realm or clientcreateRealmRole✔️Get all roles for the realm or clientgetRealmRoles✔️Get a role by namegetRealmRole✔️Update a role by nameupdateRealmRole✔️Delete a role by namedeleteRealmRole✔️Add a composite to the roleaddCompositeRoleToRealmRole✔️Get composites of the rolegetRealmRoleCompositeRoles✔️Remove roles from the role’s compositedeleteCompositeRoleFromRealmRole✔️An app-level roles for the specified app for the role’s compositegetRealmRoleCompositeRolesForClient✔️Get realm-level roles of the role’s compositegetRealmRoleCompositeRolesForRealm✔️Return List of Groups that have the specified role namegetRealmRoleGroups✔️Return object stating whether role Authoirzation permissions have been initialized or not and a referencegetRealmRoleManagementPermissions✔️Update object stating whether role Authoirzation permissions have been initialized or not and a referenceupdateRealmRoleManagementPermissions✔️Return List of Users that have the specified role namegetRealmRoleUsers✔️[Roles (by ID)](https://www.keycloak.org/docs-api/7.0/rest-api/index.html#_roles_by_id_resource) ------------------------------------------------------------------------------------------------ [](#roles-by-id) APIFunction NameSupportedGet a specific role’s representationgetRealmRoleById✔️Update the roleupdateRealmRoleById✔️Delete the roledeleteRealmRoleById✔️Make the role a composite role by associating some child rolesaddCompositeRoleToRealmRoleByRoleId✔️Get role’s children Returns a set of role’s children provided the role is a composite.getRealmRoleCompositeRolesByRoleId✔️Remove a set of roles from the role’s compositedeleteCompositeRoleFromRealmRoleByRoleId✔️Get client-level roles for the client that are in the role’s compositegetRealmRoleCompositeRolesForClientByRoleId✔️Get realm-level roles that are in the role’s compositegetRealmRoleCompositeRolesForRealmByRoleId✔️Return object stating whether role Authoirzation permissions have been initialized or not and a referencegetRealmRoleManagementPermissionsByRoleId✔️Return object stating whether role Authoirzation permissions have been initialized or not and a referenceupdateRealmRoleManagementPermissionsByRoleId✔️Scope Mappings ----------------------------- [](#scope-mappings) APIFunction NameSupportedGet all scope mappings for the client❌Add client-level roles to the client’s scope❌Get the roles associated with a client’s scope Returns roles for the client.❌Remove client-level roles from the client’s scope.❌The available client-level roles Returns the roles for the client that can be associated with the client’s scope❌Get effective client roles Returns the roles for the client that are associated with the client’s scope.❌Add a set of realm-level roles to the client’s scope❌Get realm-level roles associated with the client’s scope❌Remove a set of realm-level roles from the client’s scope❌Get realm-level roles that are available to attach to this client’s scope❌Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists.❌Get all scope mappings for the client❌Add client-level roles to the client’s scope❌Get the roles associated with a client’s scope Returns roles for the client.❌Remove client-level roles from the client’s scope.❌The available client-level roles Returns the roles for the client that can be associated with the client’s scope❌Get effective client roles Returns the roles for the client that are associated with the client’s scope.❌Add a set of realm-level roles to the client’s scope❌Get realm-level roles associated with the client’s scope❌Remove a set of realm-level roles from the client’s scope❌Get realm-level roles that are available to attach to this client’s scope❌Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists.❌User Storage Provider ------------------------------------ [](#user-storage-provider) APIFunction NameSupportedNeed this for admin console to display simple name of provider when displaying client detail KEYCLOAK-4328❌Need this for admin console to display simple name of provider when displaying user detail KEYCLOAK-4328❌Remove imported users❌Trigger sync of users Action can be "triggerFullSync" or "triggerChangedUsersSync"❌Unlink imported users from a storage provider❌Trigger sync of mapper data related to ldap mapper (roles, groups, …​) direction is "fedToKeycloak" or "keycloakToFed"❌Users -------------------- [](#users) APIFunction NameSupportedCreate a new user Username must be unique.createUser✔️Get users Returns a list of users, filtered according to query parametersgetUsers✔️GET /{realm}/users/countgetUserCount✔️Get representation of the usergetUser️️️✔️Update the userupdateUser️️️✔️Delete the userdeleteUser️️️✔️Get consents granted by the user️✔️Revoke consent and offline tokens for particular client from user❌Disable all credentials for a user of a specific type❌Send a update account email to the user An email contains a link the user can click to perform a set of required actions.executeActionsEmail✔️Get social logins associated with the user✔️Add a social login provider to the user✔️Remove a social login provider from user✔️GET /{realm}/users/{id}/groupsgetUserGroups✔️GET /{realm}/users/{id}/groups/countgetUserGroupsCount✔️PUT /{realm}/users/{id}/groups/{groupId}addUserToGroup✔️DELETE /{realm}/users/{id}/groups/{groupId}deleteUserFromGroup✔️Impersonate the userimpersonateUser✔️Remove all user sessions associated with the user Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user.logoutUser✔️Get offline sessions associated with the user and client❌Remove TOTP from the user❌Set up a new password for the user.resetUserPassword✔️Send an email-verification email to the user An email contains a link the user can click to verify their email address.sendVerifyEmail✔️Get sessions associated with the usergetUserSessions✔️Get credentials associated with the usergetUserCredentials✔️Delete credential associated with the userdeleteUserCredential✔️Root ------------------- [](#root) APIFunction NameSupportedGet themes, social providers, auth providers, and event listeners available on this server❌CORS preflight❌ ### Health Score 28 — LowBetter than 54% of packages Maintenance72 Regular maintenance activity Popularity5 Limited adoption so far Community18 Small or concentrated contributor base Maturity19 Early-stage or recently created project Bus Factor1 Top contributor holds 65.2% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 187d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/b20f2725e446732545c1e4cff778e24a493de4b09707b97ae902aaf192717503?d=identicon)[slps970093](/maintainers/slps970093) --- Top Contributors [![MohammadWaleed](https://avatars.githubusercontent.com/u/13835834?v=4)](https://github.com/MohammadWaleed "MohammadWaleed (122 commits)")[![syffer](https://avatars.githubusercontent.com/u/4788060?v=4)](https://github.com/syffer "syffer (12 commits)")[![marc-farre](https://avatars.githubusercontent.com/u/23310825?v=4)](https://github.com/marc-farre "marc-farre (6 commits)")[![oliverkroener](https://avatars.githubusercontent.com/u/4545439?v=4)](https://github.com/oliverkroener "oliverkroener (6 commits)")[![micbis](https://avatars.githubusercontent.com/u/7167030?v=4)](https://github.com/micbis "micbis (4 commits)")[![El-Cesarito](https://avatars.githubusercontent.com/u/59838014?v=4)](https://github.com/El-Cesarito "El-Cesarito (4 commits)")[![foliengriller](https://avatars.githubusercontent.com/u/24498435?v=4)](https://github.com/foliengriller "foliengriller (4 commits)")[![forfolias](https://avatars.githubusercontent.com/u/1847456?v=4)](https://github.com/forfolias "forfolias (4 commits)")[![korridor](https://avatars.githubusercontent.com/u/26689068?v=4)](https://github.com/korridor "korridor (3 commits)")[![mrdj07](https://avatars.githubusercontent.com/u/400701?v=4)](https://github.com/mrdj07 "mrdj07 (2 commits)")[![xhezairbey](https://avatars.githubusercontent.com/u/463095?v=4)](https://github.com/xhezairbey "xhezairbey (2 commits)")[![slps970093](https://avatars.githubusercontent.com/u/8385770?v=4)](https://github.com/slps970093 "slps970093 (2 commits)")[![fabiofreterapido](https://avatars.githubusercontent.com/u/69166557?v=4)](https://github.com/fabiofreterapido "fabiofreterapido (2 commits)")[![Gwemox](https://avatars.githubusercontent.com/u/9432727?v=4)](https://github.com/Gwemox "Gwemox (2 commits)")[![zluiten](https://avatars.githubusercontent.com/u/1336070?v=4)](https://github.com/zluiten "zluiten (1 commits)")[![dgoosens](https://avatars.githubusercontent.com/u/1250047?v=4)](https://github.com/dgoosens "dgoosens (1 commits)")[![fidesio-xavier-masson](https://avatars.githubusercontent.com/u/8364667?v=4)](https://github.com/fidesio-xavier-masson "fidesio-xavier-masson (1 commits)")[![grachevko](https://avatars.githubusercontent.com/u/8628465?v=4)](https://github.com/grachevko "grachevko (1 commits)")[![jphooiveld-axtion](https://avatars.githubusercontent.com/u/124688698?v=4)](https://github.com/jphooiveld-axtion "jphooiveld-axtion (1 commits)")[![leyarotheconquerer](https://avatars.githubusercontent.com/u/1657524?v=4)](https://github.com/leyarotheconquerer "leyarotheconquerer (1 commits)") ### Embed Badge ![Health badge](/badges/slps970093-keycloak-admin-client/health.svg) ``` [![Health](https://phpackages.com/badges/slps970093-keycloak-admin-client/health.svg)](https://phpackages.com/packages/slps970093-keycloak-admin-client) ``` ### Alternatives [tencentcloud/tencentcloud-sdk-php TencentCloudApi php sdk 3731.2M42](/packages/tencentcloud-tencentcloud-sdk-php)[convertkit/convertkitapi Kit PHP SDK for the Kit API 2167.1k1](/packages/convertkit-convertkitapi)[mapado/rest-client-sdk Rest Client SDK for hydra API 1125.9k2](/packages/mapado-rest-client-sdk) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)