keycloak.keycloak_admin

The keycloak admin module.

Module Contents

Classes

KeycloakAdmin

Keycloak Admin client.
class keycloak.keycloak_admin.KeycloakAdmin(server_url=None, username=None, password=None, token=None, totp=None, realm_name='master', client_id='admin-cli', verify=True, client_secret_key=None, custom_headers=None, user_realm_name=None, auto_refresh_token=None, timeout=60, connection: keycloak.openid_connection.KeycloakOpenIDConnection | None = None)[source]

Keycloak Admin client.

Parameters:

  • server_url (str) – Keycloak server url

  • username (str) – admin username

  • password (str) – admin password

  • token (dict) – access and refresh tokens

  • totp (str) – Time based OTP

  • realm_name (str) – realm name

  • client_id (str) – client id

  • verify (Union[bool,str]) – Boolean value to enable or disable certificate validation or a string containing a path to a CA bundle to use

  • client_secret_key (str) – client secret key (optional, required only for access type confidential)

  • custom_headers (dict) – dict of custom header to pass to each HTML request

  • user_realm_name (str) – The realm name of the user, if different from realm_name

  • auto_refresh_token (list) – list of methods that allows automatic token refresh. Ex: [‘get’, ‘put’, ‘post’, ‘delete’]

  • timeout (int) – connection timeout in seconds

  • connection (KeycloakOpenIDConnection) – A KeycloakOpenIDConnection as an alternative to individual params.

property server_url[source]

Get server url.

Returns:

Keycloak server url

Return type:

str

property realm_name[source]

Get realm name.

Returns:

Realm name

Return type:

str

property connection: keycloak.openid_connection.KeycloakOpenIDConnection[source]

Get connection.

Returns:

Connection manager

Return type:

KeycloakOpenIDConnection

property client_id[source]

Get client id.

Returns:

Client id

Return type:

str

property client_secret_key[source]

Get client secret key.

Returns:

Client secret key

Return type:

str

property verify[source]

Get verify.

Returns:

Verify indicator

Return type:

bool

property username[source]

Get username.

Returns:

Admin username

Return type:

str

property password[source]

Get password.

Returns:

Admin password

Return type:

str

property totp[source]

Get totp.

Returns:

TOTP

Return type:

str

property token[source]

Get token.

Returns:

Access and refresh token

Return type:

dict

property user_realm_name[source]

Get user realm name.

Returns:

User realm name

Return type:

str

property custom_headers[source]

Get custom headers.

Returns:

Custom headers

Return type:

dict

property auto_refresh_token[source]

Get auto refresh token.

Returns:

List of methods for automatic token refresh

Return type:

list

PAGE_SIZE = 100[source]
_auto_refresh_token[source]
_connection: keycloak.openid_connection.KeycloakOpenIDConnection | None[source]
__fetch_all(url, query=None)[source]

Paginate over get requests.

Wrapper function to paginate GET requests.

Parameters:

  • url (str) – The url on which the query is executed

  • query (dict) – Existing query parameters (optional)

Returns:

Combined results of paginated queries

Return type:

list

__fetch_paginated(url, query=None)[source]

Make a specific paginated request.

Parameters:

  • url (str) – The url on which the query is executed

  • query (dict) – Pagination settings

Returns:

Response

Return type:

dict

get_current_realm() str[source]

Return the currently configured realm.

Returns:

Currently configured realm name

Return type:

str

change_current_realm(realm_name: str) None[source]

Change the current realm.

Parameters:

realm_name (str) – The name of the realm to be configured as current

import_realm(payload)[source]

Import a new realm from a RealmRepresentation.

Realm name must be unique.

RealmRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmrepresentation

Parameters:

payload (dict) – RealmRepresentation

Returns:

RealmRepresentation

Return type:

dict

partial_import_realm(realm_name, payload)[source]

Partial import realm configuration from PartialImportRepresentation.

Realm partialImport is used for modifying configuration of existing realm.

PartialImportRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_partialimportrepresentation

Parameters:

  • realm_name (str) – Realm name (not the realm id)

  • payload (dict) – PartialImportRepresentation

Returns:

PartialImportResponse

Return type:

dict

export_realm(export_clients=False, export_groups_and_role=False)[source]

Export the realm configurations in the json format.

RealmRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_partialexport

Parameters:

  • export_clients (bool) – Skip if not want to export realm clients

  • export_groups_and_role (bool) – Skip if not want to export realm groups and roles

Returns:

realm configurations JSON

Return type:

dict

get_realms()[source]

List all realms in Keycloak deployment.

Returns:

realms list

Return type:

list

get_realm(realm_name)[source]

Get a specific realm.

RealmRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmrepresentation

Parameters:

realm_name (str) – Realm name (not the realm id)

Returns:

RealmRepresentation

Return type:

dict

create_realm(payload, skip_exists=False)[source]

Create a realm.

RealmRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmrepresentation

Parameters:

  • payload (dict) – RealmRepresentation

  • skip_exists (bool) – Skip if Realm already exist.

Returns:

Keycloak server response (RealmRepresentation)

Return type:

dict

update_realm(realm_name, payload)[source]

Update a realm.

This will only update top level attributes and will ignore any user, role, or client information in the payload.

RealmRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmrepresentation

Parameters:

  • realm_name (str) – Realm name (not the realm id)

  • payload (dict) – RealmRepresentation

Returns:

Http response

Return type:

dict

delete_realm(realm_name)[source]

Delete a realm.

Parameters:

realm_name (str) – Realm name (not the realm id)

Returns:

Http response

Return type:

dict

get_users(query=None)[source]

Get all users.

Return a list of users, filtered according to query parameters

UserRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userrepresentation

Parameters:

query (dict) – Query parameters (optional)

Returns:

users list

Return type:

list

create_idp(payload)[source]

Create an ID Provider.

IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identityproviderrepresentation

Param:

payload: IdentityProviderRepresentation

Returns:

Keycloak server response

Return type:

dict

update_idp(idp_alias, payload)[source]

Update an ID Provider.

IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identity_providers_resource

Param:

idp_alias: alias for IdP to update

Param:

payload: The IdentityProviderRepresentation

Returns:

Keycloak server response

Return type:

dict

add_mapper_to_idp(idp_alias, payload)[source]

Create an ID Provider.

IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identityprovidermapperrepresentation

Param:

idp_alias: alias for Idp to add mapper in

Param:

payload: IdentityProviderMapperRepresentation

Returns:

Keycloak server response

Return type:

dict

update_mapper_in_idp(idp_alias, mapper_id, payload)[source]

Update an IdP mapper.

IdentityProviderMapperRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_update

Param:

idp_alias: alias for Idp to fetch mappers

Param:

mapper_id: Mapper Id to update

Param:

payload: IdentityProviderMapperRepresentation

Returns:

Http response

Return type:

dict

get_idp_mappers(idp_alias)[source]

Get IDP mappers.

Returns a list of ID Providers mappers

IdentityProviderMapperRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getmappers

Param:

idp_alias: alias for Idp to fetch mappers

Returns:

array IdentityProviderMapperRepresentation

Return type:

list

get_idps()[source]

Get IDPs.

Returns a list of ID Providers,

IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identityproviderrepresentation

Returns:

array IdentityProviderRepresentation

Return type:

list

get_idp(idp_alias)[source]

Get IDP provider.

Get the representation of a specific IDP Provider.

IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identityproviderrepresentation

Param:

idp_alias: alias for IdP to get

Returns:

IdentityProviderRepresentation

Return type:

dict

delete_idp(idp_alias)[source]

Delete an ID Provider.

Param:

idp_alias: idp alias name

Returns:

Keycloak server response

Return type:

dict

create_user(payload, exist_ok=False)[source]

Create a new user.

Username must be unique

UserRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userrepresentation

Parameters:

  • payload (dict) – UserRepresentation

  • exist_ok (bool) – If False, raise KeycloakGetError if username already exists. Otherwise, return existing user ID.

Returns:

user_id

Return type:

str

users_count(query=None)[source]

Count users.

https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_users_resource

Parameters:

query (dict) – (dict) Query parameters for users count

Returns:

counter

Return type:

int

get_user_id(username)[source]

Get internal keycloak user id from username.

This is required for further actions against this user.

UserRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userrepresentation

Parameters:

username (str) – id in UserRepresentation

Returns:

user_id

Return type:

str

get_user(user_id)[source]

Get representation of the user.

UserRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userrepresentation

Parameters:

user_id (str) – User id

Returns:

UserRepresentation

get_user_groups(user_id, query=None, brief_representation=True)[source]

Get user groups.

Returns a list of groups of which the user is a member

Parameters:

  • user_id (str) – User id

  • query (dict) – Additional query options

  • brief_representation (bool) – whether to omit attributes in the response

Returns:

user groups list

Return type:

list

update_user(user_id, payload)[source]

Update the user.

Parameters:

  • user_id (str) – User id

  • payload (dict) – UserRepresentation

Returns:

Http response

Return type:

bytes

disable_user(user_id)[source]

Disable the user from the realm. Disabled users can not log in.

Parameters:

user_id (str) – User id

Returns:

Http response

Return type:

bytes

enable_user(user_id)[source]

Enable the user from the realm.

Parameters:

user_id (str) – User id

Returns:

Http response

Return type:

bytes

disable_all_users()[source]

Disable all existing users.

enable_all_users()[source]

Disable all existing users.

delete_user(user_id)[source]

Delete the user.

Parameters:

user_id (str) – User id

Returns:

Http response

Return type:

bytes

set_user_password(user_id, password, temporary=True)[source]

Set up a password for the user.

If temporary is True, the user will have to reset the temporary password next time they log in.

https://www.keycloak.org/docs-api/24.0.2/rest-api/#_users_resource https://www.keycloak.org/docs-api/24.0.2/rest-api/#_credentialrepresentation

Parameters:

  • user_id (str) – User id

  • password (str) – New password

  • temporary (bool) – True if password is temporary

Returns:

Response

Return type:

dict

get_credentials(user_id)[source]

Get user credentials.

Returns a list of credential belonging to the user.

CredentialRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_credentialrepresentation

Param:

user_id: user id

Returns:

Keycloak server response (CredentialRepresentation)

Return type:

dict

delete_credential(user_id, credential_id)[source]

Delete credential of the user.

CredentialRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_credentialrepresentation

Param:

user_id: user id

Param:

credential_id: credential id

Returns:

Keycloak server response (ClientRepresentation)

Return type:

bytes

user_logout(user_id)[source]

Log out the user.

https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_logout

Parameters:

user_id (str) – User id

Returns:

Keycloak server response

Return type:

bytes

user_consents(user_id)[source]

Get consents granted by the user.

UserConsentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userconsentrepresentation

Parameters:

user_id (str) – User id

Returns:

List of UserConsentRepresentations

Return type:

list

get_user_social_logins(user_id)[source]

Get user social logins.

Returns a list of federated identities/social logins of which the user has been associated with :param user_id: User id :type user_id: str :returns: Federated identities list :rtype: list

add_user_social_login(user_id, provider_id, provider_userid, provider_username)[source]

Add a federated identity / social login provider to the user.

Parameters:

  • user_id (str) – User id

  • provider_id (str) – Social login provider id

  • provider_userid (str) – userid specified by the provider

  • provider_username (str) – username specified by the provider

Returns:

Keycloak server response

Return type:

bytes

delete_user_social_login(user_id, provider_id)[source]

Delete a federated identity / social login provider from the user.

Parameters:

  • user_id (str) – User id

  • provider_id (str) – Social login provider id

Returns:

Keycloak server response

Return type:

bytes

send_update_account(user_id, payload, client_id=None, lifespan=None, redirect_uri=None)[source]

Send an update account email to the user.

An email contains a link the user can click to perform a set of required actions.

Parameters:

  • user_id (str) – User id

  • payload (list) – A list of actions for the user to complete

  • client_id (str) – Client id (optional)

  • lifespan (int) – Number of seconds after which the generated token expires (optional)

  • redirect_uri (str) – The redirect uri (optional)

Returns:

Keycloak server response

Return type:

bytes

send_verify_email(user_id, client_id=None, redirect_uri=None)[source]

Send a update account email to the user.

An email contains a link the user can click to perform a set of required actions.

Parameters:

  • user_id (str) – User id

  • client_id (str) – Client id (optional)

  • redirect_uri (str) – Redirect uri (optional)

Returns:

Keycloak server response

Return type:

bytes

get_sessions(user_id)[source]

Get sessions associated with the user.

UserSessionRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_usersessionrepresentation

Parameters:

user_id (str) – Id of user

Returns:

UserSessionRepresentation

Return type:

dict

get_server_info()[source]

Get themes, social providers, etc. on this server.

ServerInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_serverinforepresentation

Returns:

ServerInfoRepresentation

Return type:

dict

get_groups(query=None)[source]

Get groups.

Returns a list of groups belonging to the realm

GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation

Parameters:

query (dict) – Additional query options

Returns:

array GroupRepresentation

Return type:

list

get_group(group_id)[source]

Get group by id.

Returns full group details

GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation

Parameters:

group_id (str) – The group id

Returns:

Keycloak server response (GroupRepresentation)

Return type:

dict

get_subgroups(group, path)[source]

Get subgroups.

Utility function to iterate through nested group structures

GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation

Parameters:

  • group (dict) – group (GroupRepresentation)

  • path (str) – group path (string)

Returns:

Keycloak server response (GroupRepresentation)

Return type:

dict

get_group_children(group_id, query=None)[source]

Get group children by parent id.

Returns full group children details

Parameters:

  • group_id (str) – The parent group id

  • query (dict) – Additional query options

Returns:

Keycloak server response (GroupRepresentation)

Return type:

dict

get_group_members(group_id, query=None)[source]

Get members by group id.

Returns group members

GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_userrepresentation

Parameters:
Returns:

Keycloak server response (UserRepresentation)

Return type:

list

get_group_by_path(path)[source]

Get group id based on name or path.

Returns full group details for a group defined by path

GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation

Parameters:

path (str) – group path

Returns:

Keycloak server response (GroupRepresentation)

Return type:

dict

create_group(payload, parent=None, skip_exists=False)[source]

Create a group in the Realm.

GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation

Parameters:

  • payload (dict) – GroupRepresentation

  • parent (str) – parent group’s id. Required to create a sub-group.

  • skip_exists (bool) – If true then do not raise an error if it already exists

Returns:

Group id for newly created group or None for an existing group

Return type:

str

update_group(group_id, payload)[source]

Update group, ignores subgroups.

GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation

Parameters:

  • group_id (str) – id of group

  • payload (dict) – GroupRepresentation with updated information.

Returns:

Http response

Return type:

bytes

groups_count(query=None)[source]

Count groups.

https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_groups

Parameters:

query (dict) – (dict) Query parameters for groups count

Returns:

Keycloak Server Response

Return type:

dict

group_set_permissions(group_id, enabled=True)[source]

Enable/Disable permissions for a group.

Cannot delete group if disabled

Parameters:

  • group_id (str) – id of group

  • enabled (bool) – Enabled flag

Returns:

Keycloak server response

Return type:

bytes

group_user_add(user_id, group_id)[source]

Add user to group (user_id and group_id).

Parameters:

  • user_id (str) – id of user

  • group_id (str) – id of group to add to

Returns:

Keycloak server response

Return type:

bytes

group_user_remove(user_id, group_id)[source]

Remove user from group (user_id and group_id).

Parameters:

  • user_id (str) – id of user

  • group_id (str) – id of group to remove from

Returns:

Keycloak server response

Return type:

bytes

delete_group(group_id)[source]

Delete a group in the Realm.

Parameters:

group_id (str) – id of group to delete

Returns:

Keycloak server response

Return type:

bytes

get_clients()[source]

Get clients.

Returns a list of clients belonging to the realm

ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation

Returns:

Keycloak server response (ClientRepresentation)

Return type:

list

get_client(client_id)[source]

Get representation of the client.

ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation

Parameters:

client_id (str) – id of client (not client-id)

Returns:

Keycloak server response (ClientRepresentation)

Return type:

dict

get_client_id(client_id)[source]

Get internal keycloak client id from client-id.

This is required for further actions against this client.

Parameters:

client_id (str) – clientId in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation

Returns:

client_id (uuid as string)

Return type:

str

get_client_authz_settings(client_id)[source]

Get authorization json from client.

Parameters:

client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation

Returns:

Keycloak server response

Return type:

dict

create_client_authz_resource(client_id, payload, skip_exists=False)[source]

Create resources of client.

Parameters:
Returns:

Keycloak server response

Return type:

bytes

update_client_authz_resource(client_id, resource_id, payload)[source]

Update resource of client.

Any parameter missing from the ResourceRepresentation in the payload WILL be set to default by the Keycloak server.

Parameters:
Returns:

Keycloak server response

Return type:

bytes

delete_client_authz_resource(client_id: str, resource_id: str)[source]

Delete a client resource.

Parameters:
Returns:

Keycloak server response

Return type:

bytes

get_client_authz_resources(client_id)[source]

Get resources from client.

Parameters:

client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation

Returns:

Keycloak server response (ResourceRepresentation)

Return type:

list

get_client_authz_resource(client_id: str, resource_id: str)[source]

Get a client resource.

Parameters:
Returns:

Keycloak server response (ResourceRepresentation)

Return type:

dict

create_client_authz_role_based_policy(client_id, payload, skip_exists=False)[source]

Create role-based policy of client.

Payload example:

payload={
    "type": "role",
    "logic": "POSITIVE",
    "decisionStrategy": "UNANIMOUS",
    "name": "Policy-1",
    "roles": [
        {
        "id": id
        }
    ]
}
Parameters:
Returns:

Keycloak server response

Return type:

bytes

create_client_authz_policy(client_id, payload, skip_exists=False)[source]

Create an authz policy of client.

Payload example:

payload={
    "name": "Policy-time-based",
    "type": "time",
    "logic": "POSITIVE",
    "decisionStrategy": "UNANIMOUS",
    "config": {
        "hourEnd": "18",
        "hour": "9"
    }
}
Parameters:
Returns:

Keycloak server response

Return type:

bytes

create_client_authz_resource_based_permission(client_id, payload, skip_exists=False)[source]

Create resource-based permission of client.

Payload example:

payload={
    "type": "resource",
    "logic": "POSITIVE",
    "decisionStrategy": "UNANIMOUS",
    "name": "Permission-Name",
    "resources": [
        resource_id
    ],
    "policies": [
        policy_id
    ]
Parameters:
Returns:

Keycloak server response

Return type:

bytes

get_client_authz_scopes(client_id)[source]

Get scopes from client.

Parameters:

client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation

Returns:

Keycloak server response

Return type:

list

create_client_authz_scopes(client_id, payload)[source]

Create scopes for client.

Parameters:
Returns:

Keycloak server response

Return type:

bytes

get_client_authz_permissions(client_id)[source]

Get permissions from client.

Parameters:

client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation

Returns:

Keycloak server response

Return type:

list

get_client_authz_policies(client_id)[source]

Get policies from client.

Parameters:

client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation

Returns:

Keycloak server response

Return type:

list

delete_client_authz_policy(client_id, policy_id)[source]

Delete a policy from client.

Parameters:
Returns:

Keycloak server response

Return type:

dict

get_client_authz_policy(client_id, policy_id)[source]

Get a policy from client.

Parameters:
Returns:

Keycloak server response

Return type:

dict

get_client_service_account_user(client_id)[source]

Get service account user from client.

Parameters:

client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation

Returns:

UserRepresentation

Return type:

dict

get_client_default_client_scopes(client_id)[source]

Get all default client scopes from client.

Parameters:

client_id (str) – id of the client in which the new default client scope should be added

Returns:

list of client scopes with id and name

Return type:

list

add_client_default_client_scope(client_id, client_scope_id, payload)[source]

Add a client scope to the default client scopes from client.

Payload example:

payload={
    "realm":"testrealm",
    "client":"aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
    "clientScopeId":"bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb"
}
Parameters:

  • client_id (str) – id of the client in which the new default client scope should be added

  • client_scope_id (str) – id of the new client scope that should be added

  • payload (dict) – dictionary with realm, client and clientScopeId

Returns:

Http response

Return type:

bytes

delete_client_default_client_scope(client_id, client_scope_id)[source]

Delete a client scope from the default client scopes of the client.

Parameters:

  • client_id (str) – id of the client in which the default client scope should be deleted

  • client_scope_id (str) – id of the client scope that should be deleted

Returns:

list of client scopes with id and name

Return type:

list

get_client_optional_client_scopes(client_id)[source]

Get all optional client scopes from client.

Parameters:

client_id (str) – id of the client in which the new optional client scope should be added

Returns:

list of client scopes with id and name

Return type:

list

add_client_optional_client_scope(client_id, client_scope_id, payload)[source]

Add a client scope to the optional client scopes from client.

Payload example:

payload={
    "realm":"testrealm",
    "client":"aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
    "clientScopeId":"bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb"
}
Parameters:

  • client_id (str) – id of the client in which the new optional client scope should be added

  • client_scope_id (str) – id of the new client scope that should be added

  • payload (dict) – dictionary with realm, client and clientScopeId

Returns:

Http response

Return type:

bytes

delete_client_optional_client_scope(client_id, client_scope_id)[source]

Delete a client scope from the optional client scopes of the client.

Parameters:

  • client_id (str) – id of the client in which the optional client scope should be deleted

  • client_scope_id (str) – id of the client scope that should be deleted

Returns:

list of client scopes with id and name

Return type:

list

create_initial_access_token(count: int = 1, expiration: int = 1)[source]

Create an initial access token.

Parameters:

  • count (int) – Number of clients that can be registered

  • expiration (int) – Days until expireation

Returns:

initial access token

Return type:

str

create_client(payload, skip_exists=False)[source]

Create a client.

ClientRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation

Parameters:

  • skip_exists (bool) – If true then do not raise an error if client already exists

  • payload (dict) – ClientRepresentation

Returns:

Client ID

Return type:

str

update_client(client_id, payload)[source]

Update a client.

Parameters:

  • client_id (str) – Client id

  • payload (dict) – ClientRepresentation

Returns:

Http response

Return type:

bytes

delete_client(client_id)[source]

Get representation of the client.

ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation

Parameters:

client_id (str) – keycloak client id (not oauth client-id)

Returns:

Keycloak server response (ClientRepresentation)

Return type:

bytes

get_client_installation_provider(client_id, provider_id)[source]

Get content for given installation provider.

Related documentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clients_resource

Possible provider_id list available in the ServerInfoRepresentation#clientInstallations https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_serverinforepresentation

Parameters:

  • client_id (str) – Client id

  • provider_id (str) – provider id to specify response format

Returns:

Installation providers

Return type:

list

get_realm_roles(brief_representation=True, search_text='')[source]

Get all roles for the realm or client.

RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation

Parameters:

  • brief_representation (bool) – whether to omit role attributes in the response

  • search_text (str) – optional search text to limit the returned result.

Returns:

Keycloak server response (RoleRepresentation)

Return type:

list

get_realm_role_groups(role_name, query=None, brief_representation=True)[source]

Get role groups of realm by role name.

Parameters:
Returns:

Keycloak Server Response (GroupRepresentation)

Return type:

list

get_realm_role_members(role_name, query=None)[source]

Get role members of realm by role name.

Parameters:
Returns:

Keycloak Server Response (UserRepresentation)

Return type:

list

get_default_realm_role_id()[source]

Get the ID of the default realm role.

Returns:

Realm role ID

Return type:

str

get_realm_default_roles()[source]

Get all the default realm roles.

Returns:

Keycloak Server Response (UserRepresentation)

Return type:

list

remove_realm_default_roles(payload)[source]

Remove a set of default realm roles.

Parameters:

payload (list) – List of RoleRepresentations

Returns:

Keycloak Server Response

Return type:

dict

add_realm_default_roles(payload)[source]

Add a set of default realm roles.

Parameters:

payload (list) – List of RoleRepresentations

Returns:

Keycloak Server Response

Return type:

dict

get_client_roles(client_id, brief_representation=True)[source]

Get all roles for the client.

RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation

Parameters:

  • client_id (str) – id of client (not client-id)

  • brief_representation (bool) – whether to omit role attributes in the response

Returns:

Keycloak server response (RoleRepresentation)

Return type:

list

get_client_role(client_id, role_name)[source]

Get client role id by name.

This is required for further actions with this role.

RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation

Parameters:

  • client_id (str) – id of client (not client-id)

  • role_name (str) – role’s name (not id!)

Returns:

role_id

Return type:

str

get_client_role_id(client_id, role_name)[source]

Get client role id by name.

This is required for further actions with this role.

RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation

Parameters:

  • client_id (str) – id of client (not client-id)

  • role_name (str) – role’s name (not id!)

Returns:

role_id

Return type:

str

create_client_role(client_role_id, payload, skip_exists=False)[source]

Create a client role.

RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation

Parameters:

  • client_role_id (str) – id of client (not client-id)

  • payload (dict) – RoleRepresentation

  • skip_exists (bool) – If true then do not raise an error if client role already exists

Returns:

Client role name

Return type:

str

add_composite_client_roles_to_role(client_role_id, role_name, roles)[source]

Add composite roles to client role.

Parameters:

  • client_role_id (str) – id of client (not client-id)

  • role_name (str) – The name of the role

  • roles (list) – roles list or role (use RoleRepresentation) to be updated

Returns:

Keycloak server response

Return type:

bytes

update_client_role(client_id, role_name, payload)[source]

Update a client role.

RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation

Parameters:

  • client_id (str) – id of client (not client-id)

  • role_name (str) – role’s name (not id!)

  • payload (dict) – RoleRepresentation

Returns:

Keycloak server response

Return type:

bytes

delete_client_role(client_role_id, role_name)[source]

Delete a client role.

RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation

Parameters:

  • client_role_id (str) – id of client (not client-id)

  • role_name (str) – role’s name (not id!)

Returns:

Keycloak server response

Return type:

bytes

assign_client_role(user_id, client_id, roles)[source]

Assign a client role to a user.

Parameters:

  • user_id (str) – id of user

  • client_id (str) – id of client (not client-id)

  • roles (list) – roles list or role (use RoleRepresentation)

Returns:

Keycloak server response

Return type:

bytes

get_client_role_members(client_id, role_name, **query)[source]

Get members by client role.

Parameters:
Returns:

Keycloak server response (UserRepresentation)

Return type:

list

get_client_role_groups(client_id, role_name, **query)[source]

Get group members by client role.

Parameters:
Returns:

Keycloak server response

Return type:

list

get_role_by_id(role_id)[source]

Get a specific role’s representation.

RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation

Parameters:

role_id (str) – id of role

Returns:

Keycloak server response (RoleRepresentation)

Return type:

bytes

update_role_by_id(role_id, payload)[source]

Update the role.

RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation

Parameters:

  • payload (dict) – RoleRepresentation

  • role_id (str) – id of role

Returns:

Keycloak server response

Return type:

bytes

delete_role_by_id(role_id)[source]

Delete a role by its id.

RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation

Parameters:

role_id (str) – id of role

Returns:

Keycloak server response

Return type:

bytes

create_realm_role(payload, skip_exists=False)[source]

Create a new role for the realm or client.

Parameters:

  • payload (dict) – The role (use RoleRepresentation)

  • skip_exists (bool) – If true then do not raise an error if realm role already exists

Returns:

Realm role name

Return type:

str

get_realm_role(role_name)[source]

Get realm role by role name.

RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation

Parameters:

role_name (str) – role’s name, not id!

Returns:

role

Return type:

dict

get_realm_role_by_id(role_id: str)[source]

Get realm role by role id.

RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation

Parameters:

role_id (str) – role’s id, not name!

Returns:

role

Return type:

dict

update_realm_role(role_name, payload)[source]

Update a role for the realm by name.

Parameters:

  • role_name (str) – The name of the role to be updated

  • payload (dict) – The role (use RoleRepresentation)

Returns:

Keycloak server response

Return type:

bytes

delete_realm_role(role_name)[source]

Delete a role for the realm by name.

Parameters:

role_name (str) – The role name

Returns:

Keycloak server response

Return type:

bytes

add_composite_realm_roles_to_role(role_name, roles)[source]

Add composite roles to the role.

Parameters:

  • role_name (str) – The name of the role

  • roles (list) – roles list or role (use RoleRepresentation) to be updated

Returns:

Keycloak server response

Return type:

bytes

remove_composite_realm_roles_to_role(role_name, roles)[source]

Remove composite roles from the role.

Parameters:

  • role_name (str) – The name of the role

  • roles (list) – roles list or role (use RoleRepresentation) to be removed

Returns:

Keycloak server response

Return type:

bytes

get_composite_realm_roles_of_role(role_name)[source]

Get composite roles of the role.

Parameters:

role_name (str) – The name of the role

Returns:

Keycloak server response (array RoleRepresentation)

Return type:

list

assign_realm_roles_to_client_scope(client_id, roles)[source]

Assign realm roles to a client’s scope.

Parameters:

  • client_id (str) – id of client (not client-id)

  • roles (list) – roles list or role (use RoleRepresentation)

Returns:

Keycloak server response

Return type:

dict

delete_realm_roles_of_client_scope(client_id, roles)[source]

Delete realm roles of a client’s scope.

Parameters:

  • client_id (str) – id of client (not client-id)

  • roles (list) – roles list or role (use RoleRepresentation)

Returns:

Keycloak server response

Return type:

dict

get_realm_roles_of_client_scope(client_id)[source]

Get all realm roles for a client’s scope.

Parameters:

client_id (str) – id of client (not client-id)

Returns:

Keycloak server response (array RoleRepresentation)

Return type:

dict

assign_client_roles_to_client_scope(client_id, client_roles_owner_id, roles)[source]

Assign client roles to a client’s scope.

Parameters:

  • client_id (str) – id of client (not client-id) who is assigned the roles

  • client_roles_owner_id (str) – id of client (not client-id) who has the roles

  • roles (list) – roles list or role (use RoleRepresentation)

Returns:

Keycloak server response

Return type:

dict

delete_client_roles_of_client_scope(client_id, client_roles_owner_id, roles)[source]

Delete client roles of a client’s scope.

Parameters:

  • client_id (str) – id of client (not client-id) who is assigned the roles

  • client_roles_owner_id (str) – id of client (not client-id) who has the roles

  • roles (list) – roles list or role (use RoleRepresentation)

Returns:

Keycloak server response

Return type:

dict

get_client_roles_of_client_scope(client_id, client_roles_owner_id)[source]

Get all client roles for a client’s scope.

Parameters:

  • client_id (str) – id of client (not client-id)

  • client_roles_owner_id (str) – id of client (not client-id) who has the roles

Returns:

Keycloak server response (array RoleRepresentation)

Return type:

dict

assign_realm_roles(user_id, roles)[source]

Assign realm roles to a user.

Parameters:

  • user_id (str) – id of user

  • roles (list) – roles list or role (use RoleRepresentation)

Returns:

Keycloak server response

Return type:

bytes

delete_realm_roles_of_user(user_id, roles)[source]

Delete realm roles of a user.

Parameters:

  • user_id (str) – id of user

  • roles (list) – roles list or role (use RoleRepresentation)

Returns:

Keycloak server response

Return type:

bytes

get_realm_roles_of_user(user_id)[source]

Get all realm roles for a user.

Parameters:

user_id (str) – id of user

Returns:

Keycloak server response (array RoleRepresentation)

Return type:

list

get_available_realm_roles_of_user(user_id)[source]

Get all available (i.e. unassigned) realm roles for a user.

Parameters:

user_id (str) – id of user

Returns:

Keycloak server response (array RoleRepresentation)

Return type:

list

get_composite_realm_roles_of_user(user_id, brief_representation=True)[source]

Get all composite (i.e. implicit) realm roles for a user.

Parameters:

  • user_id (str) – id of user

  • brief_representation (bool) – whether to omit role attributes in the response

Returns:

Keycloak server response (array RoleRepresentation)

Return type:

list

assign_group_realm_roles(group_id, roles)[source]

Assign realm roles to a group.

Parameters:

  • group_id (str) – id of group

  • roles (list) – roles list or role (use GroupRoleRepresentation)

Returns:

Keycloak server response

Return type:

bytes

delete_group_realm_roles(group_id, roles)[source]

Delete realm roles of a group.

Parameters:

  • group_id (str) – id of group

  • roles (list) – roles list or role (use GroupRoleRepresentation)

Returns:

Keycloak server response

Return type:

bytes

get_group_realm_roles(group_id, brief_representation=True)[source]

Get all realm roles for a group.

Parameters:

  • group_id (str) – id of the group

  • brief_representation (bool) – whether to omit role attributes in the response

Returns:

Keycloak server response (array RoleRepresentation)

Return type:

list

assign_group_client_roles(group_id, client_id, roles)[source]

Assign client roles to a group.

Parameters:

  • group_id (str) – id of group

  • client_id (str) – id of client (not client-id)

  • roles (list) – roles list or role (use GroupRoleRepresentation)

Returns:

Keycloak server response

Return type:

bytes

get_group_client_roles(group_id, client_id)[source]

Get client roles of a group.

Parameters:

  • group_id (str) – id of group

  • client_id (str) – id of client (not client-id)

Returns:

Keycloak server response

Return type:

list

delete_group_client_roles(group_id, client_id, roles)[source]

Delete client roles of a group.

Parameters:

  • group_id (str) – id of group

  • client_id (str) – id of client (not client-id)

  • roles (list) – roles list or role (use GroupRoleRepresentation)

Returns:

Keycloak server response (array RoleRepresentation)

Return type:

bytes

get_all_roles_of_user(user_id)[source]

Get all level roles for a user.

Parameters:

user_id (str) – id of user

Returns:

Keycloak server response (array RoleRepresentation)

Return type:

list

get_client_roles_of_user(user_id, client_id)[source]

Get all client roles for a user.

Parameters:

  • user_id (str) – id of user

  • client_id (str) – id of client (not client-id)

Returns:

Keycloak server response (array RoleRepresentation)

Return type:

list

get_available_client_roles_of_user(user_id, client_id)[source]

Get available client role-mappings for a user.

Parameters:

  • user_id (str) – id of user

  • client_id (str) – id of client (not client-id)

Returns:

Keycloak server response (array RoleRepresentation)

Return type:

list

get_composite_client_roles_of_user(user_id, client_id, brief_representation=False)[source]

Get composite client role-mappings for a user.

Parameters:

  • user_id (str) – id of user

  • client_id (str) – id of client (not client-id)

  • brief_representation (bool) – whether to omit attributes in the response

Returns:

Keycloak server response (array RoleRepresentation)

Return type:

list

_get_client_roles_of_user(client_level_role_mapping_url, user_id, client_id, **params)[source]

Get client roles of a single user helper.

Parameters:

  • client_level_role_mapping_url (str) – Url for the client role mapping

  • user_id (str) – User id

  • client_id (str) – Client id

  • params (dict) – Additional parameters

Returns:

Client roles of a user

Return type:

list

delete_client_roles_of_user(user_id, client_id, roles)[source]

Delete client roles from a user.

Parameters:

  • user_id (str) – id of user

  • client_id (str) – id of client containing role (not client-id)

  • roles (list) – roles list or role to delete (use RoleRepresentation)

Returns:

Keycloak server response

Return type:

bytes

get_authentication_flows()[source]

Get authentication flows.

Returns all flow details

AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationflowrepresentation

Returns:

Keycloak server response (AuthenticationFlowRepresentation)

Return type:

list

get_authentication_flow_for_id(flow_id)[source]

Get one authentication flow by it’s id.

Returns all flow details

AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationflowrepresentation

Parameters:

flow_id (str) – the id of a flow NOT it’s alias

Returns:

Keycloak server response (AuthenticationFlowRepresentation)

Return type:

dict

create_authentication_flow(payload, skip_exists=False)[source]

Create a new authentication flow.

AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationflowrepresentation

Parameters:

  • payload (dict) – AuthenticationFlowRepresentation

  • skip_exists (bool) – Do not raise an error if authentication flow already exists

Returns:

Keycloak server response (RoleRepresentation)

Return type:

bytes

copy_authentication_flow(payload, flow_alias)[source]

Copy existing authentication flow under a new name.

The new name is given as ‘newName’ attribute of the passed payload.

Parameters:

  • payload (dict) – JSON containing ‘newName’ attribute

  • flow_alias (str) – the flow alias

Returns:

Keycloak server response (RoleRepresentation)

Return type:

bytes

delete_authentication_flow(flow_id)[source]

Delete authentication flow.

AuthenticationInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationinforepresentation

Parameters:

flow_id (str) – authentication flow id

Returns:

Keycloak server response

Return type:

bytes

get_authentication_flow_executions(flow_alias)[source]

Get authentication flow executions.

Returns all execution steps

Parameters:

flow_alias (str) – the flow alias

Returns:

Response(json)

Return type:

list

update_authentication_flow_executions(payload, flow_alias)[source]

Update an authentication flow execution.

AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationexecutioninforepresentation

Parameters:

  • payload (dict) – AuthenticationExecutionInfoRepresentation

  • flow_alias (str) – The flow alias

Returns:

Keycloak server response

Return type:

bytes

get_authentication_flow_execution(execution_id)[source]

Get authentication flow execution.

AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationexecutioninforepresentation

Parameters:

execution_id (str) – the execution ID

Returns:

Response(json)

Return type:

dict

create_authentication_flow_execution(payload, flow_alias)[source]

Create an authentication flow execution.

AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationexecutioninforepresentation

Parameters:

  • payload (dict) – AuthenticationExecutionInfoRepresentation

  • flow_alias (str) – The flow alias

Returns:

Keycloak server response

Return type:

bytes

delete_authentication_flow_execution(execution_id)[source]

Delete authentication flow execution.

AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationexecutioninforepresentation

Parameters:

execution_id (str) – keycloak client id (not oauth client-id)

Returns:

Keycloak server response (json)

Return type:

bytes

create_authentication_flow_subflow(payload, flow_alias, skip_exists=False)[source]

Create a new sub authentication flow for a given authentication flow.

AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationflowrepresentation

Parameters:

  • payload (dict) – AuthenticationFlowRepresentation

  • flow_alias (str) – The flow alias

  • skip_exists (bool) – Do not raise an error if authentication flow already exists

Returns:

Keycloak server response (RoleRepresentation)

Return type:

bytes

get_authenticator_providers()[source]

Get authenticator providers list.

Returns:

Authenticator providers

Return type:

list

get_authenticator_provider_config_description(provider_id)[source]

Get authenticator’s provider configuration description.

AuthenticatorConfigInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticatorconfiginforepresentation

Parameters:

provider_id (str) – Provider Id

Returns:

AuthenticatorConfigInfoRepresentation

Return type:

dict

get_authenticator_config(config_id)[source]

Get authenticator configuration.

Returns all configuration details.

Parameters:

config_id (str) – Authenticator config id

Returns:

Response(json)

Return type:

dict

update_authenticator_config(payload, config_id)[source]

Update an authenticator configuration.

AuthenticatorConfigRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticatorconfigrepresentation

Parameters:

  • payload (dict) – AuthenticatorConfigRepresentation

  • config_id (str) – Authenticator config id

Returns:

Response(json)

Return type:

bytes

delete_authenticator_config(config_id)[source]

Delete a authenticator configuration.

https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authentication_management_resource

Parameters:

config_id (str) – Authenticator config id

Returns:

Keycloak server Response

Return type:

bytes

sync_users(storage_id, action)[source]

Trigger user sync from provider.

Parameters:

  • storage_id (str) – The id of the user storage provider

  • action (str) – Action can be “triggerFullSync” or “triggerChangedUsersSync”

Returns:

Keycloak server response

Return type:

bytes

get_client_scopes()[source]

Get client scopes.

Get representation of the client scopes for the realm where we are connected to https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientscopes

Returns:

Keycloak server response Array of (ClientScopeRepresentation)

Return type:

list

get_client_scope(client_scope_id)[source]

Get client scope.

Get representation of the client scopes for the realm where we are connected to https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientscopes

Parameters:

client_scope_id (str) – The id of the client scope

Returns:

Keycloak server response (ClientScopeRepresentation)

Return type:

dict

get_client_scope_by_name(client_scope_name)[source]

Get client scope by name.

Get representation of the client scope identified by the client scope name.

https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientscopes :param client_scope_name: (str) Name of the client scope :type client_scope_name: str :returns: ClientScopeRepresentation or None :rtype: dict

create_client_scope(payload, skip_exists=False)[source]

Create a client scope.

ClientScopeRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientscopes

Parameters:

  • payload (dict) – ClientScopeRepresentation

  • skip_exists (bool) – If true then do not raise an error if client scope already exists

Returns:

Client scope id

Return type:

str

update_client_scope(client_scope_id, payload)[source]

Update a client scope.

ClientScopeRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_client_scopes_resource

Parameters:

  • client_scope_id (str) – The id of the client scope

  • payload (dict) – ClientScopeRepresentation

Returns:

Keycloak server response (ClientScopeRepresentation)

Return type:

bytes

delete_client_scope(client_scope_id)[source]

Delete existing client scope.

ClientScopeRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_client_scopes_resource

Parameters:

client_scope_id (str) – The id of the client scope

Returns:

Keycloak server response

Return type:

bytes

get_mappers_from_client_scope(client_scope_id)[source]

Get a list of all mappers connected to the client scope.

https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_protocol_mappers_resource :param client_scope_id: Client scope id :type client_scope_id: str :returns: Keycloak server response (ProtocolMapperRepresentation) :rtype: list

add_mapper_to_client_scope(client_scope_id, payload)[source]

Add a mapper to a client scope.

https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_create_mapper

Parameters:

  • client_scope_id (str) – The id of the client scope

  • payload (dict) – ProtocolMapperRepresentation

Returns:

Keycloak server Response

Return type:

bytes

delete_mapper_from_client_scope(client_scope_id, protocol_mapper_id)[source]

Delete a mapper from a client scope.

https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_delete_mapper

Parameters:

  • client_scope_id (str) – The id of the client scope

  • protocol_mapper_id (str) – Protocol mapper id

Returns:

Keycloak server Response

Return type:

bytes

update_mapper_in_client_scope(client_scope_id, protocol_mapper_id, payload)[source]

Update an existing protocol mapper in a client scope.

https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_protocol_mappers_resource

Parameters:

  • client_scope_id (str) – The id of the client scope

  • protocol_mapper_id (str) – The id of the protocol mapper which exists in the client scope and should to be updated

  • payload (dict) – ProtocolMapperRepresentation

Returns:

Keycloak server Response

Return type:

bytes

get_default_default_client_scopes()[source]

Get default default client scopes.

Return list of default default client scopes

Returns:

Keycloak server response

Return type:

list

delete_default_default_client_scope(scope_id)[source]

Delete default default client scope.

Parameters:

scope_id (str) – default default client scope id

Returns:

Keycloak server response

Return type:

list

add_default_default_client_scope(scope_id)[source]

Add default default client scope.

Parameters:

scope_id (str) – default default client scope id

Returns:

Keycloak server response

Return type:

bytes

get_default_optional_client_scopes()[source]

Get default optional client scopes.

Return list of default optional client scopes

Returns:

Keycloak server response

Return type:

list

delete_default_optional_client_scope(scope_id)[source]

Delete default optional client scope.

Parameters:

scope_id (str) – default optional client scope id

Returns:

Keycloak server response

Return type:

bytes

add_default_optional_client_scope(scope_id)[source]

Add default optional client scope.

Parameters:

scope_id (str) – default optional client scope id

Returns:

Keycloak server response

Return type:

bytes

get_mappers_from_client(client_id)[source]

List of all client mappers.

https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_protocolmapperrepresentation

Parameters:

client_id (str) – Client id

Returns:

KeycloakServerResponse (list of ProtocolMapperRepresentation)

Return type:

list

add_mapper_to_client(client_id, payload)[source]

Add a mapper to a client.

https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_create_mapper

Parameters:

  • client_id (str) – The id of the client

  • payload (dict) – ProtocolMapperRepresentation

Returns:

Keycloak server Response

Return type:

bytes

update_client_mapper(client_id, mapper_id, payload)[source]

Update client mapper.

Parameters:

  • client_id (str) – The id of the client

  • mapper_id (str) – The id of the mapper to be deleted

  • payload (dict) – ProtocolMapperRepresentation

Returns:

Keycloak server response

Return type:

bytes

remove_client_mapper(client_id, client_mapper_id)[source]

Remove a mapper from the client.

https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_protocol_mappers_resource

Parameters:

  • client_id (str) – The id of the client

  • client_mapper_id (str) – The id of the mapper to be deleted

Returns:

Keycloak server response

Return type:

bytes

generate_client_secrets(client_id)[source]

Generate a new secret for the client.

https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_regeneratesecret

Parameters:

client_id (str) – id of client (not client-id)

Returns:

Keycloak server response (ClientRepresentation)

Return type:

bytes

get_client_secrets(client_id)[source]

Get representation of the client secrets.

https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientsecret

Parameters:

client_id (str) – id of client (not client-id)

Returns:

Keycloak server response (ClientRepresentation)

Return type:

list

get_components(query=None)[source]

Get components.

Return a list of components, filtered according to query parameters

ComponentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_componentrepresentation

Parameters:

query (dict) – Query parameters (optional)

Returns:

components list

Return type:

list

create_component(payload)[source]

Create a new component.

ComponentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_componentrepresentation

Parameters:

payload (dict) – ComponentRepresentation

Returns:

Component id

Return type:

str

get_component(component_id)[source]

Get representation of the component.

Parameters:

component_id – Component id

ComponentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_componentrepresentation

Parameters:

component_id (str) – Id of the component

Returns:

ComponentRepresentation

Return type:

dict

update_component(component_id, payload)[source]

Update the component.

Parameters:
Returns:

Http response

Return type:

bytes

delete_component(component_id)[source]

Delete the component.

Parameters:

component_id (str) – Component id

Returns:

Http response

Return type:

bytes

get_keys()[source]

Get keys.

Return a list of keys, filtered according to query parameters

KeysMetadataRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_key_resource

Returns:

keys list

Return type:

list

get_admin_events(query=None)[source]

Get Administrative events.

Return a list of events, filtered according to query parameters

AdminEvents Representation array https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getevents https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_get_adminrealmsrealmadmin_events

Parameters:

query (dict) – Additional query parameters

Returns:

events list

Return type:

list

get_events(query=None)[source]

Get events.

Return a list of events, filtered according to query parameters

EventRepresentation array https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_eventrepresentation

Parameters:

query (dict) – Additional query parameters

Returns:

events list

Return type:

list

set_events(payload)[source]

Set realm events configuration.

RealmEventsConfigRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmeventsconfigrepresentation

Parameters:

payload (dict) – Payload object for the events configuration

Returns:

Http response

Return type:

bytes

raw_get(*args, **kwargs)[source]

Call connection.raw_get.

If auto_refresh is set for get and access_token is expired, it will refresh the token and try get once more.

Parameters:

  • args (tuple) – Additional arguments

  • kwargs (dict) – Additional keyword arguments

Returns:

Response

Return type:

Response

raw_post(*args, **kwargs)[source]

Call connection.raw_post.

If auto_refresh is set for post and access_token is expired, it will refresh the token and try post once more.

Parameters:

  • args (tuple) – Additional arguments

  • kwargs (dict) – Additional keyword arguments

Returns:

Response

Return type:

Response

raw_put(*args, **kwargs)[source]

Call connection.raw_put.

If auto_refresh is set for put and access_token is expired, it will refresh the token and try put once more.

Parameters:

  • args (tuple) – Additional arguments

  • kwargs (dict) – Additional keyword arguments

Returns:

Response

Return type:

Response

raw_delete(*args, **kwargs)[source]

Call connection.raw_delete.

If auto_refresh is set for delete and access_token is expired, it will refresh the token and try delete once more.

Parameters:

  • args (tuple) – Additional arguments

  • kwargs (dict) – Additional keyword arguments

Returns:

Response

Return type:

Response

get_token()[source]

Get admin token.

The admin token is then set in the token attribute.

Returns:

token

Return type:

dict

refresh_token()[source]

Refresh the token.

Returns:

token

Return type:

dict

get_client_all_sessions(client_id)[source]

Get sessions associated with the client.

UserSessionRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_usersessionrepresentation

Parameters:

client_id (str) – id of client

Returns:

UserSessionRepresentation

Return type:

list

get_client_sessions_stats()[source]

Get current session count for all clients with active sessions.

https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientsessionstats

Returns:

Dict of clients and session count

Return type:

dict

get_client_management_permissions(client_id)[source]

Get management permissions for a client.

Parameters:

client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation

Returns:

Keycloak server response

Return type:

list

update_client_management_permissions(payload, client_id)[source]

Update management permissions for a client.

ManagementPermissionReference https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_managementpermissionreference

Payload example:

payload={
    "enabled": true
}
Parameters:
Returns:

Keycloak server response

Return type:

bytes

get_client_authz_policy_scopes(client_id, policy_id)[source]

Get scopes for a given policy.

Parameters:
Returns:

Keycloak server response

Return type:

list

get_client_authz_policy_resources(client_id, policy_id)[source]

Get resources for a given policy.

Parameters:
Returns:

Keycloak server response

Return type:

list

get_client_authz_scope_permission(client_id, scope_id)[source]

Get permissions for a given scope.

Parameters:
Returns:

Keycloak server response

Return type:

list

create_client_authz_scope_permission(payload, client_id)[source]

Create permissions for a authz scope.

Payload example:

payload={
    "name": "My Permission Name",
    "type": "scope",
    "logic": "POSITIVE",
    "decisionStrategy": "UNANIMOUS",
    "resources": [some_resource_id],
    "scopes": [some_scope_id],
    "policies": [some_policy_id],
}
Parameters:
Returns:

Keycloak server response

Return type:

bytes

update_client_authz_scope_permission(payload, client_id, scope_id)[source]

Update permissions for a given scope.

Payload example:

payload={
    "id": scope_id,
    "name": "My Permission Name",
    "type": "scope",
    "logic": "POSITIVE",
    "decisionStrategy": "UNANIMOUS",
    "resources": [some_resource_id],
    "scopes": [some_scope_id],
    "policies": [some_policy_id],
}
Parameters:
Returns:

Keycloak server response

Return type:

bytes

get_client_authz_client_policies(client_id)[source]

Get policies for a given client.

Parameters:

client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation

Returns:

Keycloak server response (RoleRepresentation)

Return type:

list

create_client_authz_client_policy(payload, client_id)[source]

Create a new policy for a given client.

Payload example:

payload={
    "type": "client",
    "logic": "POSITIVE",
    "decisionStrategy": "UNANIMOUS",
    "name": "My Policy",
    "clients": [other_client_id],
}
Parameters:
Returns:

Keycloak server response (RoleRepresentation)

Return type:

bytes

get_composite_client_roles_of_group(client_id, group_id, brief_representation=True)[source]

Get the composite client roles of the given group for the given client.

Parameters:

  • client_id (str) – id of the client.

  • group_id (str) – id of the group.

  • brief_representation (bool) – whether to omit attributes in the response

Returns:

the composite client roles of the group (list of RoleRepresentation).

Return type:

list

get_role_client_level_children(client_id, role_id)[source]

Get the child roles of which the given composite client role is composed of.

Parameters:

  • client_id (str) – id of the client.

  • role_id (str) – id of the role.

Returns:

the child roles (list of RoleRepresentation).

Return type:

list

upload_certificate(client_id, certcont)[source]

Upload a new certificate for the client.

Parameters:

  • client_id (str) – id of the client.

  • certcont (str) – the content of the certificate.

Returns:

dictionary {“certificate”: “<certcont>”}, where <certcont> is the content of the uploaded certificate.

Return type:

dict

get_required_action_by_alias(action_alias)[source]

Get a required action by its alias.

Parameters:

action_alias (str) – the alias of the required action.

Returns:

the required action (RequiredActionProviderRepresentation).

Return type:

dict

get_required_actions()[source]

Get the required actions for the realms.

Returns:

the required actions (list of RequiredActionProviderRepresentation).

Return type:

list

update_required_action(action_alias, payload)[source]

Update a required action.

Parameters:

  • action_alias (str) – the action alias.

  • payload (dict) – the new required action (RequiredActionProviderRepresentation).

Returns:

empty dictionary.

Return type:

dict

get_bruteforce_detection_status(user_id)[source]

Get bruteforce detection status for user.

Parameters:

user_id (str) – User id

Returns:

Bruteforce status.

Return type:

dict

clear_bruteforce_attempts_for_user(user_id)[source]

Clear bruteforce attempts for user.

Parameters:

user_id (str) – User id

Returns:

empty dictionary.

Return type:

dict

clear_all_bruteforce_attempts()[source]

Clear bruteforce attempts for all users in realm.

Returns:

empty dictionary.

Return type:

dict

clear_keys_cache()[source]

Clear keys cache.

Returns:

empty dictionary.

Return type:

dict

clear_realm_cache()[source]

Clear realm cache.

Returns:

empty dictionary.

Return type:

dict

clear_user_cache()[source]

Clear user cache.

Returns:

empty dictionary.

Return type:

dict