keycloak ======== .. py:module:: keycloak .. autoapi-nested-parse:: Python-Keycloak library. Submodules ---------- .. toctree:: :maxdepth: 1 /reference/keycloak/_version/index /reference/keycloak/authorization/index /reference/keycloak/connection/index /reference/keycloak/exceptions/index /reference/keycloak/keycloak_admin/index /reference/keycloak/keycloak_openid/index /reference/keycloak/keycloak_uma/index /reference/keycloak/openid_connection/index /reference/keycloak/pkce_utils/index /reference/keycloak/uma_permissions/index /reference/keycloak/urls_patterns/index Attributes ---------- .. autoapisummary:: keycloak.__version__ Exceptions ---------- .. autoapisummary:: keycloak.KeycloakAuthenticationError keycloak.KeycloakAuthorizationConfigError keycloak.KeycloakConnectionError keycloak.KeycloakDeleteError keycloak.KeycloakDeprecationError keycloak.KeycloakError keycloak.KeycloakGetError keycloak.KeycloakInvalidTokenError keycloak.KeycloakOperationError keycloak.KeycloakPostError keycloak.KeycloakPutError keycloak.KeycloakRPTNotFound keycloak.KeycloakSecretNotFound Classes ------- .. autoapisummary:: keycloak.ConnectionManager keycloak.KeycloakAdmin keycloak.KeycloakOpenID keycloak.KeycloakUMA keycloak.KeycloakOpenIDConnection Package Contents ---------------- .. py:data:: __version__ .. py:class:: ConnectionManager(base_url: str, headers: dict | None = None, timeout: int | None = 60, verify: bool | str = True, proxies: dict | None = None, cert: str | tuple | None = None, max_retries: int = 1, pool_maxsize: int | None = None) Represents a simple server connection. :param base_url: The server URL. :type base_url: str :param headers: The header parameters of the requests to the server. :type headers: dict :param timeout: Timeout to use for requests to the server. :type timeout: int :param verify: Boolean value to enable or disable certificate validation or a string containing a path to a CA bundle to use :type verify: Union[bool,str] :param proxies: The proxies servers requests is sent by. :type proxies: dict :param cert: An SSL certificate used by the requested host to authenticate the client. Either a path to an SSL certificate file, or two-tuple of (certificate file, key file). :type cert: Union[str,Tuple[str,str]] :param max_retries: The total number of times to retry HTTP requests. :type max_retries: int :param pool_maxsize: The maximum number of connections to save in the pool. :type pool_maxsize: int .. py:property:: base_url :type: str | None Return base url in use for requests to the server. :returns: Base URL :rtype: str .. py:property:: headers :type: dict | None Return header request to the server. :returns: Request headers :rtype: dict .. py:property:: timeout :type: int | None Return timeout in use for request to the server. :returns: Timeout :rtype: int .. py:property:: verify :type: bool | str Return verify in use for request to the server. :returns: Verify indicator :rtype: bool .. py:property:: proxies :type: dict | None Return proxies in use for request to the server. :returns: Proxies :rtype: dict | None .. py:property:: cert :type: str | tuple | None Return client certificates in use for request to the server. :returns: Client certificate :rtype: Union[str,Tuple[str,str]] .. py:property:: max_retries :type: int Return maximum number of retries in use for requests to the server. :returns: Maximum number of retries :rtype: int .. py:property:: pool_maxsize :type: int | None Return the maximum number of connections to save in the pool. :returns: Pool maxsize :rtype: int or None .. py:attribute:: _s .. py:attribute:: async_s .. py:method:: aclose() -> None :async: Close the async connection on delete. .. py:method:: __del__() -> None Del method. .. py:method:: param_headers(key: str) -> str | None Return a specific header parameter. :param key: Header parameters key. :type key: str :returns: If the header parameters exist, return its value. :rtype: str .. py:method:: clean_headers() -> None Clear header parameters. .. py:method:: exist_param_headers(key: str) -> bool Check if the parameter exists in the header. :param key: Header parameters key. :type key: str :returns: If the header parameters exist, return True. :rtype: bool .. py:method:: add_param_headers(key: str, value: str) -> None Add a single parameter inside the header. :param key: Header parameters key. :type key: str :param value: Value to be added. :type value: str .. py:method:: del_param_headers(key: str) -> None Remove a specific parameter. :param key: Key of the header parameters. :type key: str .. py:method:: raw_get(path: str, **kwargs: Any) -> requests.Response Submit get request to the path. :param path: Path for request. :type path: str :param kwargs: Additional arguments :type kwargs: dict :returns: Response the request. :rtype: Response :raises KeycloakConnectionError: HttpError Can't connect to server. .. py:method:: raw_post(path: str, data: dict | str | requests_toolbelt.MultipartEncoder, **kwargs: Any) -> requests.Response Submit post request to the path. :param path: Path for request. :type path: str :param data: Payload for request. :type data: dict | str | MultipartEncoder :param kwargs: Additional arguments :type kwargs: dict :returns: Response the request. :rtype: Response :raises KeycloakConnectionError: HttpError Can't connect to server. .. py:method:: raw_put(path: str, data: dict | str | requests_toolbelt.MultipartEncoder, **kwargs: Any) -> requests.Response Submit put request to the path. :param path: Path for request. :type path: str :param data: Payload for request. :type data: dict | str | MultipartEncoder :param kwargs: Additional arguments :type kwargs: dict :returns: Response the request. :rtype: Response :raises KeycloakConnectionError: HttpError Can't connect to server. .. py:method:: raw_delete(path: str, data: dict | None = None, **kwargs: Any) -> requests.Response Submit delete request to the path. :param path: Path for request. :type path: str :param data: Payload for request. :type data: dict | None :param kwargs: Additional arguments :type kwargs: dict :returns: Response the request. :rtype: Response :raises KeycloakConnectionError: HttpError Can't connect to server. .. py:method:: a_raw_get(path: str, **kwargs: Any) -> httpx.Response :async: Submit get request to the path. :param path: Path for request. :type path: str :param kwargs: Additional arguments :type kwargs: dict :returns: Response the request. :rtype: Response :raises KeycloakConnectionError: HttpError Can't connect to server. .. py:method:: a_raw_post(path: str, data: dict | str | requests_toolbelt.MultipartEncoder, **kwargs: Any) -> httpx.Response :async: Submit post request to the path. :param path: Path for request. :type path: str :param data: Payload for request. :type data: dict | str | MultipartEncoder :param kwargs: Additional arguments :type kwargs: dict :returns: Response the request. :rtype: Response :raises KeycloakConnectionError: HttpError Can't connect to server. .. py:method:: a_raw_put(path: str, data: dict | str | requests_toolbelt.MultipartEncoder, **kwargs: Any) -> httpx.Response :async: Submit put request to the path. :param path: Path for request. :type path: str :param data: Payload for request. :type data: dict | str | MultipartEncoder :param kwargs: Additional arguments :type kwargs: dict :returns: Response the request. :rtype: Response :raises KeycloakConnectionError: HttpError Can't connect to server. .. py:method:: a_raw_delete(path: str, data: dict | None = None, **kwargs: Any) -> httpx.Response :async: Submit delete request to the path. :param path: Path for request. :type path: str :param data: Payload for request. :type data: dict | None :param kwargs: Additional arguments :type kwargs: dict :returns: Response the request. :rtype: Response :raises KeycloakConnectionError: HttpError Can't connect to server. .. py:method:: _prepare_httpx_request_content(data: dict | str | None | requests_toolbelt.MultipartEncoder) -> dict :staticmethod: Create the correct request content kwarg to `httpx.AsyncClient.request()`. See https://www.python-httpx.org/compatibility/#request-content :param data: the request content :type data: dict | str | None | MultipartEncoder :returns: A dict mapping the correct kwarg to the request content :rtype: dict .. py:method:: _filter_query_params(query_params: dict) -> dict :staticmethod: Explicitly filter query params with None values for compatibility. Httpx and requests differ in the way they handle query params with the value None, requests does not include params with the value None while httpx includes them as-is. :param query_params: the query params :type query_params: dict :returns: the filtered query params :rtype: dict .. py:exception:: KeycloakAuthenticationError(error_message: str | bytes = '', response_code: int | None = None, response_body: bytes | None = None) Bases: :py:obj:`KeycloakError` Keycloak authentication error exception. .. py:exception:: KeycloakAuthorizationConfigError(error_message: str | bytes = '', response_code: int | None = None, response_body: bytes | None = None) Bases: :py:obj:`KeycloakOperationError` Keycloak authorization config exception. .. py:exception:: KeycloakConnectionError(error_message: str | bytes = '', response_code: int | None = None, response_body: bytes | None = None) Bases: :py:obj:`KeycloakError` Keycloak connection error exception. .. py:exception:: KeycloakDeleteError(error_message: str | bytes = '', response_code: int | None = None, response_body: bytes | None = None) Bases: :py:obj:`KeycloakOperationError` Keycloak request delete error exception. .. py:exception:: KeycloakDeprecationError(error_message: str | bytes = '', response_code: int | None = None, response_body: bytes | None = None) Bases: :py:obj:`KeycloakError` Keycloak deprecation error exception. .. py:exception:: KeycloakError(error_message: str | bytes = '', response_code: int | None = None, response_body: bytes | None = None) Bases: :py:obj:`Exception` Base class for custom Keycloak errors. :param error_message: The error message :type error_message: str :param response_code: The response status code :type response_code: int .. py:attribute:: response_code :value: None .. py:attribute:: response_body :value: None .. py:attribute:: error_message :value: '' .. py:method:: __str__() -> str Str method. :returns: String representation of the object :rtype: str .. py:exception:: KeycloakGetError(error_message: str | bytes = '', response_code: int | None = None, response_body: bytes | None = None) Bases: :py:obj:`KeycloakOperationError` Keycloak request get error exception. .. py:exception:: KeycloakInvalidTokenError(error_message: str | bytes = '', response_code: int | None = None, response_body: bytes | None = None) Bases: :py:obj:`KeycloakOperationError` Keycloak invalid token exception. .. py:exception:: KeycloakOperationError(error_message: str | bytes = '', response_code: int | None = None, response_body: bytes | None = None) Bases: :py:obj:`KeycloakError` Keycloak operation error exception. .. py:exception:: KeycloakPostError(error_message: str | bytes = '', response_code: int | None = None, response_body: bytes | None = None) Bases: :py:obj:`KeycloakOperationError` Keycloak request post error exception. .. py:exception:: KeycloakPutError(error_message: str | bytes = '', response_code: int | None = None, response_body: bytes | None = None) Bases: :py:obj:`KeycloakOperationError` Keycloak request put error exception. .. py:exception:: KeycloakRPTNotFound(error_message: str | bytes = '', response_code: int | None = None, response_body: bytes | None = None) Bases: :py:obj:`KeycloakOperationError` Keycloak RPT not found exception. .. py:exception:: KeycloakSecretNotFound(error_message: str | bytes = '', response_code: int | None = None, response_body: bytes | None = None) Bases: :py:obj:`KeycloakOperationError` Keycloak secret not found exception. .. py:class:: KeycloakAdmin(server_url: str | None = None, grant_type: str | None = None, username: str | None = None, password: str | None = None, token: dict | None = None, totp: int | None = None, realm_name: str | None = 'master', client_id: str = 'admin-cli', verify: bool | str = True, client_secret_key: str | None = None, custom_headers: dict | None = None, user_realm_name: str | None = None, timeout: int = 60, cert: str | tuple | None = None, max_retries: int = 1, connection: keycloak.openid_connection.KeycloakOpenIDConnection | None = None, pool_maxsize: int | None = None) Keycloak Admin client. :param server_url: Keycloak server url :type server_url: str :param username: admin username :type username: str :param password: admin password :type password: str :param token: access and refresh tokens :type token: dict :param totp: Time based OTP :type totp: str :param realm_name: realm name :type realm_name: str :param client_id: client id :type client_id: str :param verify: Boolean value to enable or disable certificate validation or a string containing a path to a CA bundle to use :type verify: Union[bool,str] :param client_secret_key: client secret key (optional, required only for access type confidential) :type client_secret_key: str :param custom_headers: dict of custom header to pass to each HTML request :type custom_headers: dict :param user_realm_name: The realm name of the user, if different from realm_name :type user_realm_name: str :param timeout: connection timeout in seconds :type timeout: int :param cert: An SSL certificate used by the requested host to authenticate the client. Either a path to an SSL certificate file, or two-tuple of (certificate file, key file). :type cert: Union[str,Tuple[str,str]] :param max_retries: The total number of times to retry HTTP requests. :type max_retries: int :param connection: A KeycloakOpenIDConnection as an alternative to individual params. :type connection: KeycloakOpenIDConnection :param pool_maxsize: The maximum number of connections to save in the pool. :type pool_maxsize: int .. py:attribute:: PAGE_SIZE :value: 100 .. py:property:: connection :type: keycloak.openid_connection.KeycloakOpenIDConnection Get connection. :returns: Connection manager :rtype: KeycloakOpenIDConnection .. py:method:: __fetch_all(url: str, query: dict | None = None) -> list Paginate over get requests. Wrapper function to paginate GET requests. :param url: The url on which the query is executed :type url: str :param query: Existing query parameters (optional) :type query: dict :return: Combined results of paginated queries :rtype: list .. py:method:: __fetch_paginated(url: str, query: dict | None = None) -> list Make a specific paginated request. :param url: The url on which the query is executed :type url: str :param query: Pagination settings :type query: dict :returns: Response :rtype: dict .. py:method:: get_current_realm() -> str | None Return the currently configured realm. :returns: Currently configured realm name :rtype: str | None .. py:method:: change_current_realm(realm_name: str) -> None Change the current realm. :param realm_name: The name of the realm to be configured as current :type realm_name: str .. py:method:: import_realm(payload: dict) -> bytes Import a new realm from a RealmRepresentation. Realm name must be unique. RealmRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmrepresentation :param payload: RealmRepresentation :type payload: dict :return: RealmRepresentation :rtype: bytes .. py:method:: partial_import_realm(realm_name: str, payload: dict) -> dict Partial import realm configuration from PartialImportRepresentation. Realm partialImport is used for modifying configuration of existing realm. PartialImportRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_partialimportrepresentation :param realm_name: Realm name (not the realm id) :type realm_name: str :param payload: PartialImportRepresentation :type payload: dict :return: PartialImportResponse :rtype: dict .. py:method:: export_realm(export_clients: bool = False, export_groups_and_role: bool = False) -> dict Export the realm configurations in the json format. RealmRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_partialexport :param export_clients: Skip if not want to export realm clients :type export_clients: bool :param export_groups_and_role: Skip if not want to export realm groups and roles :type export_groups_and_role: bool :return: realm configurations JSON :rtype: dict .. py:method:: get_realms() -> list List all realms in Keycloak deployment. :return: realms list :rtype: list .. py:method:: get_realm(realm_name: str) -> dict Get a specific realm. RealmRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmrepresentation :param realm_name: Realm name (not the realm id) :type realm_name: str :return: RealmRepresentation :rtype: dict .. py:method:: create_realm(payload: dict, skip_exists: bool = False) -> bytes Create a realm. RealmRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmrepresentation :param payload: RealmRepresentation :type payload: dict :param skip_exists: Skip if Realm already exist. :type skip_exists: bool :return: Keycloak server response (RealmRepresentation) :rtype: dict .. py:method:: update_realm(realm_name: str, payload: dict) -> dict Update a realm. This will only update top level attributes and will ignore any user, role, or client information in the payload. RealmRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmrepresentation :param realm_name: Realm name (not the realm id) :type realm_name: str :param payload: RealmRepresentation :type payload: dict :return: Http response :rtype: dict .. py:method:: delete_realm(realm_name: str) -> dict Delete a realm. :param realm_name: Realm name (not the realm id) :type realm_name: str :return: Http response :rtype: dict .. py:method:: get_organizations(query: dict | None = None) -> list Fetch all organizations. Returns a list of organizations, filtered according to query parameters OrganizationRepresentation https://www.keycloak.org/docs-api/26.1.4/rest-api/index.html#OrganizationRepresentation :return: List of organizations :rtype: list .. py:method:: a_get_organizations(query: dict | None = None) -> list :async: Fetch all organizations asynchronously. Returns a list of organizations, filtered according to query parameters OrganizationRepresentation https://www.keycloak.org/docs-api/26.1.4/rest-api/index.html#OrganizationRepresentation :return: List of organizations :rtype: list .. py:method:: get_organization(organization_id: str) -> dict Get representation of the organization. OrganizationRepresentation: https://www.keycloak.org/docs-api/26.1.4/rest-api/index.html#OrganizationRepresentation :param organization_id: ID of the organization :type organization_id: str :return: Organization details :rtype: dict .. py:method:: a_get_organization(organization_id: str) -> dict :async: Get representation of the organization asynchronously. OrganizationRepresentation: https://www.keycloak.org/docs-api/26.1.4/rest-api/index.html#OrganizationRepresentation :param organization_id: ID of the organization :type organization_id: str :return: Organization details :rtype: dict .. py:method:: create_organization(payload: dict) -> str | None Create a new organization. Organization name and alias must be unique. OrganizationRepresentation: https://www.keycloak.org/docs-api/26.1.4/rest-api/index.html#OrganizationRepresentation :param payload: Dictionary containing organization details :type payload: dict :return: org_id :rtype: str .. py:method:: a_create_organization(payload: dict) -> str | None :async: Create a new organization asynchronously. Organization name and alias must be unique. OrganizationRepresentation: https://www.keycloak.org/docs-api/26.1.4/rest-api/index.html#OrganizationRepresentation :param payload: Dictionary containing organization details :type payload: dict :return: org_id :rtype: str .. py:method:: update_organization(organization_id: str, payload: dict) -> dict Update an existing organization. OrganizationRepresentation: https://www.keycloak.org/docs-api/26.1.4/rest-api/index.html#OrganizationRepresentation :param organization_id: ID of the organization :type organization_id: str :param payload: Dictionary with updated organization details :type payload: dict :return: Response from Keycloak :rtype: dict .. py:method:: a_update_organization(organization_id: str, payload: dict) -> dict :async: Update an existing organization asynchronously. OrganizationRepresentation: https://www.keycloak.org/docs-api/26.1.4/rest-api/index.html#OrganizationRepresentation :param organization_id: ID of the organization :type organization_id: str :param payload: Dictionary with updated organization details :type payload: dict :return: Response from Keycloak :rtype: dict | bytes .. py:method:: delete_organization(organization_id: str) -> dict Delete an organization. :param organization_id: ID of the organization :type organization_id: str :return: Response from Keycloak :rtype: dict .. py:method:: a_delete_organization(organization_id: str) -> dict :async: Delete an organization asynchronously. :param organization_id: ID of the organization :type organization_id: str :return: Response from Keycloak :rtype: dict .. py:method:: get_organization_idps(organization_id: str) -> list Get IDPs by organization id. IdentityProviderRepresentation https://www.keycloak.org/docs-api/26.1.4/rest-api/index.html#IdentityProviderRepresentation :param organization_id: ID of the organization :type organization_id: str :return: List of IDPs in the organization :rtype: list .. py:method:: a_get_organization_idps(organization_id: str) -> list :async: Get IDPs by organization id asynchronously. IdentityProviderRepresentation https://www.keycloak.org/docs-api/26.1.4/rest-api/index.html#IdentityProviderRepresentation :param organization_id: ID of the organization :type organization_id: str :return: List of IDPs in the organization :rtype: list .. py:method:: organization_idp_add(organization_id: str, idp_alias: str) -> dict Add an IDP to an organization. :param organization_id: ID of the organization :type organization_id: str :param idp_alias: Alias of the IDP :type idp_alias: str :return: Response from Keycloak :rtype: dict | bytes .. py:method:: a_organization_idp_add(organization_id: str, idp_alias: str) -> dict :async: Add an IDP to an organization asynchronously. :param organization_id: ID of the organization :type organization_id: str :param idp_alias: Alias of the IDP :type idp_alias: str :return: Response from Keycloak :rtype: dict .. py:method:: organization_idp_remove(organization_id: str, idp_alias: str) -> dict Remove an IDP from an organization. :param organization_id: ID of the organization :type organization_id: str :rtype: dict .. py:method:: a_organization_idp_remove(organization_id: str, idp_alias: str) -> dict :async: Remove an IDP from an organization asynchronously. :param organization_id: ID of the organization :type organization_id: str :rtype: dict .. py:method:: get_user_organizations(user_id: str) -> list Get organizations by user id. OrganizationRepresentation https://www.keycloak.org/docs-api/26.1.4/rest-api/index.html#OrganizationRepresentation :param user_id: ID of the user :type user_id: str :return: List of organizations the user is member of :rtype: list .. py:method:: a_get_user_organizations(user_id: str) -> list :async: Get organizations by user id asynchronously. OrganizationRepresentation https://www.keycloak.org/docs-api/26.1.4/rest-api/index.html#OrganizationRepresentation :param user_id: ID of the user :type user_id: str :return: List of organizations the user is member of :rtype: list .. py:method:: get_organization_members(organization_id: str, query: dict | None = None) -> list Get members by organization id. Returns organization members, filtered according to query parameters MemberRepresentation https://www.keycloak.org/docs-api/26.1.4/rest-api/index.html#MemberRepresentation :param organization_id: ID of the organization :type organization_id: str :param query: Additional query parameters (see https://www.keycloak.org/docs-api/26.1.4/rest-api/index.html#_organizations) :type query: dict :return: List of users in the organization :rtype: list .. py:method:: a_get_organization_members(organization_id: str, query: dict | None = None) -> list :async: Get members by organization id asynchronously. Returns organization members, filtered according to query parameters MemberRepresentation https://www.keycloak.org/docs-api/26.1.4/rest-api/index.html#MemberRepresentation :param organization_id: ID of the organization :type organization_id: str :param query: Additional query parameters (see https://www.keycloak.org/docs-api/26.1.4/rest-api/index.html#_organizations) :type query: dict :return: List of users in the organization :rtype: list .. py:method:: get_organization_members_count(organization_id: str) -> int Get the number of members in the organization. :param organization_id: ID of the organization :type organization_id: str :return: Number of members in the organization :rtype: int .. py:method:: a_get_organization_members_count(organization_id: str) -> int :async: Get the number of members in the organization asynchronously. :param organization_id: ID of the organization :type organization_id: str :return: Number of members in the organization :rtype: int .. py:method:: organization_user_add(user_id: str, organization_id: str) -> bytes Add a user to an organization. :param user_id: ID of the user to be added :type user_id: str :param organization_id: ID of the organization :type organization_id: str :return: Response from Keycloak :rtype: bytes .. py:method:: a_organization_user_add(user_id: str, organization_id: str) -> bytes :async: Add a user to an organization asynchronously. :param user_id: ID of the user to be added :type user_id: str :param organization_id: ID of the organization :type organization_id: str :return: Response from Keycloak :rtype: bytes .. py:method:: organization_user_remove(user_id: str, organization_id: str) -> dict Remove a user from an organization. :param user_id: ID of the user to be removed :type user_id: str :param organization_id: ID of the organization :type organization_id: str :return: Response from Keycloak :rtype: dict .. py:method:: a_organization_user_remove(user_id: str, organization_id: str) -> dict :async: Remove a user from an organization asynchronously. :param user_id: ID of the user to be removed :type user_id: str :param organization_id: ID of the organization :type organization_id: str :return: Response from Keycloak :rtype: dict .. py:method:: get_users(query: dict | None = None) -> list Get all users. Return a list of users, filtered according to query parameters UserRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userrepresentation :param query: Query parameters (optional) :type query: dict :return: users list :rtype: list .. py:method:: create_idp(payload: dict) -> bytes Create an ID Provider. IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identityproviderrepresentation :param: payload: IdentityProviderRepresentation :type payload: dict :returns: Keycloak server response :rtype: bytes .. py:method:: update_idp(idp_alias: str, payload: dict) -> dict Update an ID Provider. IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identity_providers_resource :param: idp_alias: alias for IdP to update :type idp_alias: str :param: payload: The IdentityProviderRepresentation :type payload: dict :returns: Keycloak server response :rtype: dict .. py:method:: add_mapper_to_idp(idp_alias: str, payload: dict) -> bytes Create an ID Provider. IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identityprovidermapperrepresentation :param: idp_alias: alias for Idp to add mapper in :type idp_alias: str :param: payload: IdentityProviderMapperRepresentation :type payload: dict :returns: Keycloak server response :rtype: bytes .. py:method:: update_mapper_in_idp(idp_alias: str, mapper_id: str, payload: dict) -> dict Update an IdP mapper. IdentityProviderMapperRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_update :param: idp_alias: alias for Idp to fetch mappers :type idp_alias: str :param: mapper_id: Mapper Id to update :type mapper_id: str :param: payload: IdentityProviderMapperRepresentation :type payload: dict :return: Http response :rtype: dict .. py:method:: get_idp_mappers(idp_alias: str) -> list Get IDP mappers. Returns a list of ID Providers mappers IdentityProviderMapperRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getmappers :param: idp_alias: alias for Idp to fetch mappers :type idp_alias: str :return: array IdentityProviderMapperRepresentation :rtype: list .. py:method:: get_idps() -> list Get IDPs. Returns a list of ID Providers, IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identityproviderrepresentation :return: array IdentityProviderRepresentation :rtype: list .. py:method:: get_idp(idp_alias: str) -> dict Get IDP provider. Get the representation of a specific IDP Provider. IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identityproviderrepresentation :param: idp_alias: alias for IdP to get :type idp_alias: str :return: IdentityProviderRepresentation :rtype: dict .. py:method:: delete_idp(idp_alias: str) -> dict Delete an ID Provider. :param: idp_alias: idp alias name :type idp_alias: str :returns: Keycloak server response :rtype: dict .. py:method:: create_user(payload: dict, exist_ok: bool = False) -> str Create a new user. Username must be unique UserRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userrepresentation :param payload: UserRepresentation :type payload: dict :param exist_ok: If False, raise KeycloakGetError if username already exists. Otherwise, return existing user ID. :type exist_ok: bool :return: user_id :rtype: str .. py:method:: users_count(query: dict | None = None) -> int Count users. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_users_resource :param query: (dict) Query parameters for users count :type query: dict :return: counter :rtype: int .. py:method:: get_user_id(username: str) -> str | None Get internal keycloak user id from username. This is required for further actions against this user. UserRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userrepresentation :param username: id in UserRepresentation :type username: str :return: user_id :rtype: str .. py:method:: get_user(user_id: str, user_profile_metadata: bool = False) -> dict Get representation of the user. UserRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userrepresentation :param user_id: User id :type user_id: str :param user_profile_metadata: Whether to include user profile metadata in the response :type user_profile_metadata: bool :return: UserRepresentation .. py:method:: get_user_groups(user_id: str, query: dict | None = None, brief_representation: bool = True) -> list Get user groups. Returns a list of groups of which the user is a member :param user_id: User id :type user_id: str :param query: Additional query options :type query: dict :param brief_representation: whether to omit attributes in the response :type brief_representation: bool :return: user groups list :rtype: list .. py:method:: update_user(user_id: str, payload: dict) -> dict Update the user. :param user_id: User id :type user_id: str :param payload: UserRepresentation :type payload: dict :return: Http response :rtype: bytes .. py:method:: disable_user(user_id: str) -> dict Disable the user from the realm. Disabled users can not log in. :param user_id: User id :type user_id: str :return: Http response :rtype: dict .. py:method:: enable_user(user_id: str) -> dict Enable the user from the realm. :param user_id: User id :type user_id: str :return: Http response :rtype: dict .. py:method:: disable_all_users() -> None Disable all existing users. .. py:method:: enable_all_users() -> None Disable all existing users. .. py:method:: delete_user(user_id: str) -> dict Delete the user. :param user_id: User id :type user_id: str :return: Http response :rtype: dict .. py:method:: set_user_password(user_id: str, password: str, temporary: bool = True) -> dict Set up a password for the user. If temporary is True, the user will have to reset the temporary password next time they log in. https://www.keycloak.org/docs-api/24.0.2/rest-api/#_users_resource https://www.keycloak.org/docs-api/24.0.2/rest-api/#_credentialrepresentation :param user_id: User id :type user_id: str :param password: New password :type password: str :param temporary: True if password is temporary :type temporary: bool :returns: Response :rtype: dict .. py:method:: get_credentials(user_id: str) -> list Get user credentials. Returns a list of credential belonging to the user. CredentialRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_credentialrepresentation :param: user_id: user id :type user_id: str :returns: Keycloak server response (CredentialRepresentation) :rtype: list .. py:method:: delete_credential(user_id: str, credential_id: str) -> dict Delete credential of the user. CredentialRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_credentialrepresentation :param: user_id: user id :type user_id: str :param: credential_id: credential id :type credential_id: str :return: Keycloak server response (ClientRepresentation) :rtype: dict .. py:method:: user_logout(user_id: str) -> dict Log out the user. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_logout :param user_id: User id :type user_id: str :returns: Keycloak server response :rtype: bytes .. py:method:: user_consents(user_id: str) -> list Get consents granted by the user. UserConsentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userconsentrepresentation :param user_id: User id :type user_id: str :returns: List of UserConsentRepresentations :rtype: list .. py:method:: revoke_consent(user_id: str, client_id: str) -> dict Revoke consent and offline tokens for particular client from user. :param user_id: User id :type user_id: str :param client_id: Client id :type client_id: str .. py:method:: get_user_social_logins(user_id: str) -> list Get user social logins. Returns a list of federated identities/social logins of which the user has been associated with :param user_id: User id :type user_id: str :returns: Federated identities list :rtype: list .. py:method:: add_user_social_login(user_id: str, provider_id: str, provider_userid: str, provider_username: str) -> dict Add a federated identity / social login provider to the user. :param user_id: User id :type user_id: str :param provider_id: Social login provider id :type provider_id: str :param provider_userid: userid specified by the provider :type provider_userid: str :param provider_username: username specified by the provider :type provider_username: str :returns: Keycloak server response :rtype: bytes .. py:method:: delete_user_social_login(user_id: str, provider_id: str) -> dict Delete a federated identity / social login provider from the user. :param user_id: User id :type user_id: str :param provider_id: Social login provider id :type provider_id: str :returns: Keycloak server response :rtype: dict .. py:method:: send_update_account(user_id: str, payload: list, client_id: str | None = None, lifespan: int | None = None, redirect_uri: str | None = None) -> dict Send an update account email to the user. An email contains a link the user can click to perform a set of required actions. :param user_id: User id :type user_id: str :param payload: A list of actions for the user to complete :type payload: list :param client_id: Client id (optional) :type client_id: str :param lifespan: Number of seconds after which the generated token expires (optional) :type lifespan: int :param redirect_uri: The redirect uri (optional) :type redirect_uri: str :returns: Keycloak server response :rtype: dict .. py:method:: send_verify_email(user_id: str, client_id: str | None = None, redirect_uri: str | None = None) -> dict Send a update account email to the user. An email contains a link the user can click to perform a set of required actions. :param user_id: User id :type user_id: str :param client_id: Client id (optional) :type client_id: str :param redirect_uri: Redirect uri (optional) :type redirect_uri: str :returns: Keycloak server response :rtype: dict .. py:method:: get_sessions(user_id: str) -> list Get sessions associated with the user. UserSessionRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_usersessionrepresentation :param user_id: Id of user :type user_id: str :return: UserSessionRepresentation :rtype: list .. py:method:: get_server_info() -> dict Get themes, social providers, etc. on this server. ServerInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_serverinforepresentation :return: ServerInfoRepresentation :rtype: dict .. py:method:: get_groups(query: dict | None = None, full_hierarchy: bool = False) -> list Get groups. Returns a list of groups belonging to the realm GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation Notice that when using full_hierarchy=True, the response will be a nested structure containing all the children groups. If used with query parameters, the full_hierarchy will be applied to the received groups only. :param query: Additional query options :type query: dict :param full_hierarchy: If True, return all of the nested children groups, otherwise only the first level children are returned :type full_hierarchy: bool :return: array GroupRepresentation :rtype: list .. py:method:: get_group(group_id: str, full_hierarchy: bool = False, query: dict | None = None) -> dict Get group by id. Returns full group details GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation :param group_id: The group id :type group_id: str :param full_hierarchy: If True, return all of the nested children groups, otherwise only the first level children are returned :type full_hierarchy: bool :param query: Additional query parameters passed into the subgroup fetch requests :type query: dict | None :return: Keycloak server response (GroupRepresentation) :rtype: dict .. py:method:: get_subgroups(group: dict, path: str) -> dict | None Get subgroups. Utility function to iterate through nested group structures GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation :param group: group (GroupRepresentation) :type group: dict :param path: group path (string) :type path: str :return: Keycloak server response (GroupRepresentation) :rtype: dict .. py:method:: get_group_children(group_id: str, query: dict | None = None, full_hierarchy: bool = False) -> list Get group children by parent id. Returns full group children details :param group_id: The parent group id :type group_id: str :param query: Additional query options :type query: dict :param full_hierarchy: If True, return all of the nested children groups :type full_hierarchy: bool :return: Keycloak server response (GroupRepresentation) :rtype: list :raises ValueError: If both query and full_hierarchy parameters are used .. py:method:: get_group_members(group_id: str, query: dict | None = None) -> list Get members by group id. Returns group members GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_userrepresentation :param group_id: The group id :type group_id: str :param query: Additional query parameters (see https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getmembers) :type query: dict :return: Keycloak server response (UserRepresentation) :rtype: list .. py:method:: get_group_by_path(path: str) -> dict Get group id based on name or path. Returns full group details for a group defined by path Raises an `KeycloakGetError` if the group was not found. GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation :param path: group path :type path: str :return: Keycloak server response (GroupRepresentation) :rtype: dict .. py:method:: create_group(payload: dict, parent: str | None = None, skip_exists: bool = False) -> str | None Create a group in the Realm. GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation :param payload: GroupRepresentation :type payload: dict :param parent: parent group's id. Required to create a sub-group. :type parent: str :param skip_exists: If true then do not raise an error if it already exists :type skip_exists: bool :return: Group id for newly created group or None for an existing group :rtype: str .. py:method:: update_group(group_id: str, payload: dict) -> dict Update group, ignores subgroups. GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation :param group_id: id of group :type group_id: str :param payload: GroupRepresentation with updated information. :type payload: dict :return: Http response :rtype: dict .. py:method:: groups_count(query: dict | None = None) -> dict Count groups. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_groups :param query: (dict) Query parameters for groups count :type query: dict :return: Keycloak Server Response :rtype: dict .. py:method:: group_set_permissions(group_id: str, enabled: bool = True) -> dict Enable/Disable permissions for a group. Cannot delete group if disabled :param group_id: id of group :type group_id: str :param enabled: Enabled flag :type enabled: bool :return: Keycloak server response :rtype: dict .. py:method:: group_user_add(user_id: str, group_id: str) -> dict Add user to group (user_id and group_id). :param user_id: id of user :type user_id: str :param group_id: id of group to add to :type group_id: str :return: Keycloak server response :rtype: dict .. py:method:: group_user_remove(user_id: str, group_id: str) -> dict Remove user from group (user_id and group_id). :param user_id: id of user :type user_id: str :param group_id: id of group to remove from :type group_id: str :return: Keycloak server response :rtype: dict .. py:method:: delete_group(group_id: str) -> dict Delete a group in the Realm. :param group_id: id of group to delete :type group_id: str :return: Keycloak server response :rtype: dict .. py:method:: get_clients() -> list Get clients. Returns a list of clients belonging to the realm ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :return: Keycloak server response (ClientRepresentation) :rtype: list .. py:method:: get_client(client_id: str) -> dict Get representation of the client. ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :param client_id: id of client (not client-id) :type client_id: str :return: Keycloak server response (ClientRepresentation) :rtype: dict .. py:method:: get_client_id(client_id: str) -> str | None Get internal keycloak client id from client-id. This is required for further actions against this client. :param client_id: clientId in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: client_id (uuid as string) :rtype: str .. py:method:: get_client_authz_settings(client_id: str) -> dict Get authorization json from client. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: Keycloak server response :rtype: dict .. py:method:: import_client_authz_config(client_id: str, payload: dict) -> dict Import client authorization configuration. ResourceServerRepresentation https://www.keycloak.org/docs-api/latest/rest-api/index.html#ResourceServerRepresentation :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param payload: ResourceServerRepresentation :type payload: dict :return: None .. py:method:: create_client_authz_resource(client_id: str, payload: dict, skip_exists: bool = False) -> dict Create resources of client. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param payload: ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :type payload: dict :param skip_exists: Skip the creation in case the resource exists :type skip_exists: bool :return: Keycloak server response :rtype: dict .. py:method:: update_client_authz_resource(client_id: str, resource_id: str, payload: dict) -> dict Update resource of client. Any parameter missing from the ResourceRepresentation in the payload WILL be set to default by the Keycloak server. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param payload: ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :type payload: dict :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param resource_id: id in ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :type resource_id: str :return: Keycloak server response :rtype: bytes .. py:method:: delete_client_authz_resource(client_id: str, resource_id: str) -> dict Delete a client resource. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param resource_id: id in ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :type resource_id: str :return: Keycloak server response :rtype: dict .. py:method:: get_client_authz_resources(client_id: str) -> list Get resources from client. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: Keycloak server response (ResourceRepresentation) :rtype: list .. py:method:: get_client_authz_resource(client_id: str, resource_id: str) -> dict Get a client resource. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param resource_id: id in ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :type resource_id: str :return: Keycloak server response (ResourceRepresentation) :rtype: dict .. py:method:: create_client_authz_role_based_policy(client_id: str, payload: dict, skip_exists: bool = False) -> dict Create role-based policy of client. Payload example:: payload={ "type": "role", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "name": "Policy-1", "roles": [ { "id": id } ] } :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param payload: No Document :type payload: dict :param skip_exists: Skip creation in case the object exists :type skip_exists: bool :return: Keycloak server response :rtype: bytes .. py:method:: create_client_authz_policy(client_id: str, payload: dict, skip_exists: bool = False) -> dict Create an authz policy of client. Payload example:: payload={ "name": "Policy-time-based", "type": "time", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "hourEnd": "18", "hour": "9" } } :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param payload: No Document :type payload: dict :param skip_exists: Skip creation in case the object exists :type skip_exists: bool :return: Keycloak server response :rtype: dict .. py:method:: create_client_authz_resource_based_permission(client_id: str, payload: dict, skip_exists: bool = False) -> dict Create resource-based permission of client. Payload example:: payload={ "type": "resource", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "name": "Permission-Name", "resources": [ resource_id ], "policies": [ policy_id ] :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param payload: PolicyRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation :type payload: dict :param skip_exists: Skip creation in case the object already exists :type skip_exists: bool :return: Keycloak server response :rtype: dict .. py:method:: get_client_authz_scopes(client_id: str) -> list Get scopes from client. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: Keycloak server response :rtype: list .. py:method:: create_client_authz_scopes(client_id: str, payload: dict) -> dict Create scopes for client. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :param payload: ScopeRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_ScopeRepresentation :type payload: dict :type client_id: str :return: Keycloak server response :rtype: dict .. py:method:: get_client_authz_permissions(client_id: str) -> list Get permissions from client. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: Keycloak server response :rtype: list .. py:method:: get_client_authz_policies(client_id: str) -> list Get policies from client. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: Keycloak server response :rtype: list .. py:method:: delete_client_authz_policy(client_id: str, policy_id: str) -> dict Delete a policy from client. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param policy_id: id in PolicyRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation :type policy_id: str :return: Keycloak server response :rtype: dict .. py:method:: get_client_authz_policy(client_id: str, policy_id: str) -> dict Get a policy from client. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param policy_id: id in PolicyRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation :type policy_id: str :return: Keycloak server response :rtype: dict .. py:method:: get_client_service_account_user(client_id: str) -> dict Get service account user from client. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: UserRepresentation :rtype: dict .. py:method:: get_client_default_client_scopes(client_id: str) -> list Get all default client scopes from client. :param client_id: id of the client in which the new default client scope should be added :type client_id: str :return: list of client scopes with id and name :rtype: list .. py:method:: add_client_default_client_scope(client_id: str, client_scope_id: str, payload: dict) -> dict Add a client scope to the default client scopes from client. Payload example:: payload={ "realm":"testrealm", "client":"aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "clientScopeId":"bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb" } :param client_id: id of the client in which the new default client scope should be added :type client_id: str :param client_scope_id: id of the new client scope that should be added :type client_scope_id: str :param payload: dictionary with realm, client and clientScopeId :type payload: dict :return: Http response :rtype: dict .. py:method:: delete_client_default_client_scope(client_id: str, client_scope_id: str) -> dict Delete a client scope from the default client scopes of the client. :param client_id: id of the client in which the default client scope should be deleted :type client_id: str :param client_scope_id: id of the client scope that should be deleted :type client_scope_id: str :return: list of client scopes with id and name :rtype: dict .. py:method:: get_client_optional_client_scopes(client_id: str) -> list Get all optional client scopes from client. :param client_id: id of the client in which the new optional client scope should be added :type client_id: str :return: list of client scopes with id and name :rtype: list .. py:method:: add_client_optional_client_scope(client_id: str, client_scope_id: str, payload: dict) -> dict Add a client scope to the optional client scopes from client. Payload example:: payload={ "realm":"testrealm", "client":"aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "clientScopeId":"bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb" } :param client_id: id of the client in which the new optional client scope should be added :type client_id: str :param client_scope_id: id of the new client scope that should be added :type client_scope_id: str :param payload: dictionary with realm, client and clientScopeId :type payload: dict :return: Http response :rtype: dict .. py:method:: delete_client_optional_client_scope(client_id: str, client_scope_id: str) -> dict Delete a client scope from the optional client scopes of the client. :param client_id: id of the client in which the optional client scope should be deleted :type client_id: str :param client_scope_id: id of the client scope that should be deleted :type client_scope_id: str :return: list of client scopes with id and name :rtype: dict .. py:method:: create_initial_access_token(count: int = 1, expiration: int = 1) -> dict Create an initial access token. :param count: Number of clients that can be registered :type count: int :param expiration: Days until expireation :type expiration: int :return: initial access token :rtype: dict .. py:method:: create_client(payload: dict, skip_exists: bool = False) -> str Create a client. ClientRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :param skip_exists: If true then do not raise an error if client already exists :type skip_exists: bool :param payload: ClientRepresentation :type payload: dict :return: Client ID :rtype: str .. py:method:: update_client(client_id: str, payload: dict) -> dict Update a client. :param client_id: Client id :type client_id: str :param payload: ClientRepresentation :type payload: dict :return: Http response :rtype: dict .. py:method:: delete_client(client_id: str) -> dict Get representation of the client. ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :param client_id: keycloak client id (not oauth client-id) :type client_id: str :return: Keycloak server response (ClientRepresentation) :rtype: dict .. py:method:: get_client_installation_provider(client_id: str, provider_id: str) -> dict Get content for given installation provider. Related documentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clients_resource Possible provider_id list available in the ServerInfoRepresentation#clientInstallations https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_serverinforepresentation :param client_id: Client id :type client_id: str :param provider_id: provider id to specify response format :type provider_id: str :returns: Installation providers :rtype: dict .. py:method:: get_realm_users_profile() -> dict Get list of attributes and group for given realm. Related documentation: https://www.keycloak.org/docs-api/26.0.0/rest-api/index.html#_get_adminrealmsrealmusersprofile Return https://www.keycloak.org/docs-api/26.0.0/rest-api/index.html#UPConfig :returns: UPConfig .. py:method:: get_realm_roles(brief_representation: bool = True, search_text: str = '', query: dict | None = None) -> list Get all roles for the realm or client. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param brief_representation: whether to omit role attributes in the response :type brief_representation: bool :param search_text: optional search text to limit the returned result. :type search_text: str :param query: Query parameters (optional) :type query: dict :return: Keycloak server response (RoleRepresentation) :rtype: list .. py:method:: get_realm_role_groups(role_name: str, query: dict | None = None, brief_representation: bool = True) -> list Get role groups of realm by role name. :param role_name: Name of the role. :type role_name: str :param query: Additional Query parameters (see https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_parameters_226) :type query: dict :param brief_representation: whether to omit role attributes in the response :type brief_representation: bool :return: Keycloak Server Response (GroupRepresentation) :rtype: list .. py:method:: get_realm_role_members(role_name: str, query: dict | None = None) -> list Get role members of realm by role name. :param role_name: Name of the role. :type role_name: str :param query: Additional Query parameters (see https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_roles_resource) :type query: dict :return: Keycloak Server Response (UserRepresentation) :rtype: list .. py:method:: get_default_realm_role_id() -> str Get the ID of the default realm role. :return: Realm role ID :rtype: str .. py:method:: get_realm_default_roles() -> list Get all the default realm roles. :return: Keycloak Server Response (UserRepresentation) :rtype: list .. py:method:: remove_realm_default_roles(payload: list) -> dict Remove a set of default realm roles. :param payload: List of RoleRepresentations :type payload: list :return: Keycloak Server Response :rtype: dict .. py:method:: add_realm_default_roles(payload: list) -> dict Add a set of default realm roles. :param payload: List of RoleRepresentations :type payload: list :return: Keycloak Server Response :rtype: dict .. py:method:: get_client_roles(client_id: str, brief_representation: bool = True) -> list Get all roles for the client. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param client_id: id of client (not client-id) :type client_id: str :param brief_representation: whether to omit role attributes in the response :type brief_representation: bool :return: Keycloak server response (RoleRepresentation) :rtype: list .. py:method:: get_client_role(client_id: str, role_name: str) -> dict Get client role by name. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param client_id: id of client (not client-id) :type client_id: str :param role_name: role's name (not id!) :type role_name: str :return: Role object :rtype: dict .. py:method:: get_client_role_id(client_id: str, role_name: str) -> str | None Get client role id by name. This is required for further actions with this role. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param client_id: id of client (not client-id) :type client_id: str :param role_name: role's name (not id!) :type role_name: str :return: role_id :rtype: str .. py:method:: create_client_role(client_role_id: str, payload: dict, skip_exists: bool = False) -> str Create a client role. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param client_role_id: id of client (not client-id) :type client_role_id: str :param payload: RoleRepresentation :type payload: dict :param skip_exists: If true then do not raise an error if client role already exists :type skip_exists: bool :return: Client role name :rtype: str .. py:method:: add_composite_client_roles_to_role(client_role_id: str, role_name: str, roles: str | list) -> dict Add composite roles to client role. :param client_role_id: id of client (not client-id) :type client_role_id: str :param role_name: The name of the role :type role_name: str :param roles: roles list or role (use RoleRepresentation) to be updated :type roles: list :return: Keycloak server response :rtype: bytes .. py:method:: remove_composite_client_roles_from_role(client_role_id: str, role_name: str, roles: str | list) -> dict Remove composite roles from a client role. :param client_role_id: id of client (not client-id) :type client_role_id: str :param role_name: The name of the role :type role_name: str :param roles: roles list or role (use RoleRepresentation) to be removed :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: update_client_role(client_id: str, role_name: str, payload: dict) -> dict Update a client role. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param client_id: id of client (not client-id) :type client_id: str :param role_name: role's name (not id!) :type role_name: str :param payload: RoleRepresentation :type payload: dict :returns: Keycloak server response :rtype: dict .. py:method:: delete_client_role(client_role_id: str, role_name: str) -> dict Delete a client role. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param client_role_id: id of client (not client-id) :type client_role_id: str :param role_name: role's name (not id!) :type role_name: str :returns: Keycloak server response :rtype: dict .. py:method:: assign_client_role(user_id: str, client_id: str, roles: str | list) -> dict Assign a client role to a user. :param user_id: id of user :type user_id: str :param client_id: id of client (not client-id) :type client_id: str :param roles: roles list or role (use RoleRepresentation) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: get_client_role_members(client_id: str, role_name: str, **query: Any) -> list Get members by client role. :param client_id: The client id :type client_id: str :param role_name: the name of role to be queried. :type role_name: str :param query: Additional query parameters (see https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clients_resource) :type query: dict :return: Keycloak server response (UserRepresentation) :rtype: list .. py:method:: get_client_role_groups(client_id: str, role_name: str, **query: Any) -> list Get group members by client role. :param client_id: The client id :type client_id: str :param role_name: the name of role to be queried. :type role_name: str :param query: Additional query parameters (see https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clients_resource) :type query: dict :return: Keycloak server response :rtype: list .. py:method:: get_role_by_id(role_id: str) -> dict Get a specific role's representation. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param role_id: id of role :type role_id: str :return: Keycloak server response (RoleRepresentation) :rtype: dict .. py:method:: update_role_by_id(role_id: str, payload: dict) -> dict Update the role. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param payload: RoleRepresentation :type payload: dict :param role_id: id of role :type role_id: str :returns: Keycloak server response :rtype: dict .. py:method:: delete_role_by_id(role_id: str) -> dict Delete a role by its id. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param role_id: id of role :type role_id: str :returns: Keycloak server response :rtype: dict .. py:method:: get_role_composites_by_id(role_id: str, query: dict | None = None) -> list Get all composite roles by role id. :param role_id: id of role :type role_id: str :param query: Query parameters (optional). Supported keys: 'first', 'max', 'search' :type query: dict :return: Keycloak server response (RoleRepresentation) :rtype: list .. py:method:: create_realm_role(payload: dict, skip_exists: bool = False) -> str Create a new role for the realm or client. :param payload: The role (use RoleRepresentation) :type payload: dict :param skip_exists: If true then do not raise an error if realm role already exists :type skip_exists: bool :return: Realm role name :rtype: str .. py:method:: get_realm_role(role_name: str) -> dict Get realm role by role name. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param role_name: role's name, not id! :type role_name: str :return: role :rtype: dict .. py:method:: get_realm_role_by_id(role_id: str) -> dict Get realm role by role id. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param role_id: role's id, not name! :type role_id: str :return: role :rtype: dict .. py:method:: update_realm_role(role_name: str, payload: dict) -> dict Update a role for the realm by name. :param role_name: The name of the role to be updated :type role_name: str :param payload: The role (use RoleRepresentation) :type payload: dict :return: Keycloak server response :rtype: bytes .. py:method:: update_realm_users_profile(payload: dict) -> dict Update realm users profile for the current realm. :param up_config: List of attributes, groups, unmamagedAttributePolicy Related documentation: https://www.keycloak.org/docs-api/26.0.0/rest-api/index.html#UPConfig .. py:method:: delete_realm_role(role_name: str) -> dict Delete a role for the realm by name. :param role_name: The role name :type role_name: str :return: Keycloak server response :rtype: dict .. py:method:: add_composite_realm_roles_to_role(role_name: str, roles: str | list) -> dict Add composite roles to the role. :param role_name: The name of the role :type role_name: str :param roles: roles list or role (use RoleRepresentation) to be updated :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: remove_composite_realm_roles_to_role(role_name: str, roles: str | list) -> dict Remove composite roles from the role. :param role_name: The name of the role :type role_name: str :param roles: roles list or role (use RoleRepresentation) to be removed :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: get_composite_realm_roles_of_role(role_name: str) -> list Get composite roles of the role. :param role_name: The name of the role :type role_name: str :return: Keycloak server response (array RoleRepresentation) :rtype: list .. py:method:: get_composite_client_roles_of_role(client_id: str, role_name: str) -> list Get composite roles of the client role. :param client_id: The id of the client :type client_id: str :param role_name: The name of the role :type role_name: str :return: Keycloak server response (array RoleRepresentation) :rtype: list .. py:method:: assign_realm_roles_to_client_scope(client_id: str, roles: str | list) -> dict Assign realm roles to a client's scope. :param client_id: id of client (not client-id) :type client_id: str :param roles: roles list or role (use RoleRepresentation) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: delete_realm_roles_of_client_scope(client_id: str, roles: str | list) -> dict Delete realm roles of a client's scope. :param client_id: id of client (not client-id) :type client_id: str :param roles: roles list or role (use RoleRepresentation) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: get_realm_roles_of_client_scope(client_id: str) -> list Get all realm roles for a client's scope. :param client_id: id of client (not client-id) :type client_id: str :return: Keycloak server response (array RoleRepresentation) :rtype: list .. py:method:: assign_client_roles_to_client_scope(client_id: str, client_roles_owner_id: str, roles: str | list) -> dict Assign client roles to a client's dedicated scope. To assign roles to a client scope, use add_client_specific_roles_to_client_scope. :param client_id: id of client (not client-id) who is assigned the roles :type client_id: str :param client_roles_owner_id: id of client (not client-id) who has the roles :type client_roles_owner_id: str :param roles: roles list or role (use RoleRepresentation) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: delete_client_roles_of_client_scope(client_id: str, client_roles_owner_id: str, roles: str | list) -> dict Delete client roles of a client's dedicated scope. To delete roles from a client scope, use remove_client_specific_roles_of_client_scope. :param client_id: id of client (not client-id) who is assigned the roles :type client_id: str :param client_roles_owner_id: id of client (not client-id) who has the roles :type client_roles_owner_id: str :param roles: roles list or role (use RoleRepresentation) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: get_client_roles_of_client_scope(client_id: str, client_roles_owner_id: str) -> list Get all client roles for a client's dedicated scope. To get roles for a client scope, use get_client_specific_roles_of_client_scope. :param client_id: id of client (not client-id) :type client_id: str :param client_roles_owner_id: id of client (not client-id) who has the roles :type client_roles_owner_id: str :return: Keycloak server response (array RoleRepresentation) :rtype: list .. py:method:: assign_realm_roles(user_id: str, roles: str | list) -> dict Assign realm roles to a user. :param user_id: id of user :type user_id: str :param roles: roles list or role (use RoleRepresentation) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: delete_realm_roles_of_user(user_id: str, roles: str | list) -> dict Delete realm roles of a user. :param user_id: id of user :type user_id: str :param roles: roles list or role (use RoleRepresentation) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: get_realm_roles_of_user(user_id: str) -> list Get all realm roles for a user. :param user_id: id of user :type user_id: str :return: Keycloak server response (array RoleRepresentation) :rtype: list .. py:method:: get_available_realm_roles_of_user(user_id: str) -> list Get all available (i.e. unassigned) realm roles for a user. :param user_id: id of user :type user_id: str :return: Keycloak server response (array RoleRepresentation) :rtype: list .. py:method:: get_composite_realm_roles_of_user(user_id: str, brief_representation: bool = True) -> list Get all composite (i.e. implicit) realm roles for a user. :param user_id: id of user :type user_id: str :param brief_representation: whether to omit role attributes in the response :type brief_representation: bool :return: Keycloak server response (array RoleRepresentation) :rtype: list .. py:method:: assign_group_realm_roles(group_id: str, roles: str | list) -> dict Assign realm roles to a group. :param group_id: id of group :type group_id: str :param roles: roles list or role (use GroupRoleRepresentation) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: delete_group_realm_roles(group_id: str, roles: str | list) -> dict Delete realm roles of a group. :param group_id: id of group :type group_id: str :param roles: roles list or role (use GroupRoleRepresentation) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: get_group_realm_roles(group_id: str, brief_representation: bool = True) -> list Get all realm roles for a group. :param group_id: id of the group :type group_id: str :param brief_representation: whether to omit role attributes in the response :type brief_representation: bool :return: Keycloak server response (array RoleRepresentation) :rtype: list .. py:method:: assign_group_client_roles(group_id: str, client_id: str, roles: str | list) -> dict Assign client roles to a group. :param group_id: id of group :type group_id: str :param client_id: id of client (not client-id) :type client_id: str :param roles: roles list or role (use GroupRoleRepresentation) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: get_group_client_roles(group_id: str, client_id: str) -> list Get client roles of a group. :param group_id: id of group :type group_id: str :param client_id: id of client (not client-id) :type client_id: str :return: Keycloak server response :rtype: list .. py:method:: delete_group_client_roles(group_id: str, client_id: str, roles: str | list) -> dict Delete client roles of a group. :param group_id: id of group :type group_id: str :param client_id: id of client (not client-id) :type client_id: str :param roles: roles list or role (use GroupRoleRepresentation) :type roles: list :return: Keycloak server response (array RoleRepresentation) :rtype: dict .. py:method:: get_all_roles_of_user(user_id: str) -> dict Get all level roles for a user. :param user_id: id of user :type user_id: str :return: Keycloak server response (MappingsRepresentation) :rtype: dict .. py:method:: get_client_roles_of_user(user_id: str, client_id: str) -> list Get all client roles for a user. :param user_id: id of user :type user_id: str :param client_id: id of client (not client-id) :type client_id: str :return: Keycloak server response (array RoleRepresentation) :rtype: list .. py:method:: get_available_client_roles_of_user(user_id: str, client_id: str) -> list Get available client role-mappings for a user. :param user_id: id of user :type user_id: str :param client_id: id of client (not client-id) :type client_id: str :return: Keycloak server response (array RoleRepresentation) :rtype: list .. py:method:: get_composite_client_roles_of_user(user_id: str, client_id: str, brief_representation: bool = False) -> list Get composite client role-mappings for a user. :param user_id: id of user :type user_id: str :param client_id: id of client (not client-id) :type client_id: str :param brief_representation: whether to omit attributes in the response :type brief_representation: bool :return: Keycloak server response (array RoleRepresentation) :rtype: list .. py:method:: _get_client_roles_of_user(client_level_role_mapping_url: str, user_id: str, client_id: str, **params: Any) -> list Get client roles of a single user helper. :param client_level_role_mapping_url: Url for the client role mapping :type client_level_role_mapping_url: str :param user_id: User id :type user_id: str :param client_id: Client id :type client_id: str :param params: Additional parameters :type params: dict :returns: Client roles of a user :rtype: list .. py:method:: delete_client_roles_of_user(user_id: str, client_id: str, roles: str | list) -> dict Delete client roles from a user. :param user_id: id of user :type user_id: str :param client_id: id of client containing role (not client-id) :type client_id: str :param roles: roles list or role to delete (use RoleRepresentation) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: get_authentication_flows() -> list Get authentication flows. Returns all flow details AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationflowrepresentation :return: Keycloak server response (AuthenticationFlowRepresentation) :rtype: list .. py:method:: get_authentication_flow_for_id(flow_id: str) -> dict Get one authentication flow by it's id. Returns all flow details AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationflowrepresentation :param flow_id: the id of a flow NOT it's alias :type flow_id: str :return: Keycloak server response (AuthenticationFlowRepresentation) :rtype: dict .. py:method:: create_authentication_flow(payload: dict, skip_exists: bool = False) -> bytes Create a new authentication flow. AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationflowrepresentation :param payload: AuthenticationFlowRepresentation :type payload: dict :param skip_exists: Do not raise an error if authentication flow already exists :type skip_exists: bool :return: Keycloak server response (RoleRepresentation) :rtype: bytes .. py:method:: update_authentication_flow(flow_id: str, payload: dict) -> dict Update an authentication flow. AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationflowrepresentation :param flow_id: The id of the flow :type flow_id: str :param payload: AuthenticationFlowRepresentation :type payload: dict :return: Keycloak server response :rtype: dict .. py:method:: copy_authentication_flow(payload: dict, flow_alias: str) -> bytes Copy existing authentication flow under a new name. The new name is given as 'newName' attribute of the passed payload. :param payload: JSON containing 'newName' attribute :type payload: dict :param flow_alias: the flow alias :type flow_alias: str :return: Keycloak server response (RoleRepresentation) :rtype: bytes .. py:method:: delete_authentication_flow(flow_id: str) -> dict Delete authentication flow. AuthenticationInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationinforepresentation :param flow_id: authentication flow id :type flow_id: str :return: Keycloak server response :rtype: dict .. py:method:: get_authentication_flow_executions(flow_alias: str) -> list Get authentication flow executions. Returns all execution steps :param flow_alias: the flow alias :type flow_alias: str :return: Response(json) :rtype: list .. py:method:: update_authentication_flow_executions(payload: dict, flow_alias: str) -> dict Update an authentication flow execution. AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationexecutioninforepresentation :param payload: AuthenticationExecutionInfoRepresentation :type payload: dict :param flow_alias: The flow alias :type flow_alias: str :return: Keycloak server response :rtype: dict .. py:method:: get_authentication_flow_execution(execution_id: str) -> dict Get authentication flow execution. AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationexecutioninforepresentation :param execution_id: the execution ID :type execution_id: str :return: Response(json) :rtype: dict .. py:method:: create_authentication_flow_execution(payload: dict, flow_alias: str) -> bytes Create an authentication flow execution. AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationexecutioninforepresentation :param payload: AuthenticationExecutionInfoRepresentation :type payload: dict :param flow_alias: The flow alias :type flow_alias: str :return: Keycloak server response :rtype: bytes .. py:method:: delete_authentication_flow_execution(execution_id: str) -> dict Delete authentication flow execution. AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationexecutioninforepresentation :param execution_id: keycloak client id (not oauth client-id) :type execution_id: str :return: Keycloak server response (json) :rtype: dict .. py:method:: change_execution_priority(execution_id: str, diff: int) -> None Raise or lower execution priority of diff time. :param execution_id: The ID of the execution :type execution_id: str :param diff: The difference in priority, positive to raise, negative to lower, the value is the number of times :type diff: int :raises KeycloakPostError: when post requests are failed .. py:method:: create_authentication_flow_subflow(payload: dict, flow_alias: str, skip_exists: bool = False) -> bytes Create a new sub authentication flow for a given authentication flow. AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationflowrepresentation :param payload: AuthenticationFlowRepresentation :type payload: dict :param flow_alias: The flow alias :type flow_alias: str :param skip_exists: Do not raise an error if authentication flow already exists :type skip_exists: bool :return: Keycloak server response (RoleRepresentation) :rtype: bytes .. py:method:: get_authenticator_providers() -> list Get authenticator providers list. :return: Authenticator providers :rtype: list .. py:method:: get_authenticator_provider_config_description(provider_id: str) -> dict Get authenticator's provider configuration description. AuthenticatorConfigInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticatorconfiginforepresentation :param provider_id: Provider Id :type provider_id: str :return: AuthenticatorConfigInfoRepresentation :rtype: dict .. py:method:: get_authenticator_config(config_id: str) -> dict Get authenticator configuration. Returns all configuration details. :param config_id: Authenticator config id :type config_id: str :return: Response(json) :rtype: dict .. py:method:: create_execution_config(execution_id: str, payload: dict) -> bytes Update execution with new configuration. AuthenticatorConfigRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticatorconfigrepresentation :param execution_id: The ID of the execution :type execution_id: str :param payload: Configuration to add to the execution :type payload: dir :return: Response(json) :rtype: bytes .. py:method:: update_authenticator_config(payload: dict, config_id: str) -> dict Update an authenticator configuration. AuthenticatorConfigRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticatorconfigrepresentation :param payload: AuthenticatorConfigRepresentation :type payload: dict :param config_id: Authenticator config id :type config_id: str :return: Response(json) :rtype: dict .. py:method:: delete_authenticator_config(config_id: str) -> dict Delete a authenticator configuration. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authentication_management_resource :param config_id: Authenticator config id :type config_id: str :return: Keycloak server Response :rtype: dict .. py:method:: sync_users(storage_id: str, action: str) -> dict Trigger user sync from provider. :param storage_id: The id of the user storage provider :type storage_id: str :param action: Action can be "triggerFullSync" or "triggerChangedUsersSync" :type action: str :return: Keycloak server response :rtype: dict .. py:method:: get_client_scopes() -> list Get client scopes. Get representation of the client scopes for the realm where we are connected to https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientscopes :return: Keycloak server response Array of (ClientScopeRepresentation) :rtype: list .. py:method:: get_client_scope(client_scope_id: str) -> dict Get client scope. Get representation of the client scopes for the realm where we are connected to https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientscopes :param client_scope_id: The id of the client scope :type client_scope_id: str :return: Keycloak server response (ClientScopeRepresentation) :rtype: dict .. py:method:: get_client_scope_by_name(client_scope_name: str) -> dict | None Get client scope by name. Get representation of the client scope identified by the client scope name. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientscopes :param client_scope_name: (str) Name of the client scope :type client_scope_name: str :returns: ClientScopeRepresentation or None :rtype: dict .. py:method:: create_client_scope(payload: dict, skip_exists: bool = False) -> str Create a client scope. ClientScopeRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientscopes :param payload: ClientScopeRepresentation :type payload: dict :param skip_exists: If true then do not raise an error if client scope already exists :type skip_exists: bool :return: Client scope id :rtype: str .. py:method:: update_client_scope(client_scope_id: str, payload: dict) -> dict Update a client scope. ClientScopeRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_client_scopes_resource :param client_scope_id: The id of the client scope :type client_scope_id: str :param payload: ClientScopeRepresentation :type payload: dict :return: Keycloak server response (ClientScopeRepresentation) :rtype: dict .. py:method:: delete_client_scope(client_scope_id: str) -> dict Delete existing client scope. ClientScopeRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_client_scopes_resource :param client_scope_id: The id of the client scope :type client_scope_id: str :return: Keycloak server response :rtype: dict .. py:method:: get_mappers_from_client_scope(client_scope_id: str) -> list Get a list of all mappers connected to the client scope. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_protocol_mappers_resource :param client_scope_id: Client scope id :type client_scope_id: str :returns: Keycloak server response (ProtocolMapperRepresentation) :rtype: list .. py:method:: add_mapper_to_client_scope(client_scope_id: str, payload: dict) -> bytes Add a mapper to a client scope. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_create_mapper :param client_scope_id: The id of the client scope :type client_scope_id: str :param payload: ProtocolMapperRepresentation :type payload: dict :return: Keycloak server Response :rtype: bytes .. py:method:: delete_mapper_from_client_scope(client_scope_id: str, protocol_mapper_id: str) -> dict Delete a mapper from a client scope. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_delete_mapper :param client_scope_id: The id of the client scope :type client_scope_id: str :param protocol_mapper_id: Protocol mapper id :type protocol_mapper_id: str :return: Keycloak server Response :rtype: dict .. py:method:: update_mapper_in_client_scope(client_scope_id: str, protocol_mapper_id: str, payload: dict) -> dict Update an existing protocol mapper in a client scope. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_protocol_mappers_resource :param client_scope_id: The id of the client scope :type client_scope_id: str :param protocol_mapper_id: The id of the protocol mapper which exists in the client scope and should to be updated :type protocol_mapper_id: str :param payload: ProtocolMapperRepresentation :type payload: dict :return: Keycloak server Response :rtype: dict .. py:method:: get_default_default_client_scopes() -> list Get default default client scopes. Return list of default default client scopes :return: Keycloak server response :rtype: list .. py:method:: delete_default_default_client_scope(scope_id: str) -> dict Delete default default client scope. :param scope_id: default default client scope id :type scope_id: str :return: Keycloak server response :rtype: dict .. py:method:: add_default_default_client_scope(scope_id: str) -> dict Add default default client scope. :param scope_id: default default client scope id :type scope_id: str :return: Keycloak server response :rtype: dict .. py:method:: get_default_optional_client_scopes() -> list Get default optional client scopes. Return list of default optional client scopes :return: Keycloak server response :rtype: list .. py:method:: delete_default_optional_client_scope(scope_id: str) -> dict Delete default optional client scope. :param scope_id: default optional client scope id :type scope_id: str :return: Keycloak server response :rtype: dict .. py:method:: add_default_optional_client_scope(scope_id: str) -> dict Add default optional client scope. :param scope_id: default optional client scope id :type scope_id: str :return: Keycloak server response :rtype: dict .. py:method:: add_client_specific_roles_to_client_scope(client_scope_id: str, client_roles_owner_id: str, roles: str | list) -> dict Assign client roles to a client scope. To assign roles to a client's dedicated scope, use assign_client_roles_to_client_scope. :param client_scope_id: client scope id :type client_scope_id: str :param client_roles_owner_id: id of client (not client-id) who has the roles :type client_roles_owner_id: str :param roles: roles list or role (use RoleRepresentation, must include id and name) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: remove_client_specific_roles_of_client_scope(client_scope_id: str, client_roles_owner_id: str, roles: str | list) -> dict Delete client roles of a client scope. To delete roles from a client's dedicated scope, use delete_client_roles_of_client_scope. :param client_scope_id: client scope id :type client_scope_id: str :param client_roles_owner_id: id of client (not client-id) who has the roles :type client_roles_owner_id: str :param roles: roles list or role (use RoleRepresentation, must include id and name) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: get_client_specific_roles_of_client_scope(client_scope_id: str, client_roles_owner_id: str) -> list Get client roles for a client scope, for a specific client. To get roles for a client's dedicated scope, use get_client_roles_of_client_scope. :param client_scope_id: client scope id :type client_scope_id: str :param client_roles_owner_id: id of client (not client-id) who has the roles :type client_roles_owner_id: str :return: Keycloak server response (array RoleRepresentation) :rtype: list .. py:method:: get_all_roles_of_client_scope(client_scope_id: str) -> dict Get all client roles for a client scope. To get roles for a client's dedicated scope, use get_client_roles_of_client_scope. :param client_scope_id: client scope id :type client_scope_id: str :return: Keycloak server response (array RoleRepresentation) :rtype: dict .. py:method:: get_mappers_from_client(client_id: str) -> list List of all client mappers. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_protocolmapperrepresentation :param client_id: Client id :type client_id: str :returns: KeycloakServerResponse (list of ProtocolMapperRepresentation) :rtype: list .. py:method:: add_mapper_to_client(client_id: str, payload: dict) -> bytes Add a mapper to a client. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_create_mapper :param client_id: The id of the client :type client_id: str :param payload: ProtocolMapperRepresentation :type payload: dict :return: Keycloak server Response :rtype: bytes .. py:method:: update_client_mapper(client_id: str, mapper_id: str, payload: dict) -> dict Update client mapper. :param client_id: The id of the client :type client_id: str :param mapper_id: The id of the mapper to be deleted :type mapper_id: str :param payload: ProtocolMapperRepresentation :type payload: dict :return: Keycloak server response :rtype: dict .. py:method:: remove_client_mapper(client_id: str, client_mapper_id: str) -> dict Remove a mapper from the client. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_protocol_mappers_resource :param client_id: The id of the client :type client_id: str :param client_mapper_id: The id of the mapper to be deleted :type client_mapper_id: str :return: Keycloak server response :rtype: bytes .. py:method:: generate_client_secrets(client_id: str) -> dict Generate a new secret for the client. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_regeneratesecret :param client_id: id of client (not client-id) :type client_id: str :return: Keycloak server response (ClientRepresentation) :rtype: dict .. py:method:: get_client_secrets(client_id: str) -> dict Get representation of the client secrets. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientsecret :param client_id: id of client (not client-id) :type client_id: str :return: Keycloak server response (ClientRepresentation) :rtype: dict .. py:method:: get_components(query: dict | None = None) -> list Get components. Return a list of components, filtered according to query parameters ComponentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_componentrepresentation :param query: Query parameters (optional) :type query: dict :return: components list :rtype: list .. py:method:: create_component(payload: dict) -> str Create a new component. ComponentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_componentrepresentation :param payload: ComponentRepresentation :type payload: dict :return: Component id :rtype: str .. py:method:: get_component(component_id: str) -> dict Get representation of the component. :param component_id: Component id ComponentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_componentrepresentation :param component_id: Id of the component :type component_id: str :return: ComponentRepresentation :rtype: dict .. py:method:: update_component(component_id: str, payload: dict) -> dict Update the component. :param component_id: Component id :type component_id: str :param payload: ComponentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_componentrepresentation :type payload: dict :return: Http response :rtype: dict .. py:method:: delete_component(component_id: str) -> dict Delete the component. :param component_id: Component id :type component_id: str :return: Http response :rtype: dict .. py:method:: get_keys() -> dict Get keys. Return a list of keys, filtered according to query parameters KeysMetadataRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_key_resource :return: keys list :rtype: dict .. py:method:: get_admin_events(query: dict | None = None) -> list Get Administrative events. Return a list of events, filtered according to query parameters AdminEvents Representation array https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getevents https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_get_adminrealmsrealmadmin_events :param query: Additional query parameters :type query: dict :return: events list :rtype: list .. py:method:: get_events(query: dict | None = None) -> list Get events. Return a list of events, filtered according to query parameters EventRepresentation array https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_eventrepresentation :param query: Additional query parameters :type query: dict :return: events list :rtype: list .. py:method:: set_events(payload: dict) -> dict Set realm events configuration. RealmEventsConfigRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmeventsconfigrepresentation :param payload: Payload object for the events configuration :type payload: dict :return: Http response :rtype: dict .. py:method:: get_client_all_sessions(client_id: str, query: dict | None = None) -> list Get sessions associated with the client. UserSessionRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_usersessionrepresentation :param client_id: id of client :type client_id: str :param query: Additional query parameters :type query: dict :return: UserSessionRepresentation :rtype: list .. py:method:: get_client_sessions_stats() -> list Get current session count for all clients with active sessions. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientsessionstats :return: Dict of clients and session count :rtype: list .. py:method:: get_client_management_permissions(client_id: str) -> dict Get management permissions for a client. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: Keycloak server response :rtype: dict .. py:method:: update_client_management_permissions(payload: dict, client_id: str) -> dict Update management permissions for a client. ManagementPermissionReference https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_managementpermissionreference Payload example:: payload={ "enabled": true } :param payload: ManagementPermissionReference :type payload: dict :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: Keycloak server response :rtype: dict .. py:method:: get_client_authz_policy_scopes(client_id: str, policy_id: str) -> list Get scopes for a given policy. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param policy_id: No Document :type policy_id: str :return: Keycloak server response :rtype: list .. py:method:: get_client_authz_policy_resources(client_id: str, policy_id: str) -> list Get resources for a given policy. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param policy_id: No Document :type policy_id: str :return: Keycloak server response :rtype: list .. py:method:: get_client_authz_scope_permission(client_id: str, scope_id: str) -> dict Get permissions for a given scope. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param scope_id: No Document :type scope_id: str :return: Keycloak server response :rtype: dict .. py:method:: create_client_authz_scope_permission(payload: dict, client_id: str) -> dict Create permissions for a authz scope. Payload example:: payload={ "name": "My Permission Name", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "resources": [some_resource_id], "scopes": [some_scope_id], "policies": [some_policy_id], } :param payload: No Document :type payload: dict :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: Keycloak server response :rtype: dict .. py:method:: update_client_authz_scope_permission(payload: dict, client_id: str, scope_id: str) -> bytes Update permissions for a given scope. Payload example:: payload={ "id": scope_id, "name": "My Permission Name", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "resources": [some_resource_id], "scopes": [some_scope_id], "policies": [some_policy_id], } :param payload: No Document :type payload: dict :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param scope_id: No Document :type scope_id: str :return: Keycloak server response :rtype: bytes .. py:method:: update_client_authz_resource_permission(payload: dict, client_id: str, resource_id: str) -> bytes Update permissions for a given resource. Payload example:: payload={ "id": resource_id, "name": "My Permission Name", "type": "resource", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "resources": [some_resource_id], "scopes": [], "policies": [some_policy_id], } :param payload: No Document :type payload: dict :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param resource_id: No Document :type resource_id: str :return: Keycloak server response :rtype: bytes .. py:method:: get_client_authz_client_policies(client_id: str) -> list Get policies for a given client. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: Keycloak server response (RoleRepresentation) :rtype: list .. py:method:: get_client_authz_permission_associated_policies(client_id: str, policy_id: str) -> list Get associated policies for a given client permission. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param policy_id: id in PolicyRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation :type policy_id: str :return: Keycloak server response (RoleRepresentation) :rtype: list .. py:method:: create_client_authz_client_policy(payload: dict, client_id: str) -> dict Create a new policy for a given client. Payload example:: payload={ "type": "client", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "name": "My Policy", "clients": [other_client_id], } :param payload: No Document :type payload: dict :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: Keycloak server response (RoleRepresentation) :rtype: dict .. py:method:: get_composite_client_roles_of_group(client_id: str, group_id: str, brief_representation: bool = True) -> list Get the composite client roles of the given group for the given client. :param client_id: id of the client. :type client_id: str :param group_id: id of the group. :type group_id: str :param brief_representation: whether to omit attributes in the response :type brief_representation: bool :return: the composite client roles of the group (list of RoleRepresentation). :rtype: list .. py:method:: get_role_client_level_children(client_id: str, role_id: str) -> list Get the child roles of which the given composite client role is composed of. :param client_id: id of the client. :type client_id: str :param role_id: id of the role. :type role_id: str :return: the child roles (list of RoleRepresentation). :rtype: list .. py:method:: upload_certificate(client_id: str, certcont: str) -> dict Upload a new certificate for the client. :param client_id: id of the client. :type client_id: str :param certcont: the content of the certificate. :type certcont: str :return: dictionary {"certificate": ""}, where is the content of the uploaded certificate. :rtype: dict .. py:method:: get_required_action_by_alias(action_alias: str) -> dict | None Get a required action by its alias. :param action_alias: the alias of the required action. :type action_alias: str :return: the required action (RequiredActionProviderRepresentation). :rtype: dict .. py:method:: get_required_actions() -> list Get the required actions for the realms. :return: the required actions (list of RequiredActionProviderRepresentation). :rtype: list .. py:method:: update_required_action(action_alias: str, payload: dict) -> dict Update a required action. :param action_alias: the action alias. :type action_alias: str :param payload: the new required action (RequiredActionProviderRepresentation). :type payload: dict :return: empty dictionary. :rtype: dict .. py:method:: get_bruteforce_detection_status(user_id: str) -> dict Get bruteforce detection status for user. :param user_id: User id :type user_id: str :return: Bruteforce status. :rtype: dict .. py:method:: clear_bruteforce_attempts_for_user(user_id: str) -> dict Clear bruteforce attempts for user. :param user_id: User id :type user_id: str :return: empty dictionary. :rtype: dict .. py:method:: clear_all_bruteforce_attempts() -> dict Clear bruteforce attempts for all users in realm. :return: empty dictionary. :rtype: dict .. py:method:: clear_keys_cache() -> dict Clear keys cache. :return: empty dictionary. :rtype: dict .. py:method:: clear_realm_cache() -> dict Clear realm cache. :return: empty dictionary. :rtype: dict .. py:method:: clear_user_cache() -> dict Clear user cache. :return: empty dictionary. :rtype: dict .. py:method:: a___fetch_all(url: str, query: dict | None = None) -> list :async: Paginate asynchronously over get requests . Wrapper function to paginate GET requests. :param url: The url on which the query is executed :type url: str :param query: Existing query parameters (optional) :type query: dict :return: Combined results of paginated queries :rtype: list .. py:method:: a___fetch_paginated(url: str, query: dict | None = None) -> list :async: Make a specific paginated request asynchronously. :param url: The url on which the query is executed :type url: str :param query: Pagination settings :type query: dict :returns: Response :rtype: list .. py:method:: a_get_current_realm() -> str | None :async: Return the currently configured realm asynchronously. :returns: Currently configured realm name :rtype: str .. py:method:: a_change_current_realm(realm_name: str) -> None :async: Change the current realm asynchronously. :param realm_name: The name of the realm to be configured as current :type realm_name: str .. py:method:: a_import_realm(payload: dict) -> bytes :async: Import a new realm asynchronously from a RealmRepresentation. Realm name must be unique. RealmRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmrepresentation :param payload: RealmRepresentation :type payload: dict :return: RealmRepresentation :rtype: bytes .. py:method:: a_partial_import_realm(realm_name: str, payload: dict) -> dict :async: Partial import realm configuration asynchronously from PartialImportRepresentation. Realm partialImport is used for modifying configuration of existing realm. PartialImportRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_partialimportrepresentation :param realm_name: Realm name (not the realm id) :type realm_name: str :param payload: PartialImportRepresentation :type payload: dict :return: PartialImportResponse :rtype: dict .. py:method:: a_export_realm(export_clients: bool = False, export_groups_and_role: bool = False) -> dict :async: Export the realm configurations asynchronously in the json format. RealmRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_partialexport :param export_clients: Skip if not want to export realm clients :type export_clients: bool :param export_groups_and_role: Skip if not want to export realm groups and roles :type export_groups_and_role: bool :return: realm configurations JSON :rtype: dict .. py:method:: a_get_realms() -> list :async: List all realms in asynchronouslyKeycloak deployment. :return: realms list :rtype: list .. py:method:: a_get_realm(realm_name: str) -> dict :async: Get a specific realm asynchronously. RealmRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmrepresentation :param realm_name: Realm name (not the realm id) :type realm_name: str :return: RealmRepresentation :rtype: dict .. py:method:: a_create_realm(payload: dict, skip_exists: bool = False) -> bytes :async: Create a realm asynchronously. RealmRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmrepresentation :param payload: RealmRepresentation :type payload: dict :param skip_exists: Skip if Realm already exist. :type skip_exists: bool :return: Keycloak server response (RealmRepresentation) :rtype: bytes .. py:method:: a_update_realm(realm_name: str, payload: dict) -> dict :async: Update a realm asynchronously. This will only update top level attributes and will ignore any user, role, or client information in the payload. RealmRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmrepresentation :param realm_name: Realm name (not the realm id) :type realm_name: str :param payload: RealmRepresentation :type payload: dict :return: Http response :rtype: dict .. py:method:: a_update_realm_users_profile(payload: dict) -> dict :async: Update realm users profile for the current realm. :param up_config: List of attributes, groups, unmamagedAttributePolicy Related documentation: https://www.keycloak.org/docs-api/26.0.0/rest-api/index.html#UPConfig .. py:method:: a_delete_realm(realm_name: str) -> dict :async: Delete a realm asynchronously. :param realm_name: Realm name (not the realm id) :type realm_name: str :return: Http response :rtype: dict .. py:method:: a_get_users(query: dict | None = None) -> list :async: Get all users asynchronously. Return a list of users, filtered according to query parameters UserRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userrepresentation :param query: Query parameters (optional) :type query: dict :return: users list :rtype: list .. py:method:: a_create_idp(payload: dict) -> bytes :async: Create an ID Provider asynchronously. IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identityproviderrepresentation :param: payload: IdentityProviderRepresentation :type payload: dict :returns: Keycloak server response :rtype: bytes .. py:method:: a_update_idp(idp_alias: str, payload: dict) -> dict :async: Update an ID Provider asynchronously. IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identity_providers_resource :param: idp_alias: alias for IdP to update :type idp_alias: str :param: payload: The IdentityProviderRepresentation :type payload: dict :returns: Keycloak server response :rtype: dict .. py:method:: a_add_mapper_to_idp(idp_alias: str, payload: dict) -> bytes :async: Create an ID Provider asynchronously. IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identityprovidermapperrepresentation :param: idp_alias: alias for Idp to add mapper in :type idp_alias: str :param: payload: IdentityProviderMapperRepresentation :type payload: dict :returns: Keycloak server response :rtype: bytes .. py:method:: a_update_mapper_in_idp(idp_alias: str, mapper_id: str, payload: dict) -> dict :async: Update an IdP mapper asynchronously. IdentityProviderMapperRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_update :param: idp_alias: alias for Idp to fetch mappers :type idp_alias: str :param: mapper_id: Mapper Id to update :type mapper_id: str :param: payload: IdentityProviderMapperRepresentation :type payload: dict :return: Http response :rtype: dict .. py:method:: a_get_idp_mappers(idp_alias: str) -> list :async: Get IDP mappers asynchronously. Returns a list of ID Providers mappers IdentityProviderMapperRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getmappers :param: idp_alias: alias for Idp to fetch mappers :type idp_alias: str :return: array IdentityProviderMapperRepresentation :rtype: list .. py:method:: a_get_idps() -> list :async: Get IDPs asynchronously. Returns a list of ID Providers, IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identityproviderrepresentation :return: array IdentityProviderRepresentation :rtype: list .. py:method:: a_get_idp(idp_alias: str) -> dict :async: Get IDP provider asynchronously. Get the representation of a specific IDP Provider. IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identityproviderrepresentation :param: idp_alias: alias for IdP to get :type idp_alias: str :return: IdentityProviderRepresentation :rtype: dict .. py:method:: a_delete_idp(idp_alias: str) -> dict :async: Delete an ID Provider asynchronously. :param: idp_alias: idp alias name :type idp_alias: str :returns: Keycloak server response :rtype: dict .. py:method:: a_create_user(payload: dict, exist_ok: bool = False) -> str :async: Create a new user asynchronously. Username must be unique UserRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userrepresentation :param payload: UserRepresentation :type payload: dict :param exist_ok: If False, raise KeycloakGetError if username already exists. Otherwise, return existing user ID. :type exist_ok: bool :return: user_id :rtype: str .. py:method:: a_users_count(query: dict | None = None) -> int :async: Count users asynchronously. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_users_resource :param query: (dict) Query parameters for users count :type query: dict :return: counter :rtype: int .. py:method:: a_get_user_id(username: str) -> str | None :async: Get internal keycloak user id from username asynchronously. This is required for further actions against this user. UserRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userrepresentation :param username: id in UserRepresentation :type username: str :return: user_id :rtype: str .. py:method:: a_get_user(user_id: str, user_profile_metadata: bool = False) -> dict :async: Get representation of the user asynchronously. UserRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userrepresentation :param user_id: User id :type user_id: str :param user_profile_metadata: whether to include user profile metadata in the response :type user_profile_metadata: bool :return: UserRepresentation .. py:method:: a_get_user_groups(user_id: str, query: dict | None = None, brief_representation: bool = True) -> list :async: Get user groups asynchronously. Returns a list of groups of which the user is a member :param user_id: User id :type user_id: str :param query: Additional query options :type query: dict :param brief_representation: whether to omit attributes in the response :type brief_representation: bool :return: user groups list :rtype: list .. py:method:: a_update_user(user_id: str, payload: dict) -> dict :async: Update the user asynchronously. :param user_id: User id :type user_id: str :param payload: UserRepresentation :type payload: dict :return: Http response :rtype: dict .. py:method:: a_disable_user(user_id: str) -> dict :async: Disable the user asynchronously from the realm. Disabled users can not log in. :param user_id: User id :type user_id: str :return: Http response :rtype: bytes .. py:method:: a_enable_user(user_id: str) -> dict :async: Enable the user from the realm asynchronously. :param user_id: User id :type user_id: str :return: Http response :rtype: bytes .. py:method:: a_disable_all_users() -> None :async: Disable all existing users asynchronously. .. py:method:: a_enable_all_users() -> None :async: Disable all existing users asynchronously. .. py:method:: a_delete_user(user_id: str) -> dict :async: Delete the user asynchronously. :param user_id: User id :type user_id: str :return: Http response :rtype: dict .. py:method:: a_set_user_password(user_id: str, password: str, temporary: bool = True) -> dict :async: Set up a password for the user asynchronously. If temporary is True, the user will have to reset the temporary password next time they log in. https://www.keycloak.org/docs-api/24.0.2/rest-api/#_users_resource https://www.keycloak.org/docs-api/24.0.2/rest-api/#_credentialrepresentation :param user_id: User id :type user_id: str :param password: New password :type password: str :param temporary: True if password is temporary :type temporary: bool :returns: Response :rtype: dict .. py:method:: a_get_credentials(user_id: str) -> list :async: Get user credentials asynchronously. Returns a list of credential belonging to the user. CredentialRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_credentialrepresentation :param: user_id: user id :type user_id: str :returns: Keycloak server response (CredentialRepresentation) :rtype: list .. py:method:: a_delete_credential(user_id: str, credential_id: str) -> dict :async: Delete credential of the user asynchronously. CredentialRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_credentialrepresentation :param: user_id: user id :type user_id: str :param: credential_id: credential id :type credential_id: str :return: Keycloak server response (ClientRepresentation) :rtype: dict .. py:method:: a_user_logout(user_id: str) -> dict :async: Log out the user. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_logout :param user_id: User id :type user_id: str :returns: Keycloak server response :rtype: dict .. py:method:: a_user_consents(user_id: str) -> list :async: Asynchronously get consents granted by the user. UserConsentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userconsentrepresentation :param user_id: User id :type user_id: str :returns: List of UserConsentRepresentations :rtype: list .. py:method:: a_revoke_consent(user_id: str, client_id: str) -> dict :async: Asynchronously revoke consent and offline tokens for particular client from user. :param user_id: User id :type user_id: str :param client_id: Client id :type client_id: str :rtype: dict .. py:method:: a_get_user_social_logins(user_id: str) -> list :async: Get user social logins asynchronously. Returns a list of federated identities/social logins of which the user has been associated with :param user_id: User id :type user_id: str :returns: Federated identities list :rtype: list .. py:method:: a_add_user_social_login(user_id: str, provider_id: str, provider_userid: str, provider_username: str) -> dict :async: Add a federated identity / social login provider asynchronously to the user. :param user_id: User id :type user_id: str :param provider_id: Social login provider id :type provider_id: str :param provider_userid: userid specified by the provider :type provider_userid: str :param provider_username: username specified by the provider :type provider_username: str :returns: Keycloak server response :rtype: dict .. py:method:: a_delete_user_social_login(user_id: str, provider_id: str) -> dict :async: Delete a federated identity / social login provider asynchronously from the user. :param user_id: User id :type user_id: str :param provider_id: Social login provider id :type provider_id: str :returns: Keycloak server response :rtype: dict .. py:method:: a_send_update_account(user_id: str, payload: list, client_id: str | None = None, lifespan: int | None = None, redirect_uri: str | None = None) -> dict :async: Send an update account email to the user asynchronously. An email contains a link the user can click to perform a set of required actions. :param user_id: User id :type user_id: str :param payload: A list of actions for the user to complete :type payload: list :param client_id: Client id (optional) :type client_id: str :param lifespan: Number of seconds after which the generated token expires (optional) :type lifespan: int :param redirect_uri: The redirect uri (optional) :type redirect_uri: str :returns: Keycloak server response :rtype: dict .. py:method:: a_send_verify_email(user_id: str, client_id: str | None = None, redirect_uri: str | None = None) -> dict :async: Send a update account email to the user asynchronously. An email contains a link the user can click to perform a set of required actions. :param user_id: User id :type user_id: str :param client_id: Client id (optional) :type client_id: str :param redirect_uri: Redirect uri (optional) :type redirect_uri: str :returns: Keycloak server response :rtype: dict .. py:method:: a_get_sessions(user_id: str) -> list :async: Get sessions associated with the user asynchronously. UserSessionRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_usersessionrepresentation :param user_id: Id of user :type user_id: str :return: UserSessionRepresentation :rtype: list .. py:method:: a_get_server_info() -> dict :async: Get themes, social providers, etc. on this server asynchronously. ServerInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_serverinforepresentation :return: ServerInfoRepresentation :rtype: dict .. py:method:: a_get_groups(query: dict | None = None, full_hierarchy: bool = False) -> list :async: Get groups asynchronously. Returns a list of groups belonging to the realm GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation Notice that when using full_hierarchy=True, the response will be a nested structure containing all the children groups. If used with query parameters, the full_hierarchy will be applied to the received groups only. :param query: Additional query options :type query: dict :param full_hierarchy: If True, return all of the nested children groups, otherwise only the first level children are returned :type full_hierarchy: bool :return: array GroupRepresentation :rtype: list .. py:method:: a_get_group(group_id: str, full_hierarchy: bool = False, query: dict | None = None) -> dict :async: Get group by id asynchronously. Returns full group details GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation :param group_id: The group id :type group_id: str :param full_hierarchy: If True, return all of the nested children groups, otherwise only the first level children are returned :type full_hierarchy: bool :param query: Additional query parameters to pass into the subgroups fetch requests. :type query: dict | None :return: Keycloak server response (GroupRepresentation) :rtype: dict .. py:method:: a_get_subgroups(group: dict, path: str) -> dict | None :async: Get subgroups asynchronously. Utility function to iterate through nested group structures GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation :param group: group (GroupRepresentation) :type group: dict :param path: group path (string) :type path: str :return: Keycloak server response (GroupRepresentation) :rtype: dict .. py:method:: a_get_group_children(group_id: str, query: dict | None = None, full_hierarchy: bool = False) -> list :async: Get group children by parent id asynchronously. Returns full group children details :param group_id: The parent group id :type group_id: str :param query: Additional query options :type query: dict :param full_hierarchy: If True, return all of the nested children groups :type full_hierarchy: bool :return: Keycloak server response (GroupRepresentation) :rtype: list :raises ValueError: If both query and full_hierarchy parameters are used .. py:method:: a_get_group_members(group_id: str, query: dict | None = None) -> list :async: Get members by group id asynchronously. Returns group members GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_userrepresentation :param group_id: The group id :type group_id: str :param query: Additional query parameters (see https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getmembers) :type query: dict :return: Keycloak server response (UserRepresentation) :rtype: list .. py:method:: a_get_group_by_path(path: str) -> dict :async: Get group id based on name or path asynchronously . Returns full group details for a group defined by path GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation :param path: group path :type path: str :return: Keycloak server response (GroupRepresentation) :rtype: dict .. py:method:: a_create_group(payload: dict, parent: str | None = None, skip_exists: bool = False) -> str | None :async: Create a group in the Realm asynchronously. GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation :param payload: GroupRepresentation :type payload: dict :param parent: parent group's id. Required to create a sub-group. :type parent: str :param skip_exists: If true then do not raise an error if it already exists :type skip_exists: bool :return: Group id for newly created group or None for an existing group :rtype: str .. py:method:: a_update_group(group_id: str, payload: dict) -> dict :async: Update group, ignores subgroups asynchronously. GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation :param group_id: id of group :type group_id: str :param payload: GroupRepresentation with updated information. :type payload: dict :return: Http response :rtype: bytes .. py:method:: a_groups_count(query: dict | None = None) -> dict :async: Count groups asynchronously. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_groups :param query: (dict) Query parameters for groups count :type query: dict :return: Keycloak Server Response :rtype: dict .. py:method:: a_group_set_permissions(group_id: str, enabled: bool = True) -> dict :async: Enable/Disable permissions for a group asynchronously. Cannot delete group if disabled :param group_id: id of group :type group_id: str :param enabled: Enabled flag :type enabled: bool :return: Keycloak server response :rtype: dict .. py:method:: a_group_user_add(user_id: str, group_id: str) -> dict :async: Add user to group (user_id and group_id) asynchronously. :param user_id: id of user :type user_id: str :param group_id: id of group to add to :type group_id: str :return: Keycloak server response :rtype: dict .. py:method:: a_group_user_remove(user_id: str, group_id: str) -> dict :async: Remove user from group (user_id and group_id) asynchronously. :param user_id: id of user :type user_id: str :param group_id: id of group to remove from :type group_id: str :return: Keycloak server response :rtype: dict .. py:method:: a_delete_group(group_id: str) -> dict :async: Delete a group in the Realm asynchronously. :param group_id: id of group to delete :type group_id: str :return: Keycloak server response :rtype: dict .. py:method:: a_get_clients() -> list :async: Get clients asynchronously. Returns a list of clients belonging to the realm ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :return: Keycloak server response (ClientRepresentation) :rtype: list .. py:method:: a_get_client(client_id: str) -> dict :async: Get representation of the client asynchronously. ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :param client_id: id of client (not client-id) :type client_id: str :return: Keycloak server response (ClientRepresentation) :rtype: dict .. py:method:: a_get_client_id(client_id: str) -> str | None :async: Get internal keycloak client id from client-id asynchronously. This is required for further actions against this client. :param client_id: clientId in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: client_id (uuid as string) :rtype: str .. py:method:: a_get_client_authz_settings(client_id: str) -> dict :async: Get authorization json from client asynchronously. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: Keycloak server response :rtype: dict .. py:method:: a_import_client_authz_config(client_id: str, payload: dict) -> dict :async: Import client authorization configuration asynchronously. ResourceServerRepresentation https://www.keycloak.org/docs-api/latest/rest-api/index.html#ResourceServerRepresentation :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param payload: ResourceServerRepresentation :type payload: dict :return: Server response :rtype: dict .. py:method:: a_create_client_authz_resource(client_id: str, payload: dict, skip_exists: bool = False) -> dict :async: Create resources of client asynchronously. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param payload: ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :type payload: dict :param skip_exists: Skip the creation in case the resource exists :type skip_exists: bool :return: Keycloak server response :rtype: dict .. py:method:: a_update_client_authz_resource(client_id: str, resource_id: str, payload: dict) -> dict :async: Update resource of client asynchronously. Any parameter missing from the ResourceRepresentation in the payload WILL be set to default by the Keycloak server. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param payload: ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :type payload: dict :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param resource_id: id in ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :type resource_id: str :return: Keycloak server response :rtype: dict .. py:method:: a_delete_client_authz_resource(client_id: str, resource_id: str) -> dict :async: Delete a client resource asynchronously. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param resource_id: id in ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :type resource_id: str :return: Keycloak server response :rtype: dict .. py:method:: a_get_client_authz_resources(client_id: str) -> list :async: Get resources from client asynchronously. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: Keycloak server response (ResourceRepresentation) :rtype: list .. py:method:: a_get_client_authz_resource(client_id: str, resource_id: str) -> dict :async: Get a client resource asynchronously. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param resource_id: id in ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :type resource_id: str :return: Keycloak server response (ResourceRepresentation) :rtype: dict .. py:method:: a_create_client_authz_role_based_policy(client_id: str, payload: dict, skip_exists: bool = False) -> dict :async: Create role-based policy of client asynchronously. Payload example:: payload={ "type": "role", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "name": "Policy-1", "roles": [ { "id": id } ] } :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param payload: No Document :type payload: dict :param skip_exists: Skip creation in case the object exists :type skip_exists: bool :return: Keycloak server response :rtype: dict .. py:method:: a_create_client_authz_policy(client_id: str, payload: dict, skip_exists: bool = False) -> dict :async: Create an authz policy of client asynchronously. Payload example:: payload={ "name": "Policy-time-based", "type": "time", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "hourEnd": "18", "hour": "9" } } :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param payload: No Document :type payload: dict :param skip_exists: Skip creation in case the object exists :type skip_exists: bool :return: Keycloak server response :rtype: dict .. py:method:: a_create_client_authz_resource_based_permission(client_id: str, payload: dict, skip_exists: bool = False) -> dict :async: Create resource-based permission of client asynchronously. Payload example:: payload={ "type": "resource", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "name": "Permission-Name", "resources": [ resource_id ], "policies": [ policy_id ] :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param payload: PolicyRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation :type payload: dict :param skip_exists: Skip creation in case the object already exists :type skip_exists: bool :return: Keycloak server response :rtype: dict .. py:method:: a_get_client_authz_scopes(client_id: str) -> list :async: Get scopes from client asynchronously. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: Keycloak server response :rtype: list .. py:method:: a_create_client_authz_scopes(client_id: str, payload: dict) -> dict :async: Create scopes for client asynchronously. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :param payload: ScopeRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_ScopeRepresentation :type payload: dict :type client_id: str :return: Keycloak server response :rtype: dict .. py:method:: a_get_client_authz_permissions(client_id: str) -> list :async: Get permissions from client asynchronously. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: Keycloak server response :rtype: list .. py:method:: a_get_client_authz_policies(client_id: str) -> list :async: Get policies from client asynchronously. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: Keycloak server response :rtype: list .. py:method:: a_delete_client_authz_policy(client_id: str, policy_id: str) -> dict :async: Delete a policy from client asynchronously. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param policy_id: id in PolicyRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation :type policy_id: str :return: Keycloak server response :rtype: dict .. py:method:: a_get_client_authz_policy(client_id: str, policy_id: str) -> dict :async: Get a policy from client asynchronously. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param policy_id: id in PolicyRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation :type policy_id: str :return: Keycloak server response :rtype: dict .. py:method:: a_get_client_service_account_user(client_id: str) -> dict :async: Get service account user from client asynchronously. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: UserRepresentation :rtype: dict .. py:method:: a_get_client_default_client_scopes(client_id: str) -> list :async: Get all default client scopes from client asynchronously. :param client_id: id of the client in which the new default client scope should be added :type client_id: str :return: list of client scopes with id and name :rtype: list .. py:method:: a_add_client_default_client_scope(client_id: str, client_scope_id: str, payload: dict) -> dict :async: Add a client scope to the default client scopes from client asynchronously. Payload example:: payload={ "realm":"testrealm", "client":"aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "clientScopeId":"bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb" } :param client_id: id of the client in which the new default client scope should be added :type client_id: str :param client_scope_id: id of the new client scope that should be added :type client_scope_id: str :param payload: dictionary with realm, client and clientScopeId :type payload: dict :return: Http response :rtype: dict .. py:method:: a_delete_client_default_client_scope(client_id: str, client_scope_id: str) -> dict :async: Delete a client scope from the default client scopes of the client asynchronously. :param client_id: id of the client in which the default client scope should be deleted :type client_id: str :param client_scope_id: id of the client scope that should be deleted :type client_scope_id: str :return: list of client scopes with id and name :rtype: dict .. py:method:: a_get_client_optional_client_scopes(client_id: str) -> list :async: Get all optional client scopes from client asynchronously. :param client_id: id of the client in which the new optional client scope should be added :type client_id: str :return: list of client scopes with id and name :rtype: list .. py:method:: a_add_client_optional_client_scope(client_id: str, client_scope_id: str, payload: dict) -> dict :async: Add a client scope to the optional client scopes from client asynchronously. Payload example:: payload={ "realm":"testrealm", "client":"aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "clientScopeId":"bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb" } :param client_id: id of the client in which the new optional client scope should be added :type client_id: str :param client_scope_id: id of the new client scope that should be added :type client_scope_id: str :param payload: dictionary with realm, client and clientScopeId :type payload: dict :return: Http response :rtype: dict .. py:method:: a_delete_client_optional_client_scope(client_id: str, client_scope_id: str) -> dict :async: Delete a client scope from the optional client scopes of the client asynchronously. :param client_id: id of the client in which the optional client scope should be deleted :type client_id: str :param client_scope_id: id of the client scope that should be deleted :type client_scope_id: str :return: list of client scopes with id and name :rtype: dict .. py:method:: a_create_initial_access_token(count: int = 1, expiration: int = 1) -> dict :async: Create an initial access token asynchronously. :param count: Number of clients that can be registered :type count: int :param expiration: Days until expireation :type expiration: int :return: initial access token :rtype: dict .. py:method:: a_create_client(payload: dict, skip_exists: bool = False) -> str :async: Create a client asynchronously. ClientRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :param skip_exists: If true then do not raise an error if client already exists :type skip_exists: bool :param payload: ClientRepresentation :type payload: dict :return: Client ID :rtype: str .. py:method:: a_update_client(client_id: str, payload: dict) -> dict :async: Update a client asynchronously. :param client_id: Client id :type client_id: str :param payload: ClientRepresentation :type payload: dict :return: Http response :rtype: dict .. py:method:: a_delete_client(client_id: str) -> dict :async: Get representation of the client asynchronously. ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :param client_id: keycloak client id (not oauth client-id) :type client_id: str :return: Keycloak server response (ClientRepresentation) :rtype: dict .. py:method:: a_get_client_installation_provider(client_id: str, provider_id: str) -> dict :async: Get content for given installation provider asynchronously. Related documentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clients_resource Possible provider_id list available in the ServerInfoRepresentation#clientInstallations https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_serverinforepresentation :param client_id: Client id :type client_id: str :param provider_id: provider id to specify response format :type provider_id: str :returns: Installation providers :rtype: dict .. py:method:: a_get_realm_users_profile() -> dict :async: Get list of attributes and group for given realm. Related documentation: https://www.keycloak.org/docs-api/26.0.0/rest-api/index.html#_get_adminrealmsrealmusersprofile Return https://www.keycloak.org/docs-api/26.0.0/rest-api/index.html#UPConfig :returns: UPConfig :rtype: dict .. py:method:: a_get_realm_roles(brief_representation: bool = True, search_text: str = '', query: dict | None = None) -> list :async: Get all roles for the realm or client asynchronously. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param brief_representation: whether to omit role attributes in the response :type brief_representation: bool :param search_text: optional search text to limit the returned result. :type search_text: str :param query: Query parameters (optional) :type query: dict :return: Keycloak server response (RoleRepresentation) :rtype: list .. py:method:: a_get_realm_role_groups(role_name: str, query: dict | None = None, brief_representation: bool = True) -> list :async: Get role groups of realm by role name asynchronously. :param role_name: Name of the role. :type role_name: str :param query: Additional Query parameters (see https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_parameters_226) :type query: dict :param brief_representation: whether to omit role attributes in the response :type brief_representation: bool :return: Keycloak Server Response (GroupRepresentation) :rtype: list .. py:method:: a_get_realm_role_members(role_name: str, query: dict | None = None) -> list :async: Get role members of realm by role name asynchronously. :param role_name: Name of the role. :type role_name: str :param query: Additional Query parameters (see https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_roles_resource) :type query: dict :return: Keycloak Server Response (UserRepresentation) :rtype: list .. py:method:: a_get_default_realm_role_id() -> str :async: Get the ID of the default realm role asynchronously. :return: Realm role ID :rtype: str .. py:method:: a_get_realm_default_roles() -> list :async: Get all the default realm roles asyncho asynchronously. :return: Keycloak Server Response (UserRepresentation) :rtype: list .. py:method:: a_remove_realm_default_roles(payload: list) -> dict :async: Remove a set of default realm roles asynchronously. :param payload: List of RoleRepresentations :type payload: list :return: Keycloak Server Response :rtype: dict .. py:method:: a_add_realm_default_roles(payload: list) -> dict :async: Add a set of default realm roles asynchronously. :param payload: List of RoleRepresentations :type payload: list :return: Keycloak Server Response :rtype: dict .. py:method:: a_get_client_roles(client_id: str, brief_representation: bool = True) -> list :async: Get all roles for the client asynchronously. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param client_id: id of client (not client-id) :type client_id: str :param brief_representation: whether to omit role attributes in the response :type brief_representation: bool :return: Keycloak server response (RoleRepresentation) :rtype: list .. py:method:: a_get_client_role(client_id: str, role_name: str) -> dict :async: Get client role by name asynchronously. :param client_id: id of client (not client-id) :type client_id: str :param role_name: role's name (not id!) :type role_name: str :return: Role object :rtype: dict .. py:method:: a_get_client_role_id(client_id: str, role_name: str) -> str | None :async: Get client role id by name asynchronously. This is required for further actions with this role. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param client_id: id of client (not client-id) :type client_id: str :param role_name: role's name (not id!) :type role_name: str :return: role_id :rtype: str | None .. py:method:: a_create_client_role(client_role_id: str, payload: dict, skip_exists: bool = False) -> str :async: Create a client role asynchronously. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param client_role_id: id of client (not client-id) :type client_role_id: str :param payload: RoleRepresentation :type payload: dict :param skip_exists: If true then do not raise an error if client role already exists :type skip_exists: bool :return: Client role name :rtype: str .. py:method:: a_add_composite_client_roles_to_role(client_role_id: str, role_name: str, roles: str | list) -> dict :async: Add composite roles to client role asynchronously. :param client_role_id: id of client (not client-id) :type client_role_id: str :param role_name: The name of the role :type role_name: str :param roles: roles list or role (use RoleRepresentation) to be updated :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: a_remove_composite_client_roles_from_role(client_role_id: str, role_name: str, roles: str | list) -> dict :async: Remove composite roles from a client role asynchronously. :param client_role_id: id of client (not client-id) :type client_role_id: str :param role_name: The name of the role :type role_name: str :param roles: roles list or role (use RoleRepresentation) to be removed :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: a_update_client_role(client_id: str, role_name: str, payload: dict) -> dict :async: Update a client role asynchronously. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param client_id: id of client (not client-id) :type client_id: str :param role_name: role's name (not id!) :type role_name: str :param payload: RoleRepresentation :type payload: dict :returns: Keycloak server response :rtype: dict .. py:method:: a_delete_client_role(client_role_id: str, role_name: str) -> dict :async: Delete a client role asynchronously. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param client_role_id: id of client (not client-id) :type client_role_id: str :param role_name: role's name (not id!) :type role_name: str :returns: Keycloak server response :rtype: dict .. py:method:: a_assign_client_role(user_id: str, client_id: str, roles: str | list) -> dict :async: Assign a client role to a user asynchronously. :param user_id: id of user :type user_id: str :param client_id: id of client (not client-id) :type client_id: str :param roles: roles list or role (use RoleRepresentation) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: a_get_client_role_members(client_id: str, role_name: str, **query: Any) -> list :async: Get members by client role asynchronously. :param client_id: The client id :type client_id: str :param role_name: the name of role to be queried. :type role_name: str :param query: Additional query parameters (see https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clients_resource) :type query: dict :return: Keycloak server response (UserRepresentation) :rtype: list .. py:method:: a_get_client_role_groups(client_id: str, role_name: str, **query: Any) -> list :async: Get group members by client role asynchronously. :param client_id: The client id :type client_id: str :param role_name: the name of role to be queried. :type role_name: str :param query: Additional query parameters (see https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clients_resource) :type query: dict :return: Keycloak server response :rtype: list .. py:method:: a_get_role_by_id(role_id: str) -> dict :async: Get a specific role's representation asynchronously. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param role_id: id of role :type role_id: str :return: Keycloak server response (RoleRepresentation) :rtype: dict .. py:method:: a_update_role_by_id(role_id: str, payload: dict) -> dict :async: Update the role asynchronously. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param payload: RoleRepresentation :type payload: dict :param role_id: id of role :type role_id: str :returns: Keycloak server response :rtype: dict .. py:method:: a_delete_role_by_id(role_id: str) -> dict :async: Delete a role by its id asynchronously. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param role_id: id of role :type role_id: str :returns: Keycloak server response :rtype: bytes .. py:method:: a_get_role_composites_by_id(role_id: str, query: dict | None = None) -> list :async: Get all composite roles by role id asynchronously. :param role_id: id of role :type role_id: str :param query: Query parameters (optional). Supported keys: 'first', 'max', 'search' :type query: dict :return: Keycloak server response (RoleRepresentation) :rtype: list .. py:method:: a_create_realm_role(payload: dict, skip_exists: bool = False) -> str :async: Create a new role for the realm or client asynchronously. :param payload: The role (use RoleRepresentation) :type payload: dict :param skip_exists: If true then do not raise an error if realm role already exists :type skip_exists: bool :return: Realm role name :rtype: str .. py:method:: a_get_realm_role(role_name: str) -> dict :async: Get realm role by role name asynchronously. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param role_name: role's name, not id! :type role_name: str :return: role :rtype: dict .. py:method:: a_get_realm_role_by_id(role_id: str) -> dict :async: Get realm role by role id. RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation :param role_id: role's id, not name! :type role_id: str :return: role :rtype: dict .. py:method:: a_update_realm_role(role_name: str, payload: dict) -> dict :async: Update a role for the realm by name asynchronously. :param role_name: The name of the role to be updated :type role_name: str :param payload: The role (use RoleRepresentation) :type payload: dict :return: Keycloak server response :rtype: dict .. py:method:: a_delete_realm_role(role_name: str) -> dict :async: Delete a role for the realm by name asynchronously. :param role_name: The role name :type role_name: str :return: Keycloak server response :rtype: dict .. py:method:: a_add_composite_realm_roles_to_role(role_name: str, roles: str | list) -> dict :async: Add composite roles to the role asynchronously. :param role_name: The name of the role :type role_name: str :param roles: roles list or role (use RoleRepresentation) to be updated :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: a_remove_composite_realm_roles_to_role(role_name: str, roles: str | list) -> dict :async: Remove composite roles from the role asynchronously. :param role_name: The name of the role :type role_name: str :param roles: roles list or role (use RoleRepresentation) to be removed :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: a_get_composite_realm_roles_of_role(role_name: str) -> list :async: Get composite roles of the role asynchronously. :param role_name: The name of the role :type role_name: str :return: Keycloak server response (array RoleRepresentation) :rtype: list .. py:method:: a_get_composite_client_roles_of_role(client_id: str, role_name: str) -> list :async: Get composite roles of the client role. :param client_id: The id of the client :type client_id: str :param role_name: The name of the role :type role_name: str :return: Keycloak server response (array RoleRepresentation) :rtype: list .. py:method:: a_assign_realm_roles_to_client_scope(client_id: str, roles: str | list) -> dict :async: Assign realm roles to a client's scope asynchronously. :param client_id: id of client (not client-id) :type client_id: str :param roles: roles list or role (use RoleRepresentation) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: a_delete_realm_roles_of_client_scope(client_id: str, roles: str | list) -> dict :async: Delete realm roles of a client's scope asynchronously. :param client_id: id of client (not client-id) :type client_id: str :param roles: roles list or role (use RoleRepresentation) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: a_get_realm_roles_of_client_scope(client_id: str) -> list :async: Get all realm roles for a client's scope. :param client_id: id of client (not client-id) :type client_id: str :return: Keycloak server response (array RoleRepresentation) :rtype: dict .. py:method:: a_assign_client_roles_to_client_scope(client_id: str, client_roles_owner_id: str, roles: str | list) -> dict :async: Assign client roles to a client's dedicated scope asynchronously. To assign roles to a client scope, use a_add_client_specific_roles_to_client_scope. :param client_id: id of client (not client-id) who is assigned the roles :type client_id: str :param client_roles_owner_id: id of client (not client-id) who has the roles :type client_roles_owner_id: str :param roles: roles list or role (use RoleRepresentation) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: a_delete_client_roles_of_client_scope(client_id: str, client_roles_owner_id: str, roles: str | list) -> dict :async: Delete client roles of a client's dedicated scope asynchronously. To remove roles from a client scope, use a_remove_client_specific_roles_of_client_scope. :param client_id: id of client (not client-id) who is assigned the roles :type client_id: str :param client_roles_owner_id: id of client (not client-id) who has the roles :type client_roles_owner_id: str :param roles: roles list or role (use RoleRepresentation) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: a_get_client_roles_of_client_scope(client_id: str, client_roles_owner_id: str) -> list :async: Get all client roles for a client's scope asynchronously. To get roles from a client scope, use a_get_client_roles_of_client_scope. :param client_id: id of client (not client-id) :type client_id: str :param client_roles_owner_id: id of client (not client-id) who has the roles :type client_roles_owner_id: str :return: Keycloak server response (array RoleRepresentation) :rtype: dict .. py:method:: a_assign_realm_roles(user_id: str, roles: str | list) -> dict :async: Assign realm roles to a user asynchronously. :param user_id: id of user :type user_id: str :param roles: roles list or role (use RoleRepresentation) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: a_delete_realm_roles_of_user(user_id: str, roles: str | list) -> dict :async: Delete realm roles of a user asynchronously. :param user_id: id of user :type user_id: str :param roles: roles list or role (use RoleRepresentation) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: a_get_realm_roles_of_user(user_id: str) -> list :async: Get all realm roles for a user asynchronously. :param user_id: id of user :type user_id: str :return: Keycloak server response (array RoleRepresentation) :rtype: list .. py:method:: a_get_available_realm_roles_of_user(user_id: str) -> list :async: Get all available (i.e. unassigned) realm roles for a user asynchronously. :param user_id: id of user :type user_id: str :return: Keycloak server response (array RoleRepresentation) :rtype: list .. py:method:: a_get_composite_realm_roles_of_user(user_id: str, brief_representation: bool = True) -> list :async: Get all composite (i.e. implicit) realm roles for a user asynchronously. :param user_id: id of user :type user_id: str :param brief_representation: whether to omit role attributes in the response :type brief_representation: bool :return: Keycloak server response (array RoleRepresentation) :rtype: list .. py:method:: a_assign_group_realm_roles(group_id: str, roles: str | list) -> dict :async: Assign realm roles to a group asynchronously. :param group_id: id of group :type group_id: str :param roles: roles list or role (use GroupRoleRepresentation) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: a_delete_group_realm_roles(group_id: str, roles: str | list) -> dict :async: Delete realm roles of a group asynchronously. :param group_id: id of group :type group_id: str :param roles: roles list or role (use GroupRoleRepresentation) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: a_get_group_realm_roles(group_id: str, brief_representation: bool = True) -> list :async: Get all realm roles for a group asynchronously. :param group_id: id of the group :type group_id: str :param brief_representation: whether to omit role attributes in the response :type brief_representation: bool :return: Keycloak server response (array RoleRepresentation) :rtype: list .. py:method:: a_assign_group_client_roles(group_id: str, client_id: str, roles: str | list) -> dict :async: Assign client roles to a group asynchronously. :param group_id: id of group :type group_id: str :param client_id: id of client (not client-id) :type client_id: str :param roles: roles list or role (use GroupRoleRepresentation) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: a_get_group_client_roles(group_id: str, client_id: str) -> list :async: Get client roles of a group asynchronously. :param group_id: id of group :type group_id: str :param client_id: id of client (not client-id) :type client_id: str :return: Keycloak server response :rtype: list .. py:method:: a_delete_group_client_roles(group_id: str, client_id: str, roles: str | list) -> dict :async: Delete client roles of a group asynchronously. :param group_id: id of group :type group_id: str :param client_id: id of client (not client-id) :type client_id: str :param roles: roles list or role (use GroupRoleRepresentation) :type roles: list :return: Keycloak server response (array RoleRepresentation) :rtype: dict .. py:method:: a_get_all_roles_of_user(user_id: str) -> dict :async: Get all level roles for a user asynchronously. :param user_id: id of user :type user_id: str :return: Keycloak server response (MappingsRepresentation) :rtype: dict .. py:method:: a_get_client_roles_of_user(user_id: str, client_id: str) -> list :async: Get all client roles for a user asynchronously. :param user_id: id of user :type user_id: str :param client_id: id of client (not client-id) :type client_id: str :return: Keycloak server response (array RoleRepresentation) :rtype: list .. py:method:: a_get_available_client_roles_of_user(user_id: str, client_id: str) -> list :async: Get available client role-mappings for a user asynchronously. :param user_id: id of user :type user_id: str :param client_id: id of client (not client-id) :type client_id: str :return: Keycloak server response (array RoleRepresentation) :rtype: list .. py:method:: a_get_composite_client_roles_of_user(user_id: str, client_id: str, brief_representation: bool = False) -> list :async: Get composite client role-mappings for a user asynchronously. :param user_id: id of user :type user_id: str :param client_id: id of client (not client-id) :type client_id: str :param brief_representation: whether to omit attributes in the response :type brief_representation: bool :return: Keycloak server response (array RoleRepresentation) :rtype: list .. py:method:: a__get_client_roles_of_user(client_level_role_mapping_url: str, user_id: str, client_id: str, **params: Any) -> list :async: Get client roles of a single user helper asynchronously. :param client_level_role_mapping_url: Url for the client role mapping :type client_level_role_mapping_url: str :param user_id: User id :type user_id: str :param client_id: Client id :type client_id: str :param params: Additional parameters :type params: dict :returns: Client roles of a user :rtype: list .. py:method:: a_delete_client_roles_of_user(user_id: str, client_id: str, roles: str | list) -> dict :async: Delete client roles from a user asynchronously. :param user_id: id of user :type user_id: str :param client_id: id of client containing role (not client-id) :type client_id: str :param roles: roles list or role to delete (use RoleRepresentation) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: a_get_authentication_flows() -> list :async: Get authentication flows asynchronously. Returns all flow details AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationflowrepresentation :return: Keycloak server response (AuthenticationFlowRepresentation) :rtype: list .. py:method:: a_get_authentication_flow_for_id(flow_id: str) -> dict :async: Get one authentication flow by it's id asynchronously. Returns all flow details AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationflowrepresentation :param flow_id: the id of a flow NOT it's alias :type flow_id: str :return: Keycloak server response (AuthenticationFlowRepresentation) :rtype: dict .. py:method:: a_create_authentication_flow(payload: dict, skip_exists: bool = False) -> bytes :async: Create a new authentication flow asynchronously. AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationflowrepresentation :param payload: AuthenticationFlowRepresentation :type payload: dict :param skip_exists: Do not raise an error if authentication flow already exists :type skip_exists: bool :return: Keycloak server response (RoleRepresentation) :rtype: bytes .. py:method:: a_copy_authentication_flow(payload: dict, flow_alias: str) -> bytes :async: Copy existing authentication flow under a new name asynchronously. The new name is given as 'newName' attribute of the passed payload. :param payload: JSON containing 'newName' attribute :type payload: dict :param flow_alias: the flow alias :type flow_alias: str :return: Keycloak server response (RoleRepresentation) :rtype: bytes .. py:method:: a_delete_authentication_flow(flow_id: str) -> dict :async: Delete authentication flow asynchronously. AuthenticationInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationinforepresentation :param flow_id: authentication flow id :type flow_id: str :return: Keycloak server response :rtype: dict .. py:method:: a_get_authentication_flow_executions(flow_alias: str) -> list :async: Get authentication flow executions asynchronously. Returns all execution steps :param flow_alias: the flow alias :type flow_alias: str :return: Response(json) :rtype: list .. py:method:: a_update_authentication_flow_executions(payload: dict, flow_alias: str) -> dict :async: Update an authentication flow execution asynchronously. AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationexecutioninforepresentation :param payload: AuthenticationExecutionInfoRepresentation :type payload: dict :param flow_alias: The flow alias :type flow_alias: str :return: Keycloak server response :rtype: dict .. py:method:: a_get_authentication_flow_execution(execution_id: str) -> dict :async: Get authentication flow execution asynchronously. AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationexecutioninforepresentation :param execution_id: the execution ID :type execution_id: str :return: Response(json) :rtype: dict .. py:method:: a_create_authentication_flow_execution(payload: dict, flow_alias: str) -> bytes :async: Create an authentication flow execution asynchronously. AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationexecutioninforepresentation :param payload: AuthenticationExecutionInfoRepresentation :type payload: dict :param flow_alias: The flow alias :type flow_alias: str :return: Keycloak server response :rtype: bytes .. py:method:: a_delete_authentication_flow_execution(execution_id: str) -> dict :async: Delete authentication flow execution asynchronously. AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationexecutioninforepresentation :param execution_id: keycloak client id (not oauth client-id) :type execution_id: str :return: Keycloak server response (json) :rtype: dict .. py:method:: a_create_authentication_flow_subflow(payload: dict, flow_alias: str, skip_exists: bool = False) -> bytes :async: Create a new sub authentication flow for a given authentication flow asynchronously. AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationflowrepresentation :param payload: AuthenticationFlowRepresentation :type payload: dict :param flow_alias: The flow alias :type flow_alias: str :param skip_exists: Do not raise an error if authentication flow already exists :type skip_exists: bool :return: Keycloak server response (RoleRepresentation) :rtype: bytes .. py:method:: a_get_authenticator_providers() -> list :async: Get authenticator providers list asynchronously. :return: Authenticator providers :rtype: list .. py:method:: a_get_authenticator_provider_config_description(provider_id: str) -> dict :async: Get authenticator's provider configuration description asynchronously. AuthenticatorConfigInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticatorconfiginforepresentation :param provider_id: Provider Id :type provider_id: str :return: AuthenticatorConfigInfoRepresentation :rtype: dict .. py:method:: a_get_authenticator_config(config_id: str) -> dict :async: Get authenticator configuration asynchronously. Returns all configuration details. :param config_id: Authenticator config id :type config_id: str :return: Response(json) :rtype: dict .. py:method:: a_update_authenticator_config(payload: dict, config_id: str) -> dict :async: Update an authenticator configuration asynchronously. AuthenticatorConfigRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticatorconfigrepresentation :param payload: AuthenticatorConfigRepresentation :type payload: dict :param config_id: Authenticator config id :type config_id: str :return: Response(json) :rtype: dict .. py:method:: a_delete_authenticator_config(config_id: str) -> dict :async: Delete a authenticator configuration asynchronously. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authentication_management_resource :param config_id: Authenticator config id :type config_id: str :return: Keycloak server Response :rtype: dict .. py:method:: a_sync_users(storage_id: str, action: str) -> dict :async: Trigger user sync from provider asynchronously. :param storage_id: The id of the user storage provider :type storage_id: str :param action: Action can be "triggerFullSync" or "triggerChangedUsersSync" :type action: str :return: Keycloak server response :rtype: dict .. py:method:: a_get_client_scopes() -> list :async: Get client scopes asynchronously. Get representation of the client scopes for the realm where we are connected to https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientscopes :return: Keycloak server response Array of (ClientScopeRepresentation) :rtype: list .. py:method:: a_get_client_scope(client_scope_id: str) -> dict :async: Get client scope asynchronously. Get representation of the client scopes for the realm where we are connected to https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientscopes :param client_scope_id: The id of the client scope :type client_scope_id: str :return: Keycloak server response (ClientScopeRepresentation) :rtype: dict .. py:method:: a_get_client_scope_by_name(client_scope_name: str) -> dict | None :async: Get client scope by name asynchronously. Get representation of the client scope identified by the client scope name. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientscopes :param client_scope_name: (str) Name of the client scope :type client_scope_name: str :returns: ClientScopeRepresentation or None :rtype: dict .. py:method:: a_create_client_scope(payload: dict, skip_exists: bool = False) -> str :async: Create a client scope asynchronously. ClientScopeRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientscopes :param payload: ClientScopeRepresentation :type payload: dict :param skip_exists: If true then do not raise an error if client scope already exists :type skip_exists: bool :return: Client scope id :rtype: str .. py:method:: a_update_client_scope(client_scope_id: str, payload: dict) -> dict :async: Update a client scope asynchronously. ClientScopeRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_client_scopes_resource :param client_scope_id: The id of the client scope :type client_scope_id: str :param payload: ClientScopeRepresentation :type payload: dict :return: Keycloak server response (ClientScopeRepresentation) :rtype: dict .. py:method:: a_delete_client_scope(client_scope_id: str) -> dict :async: Delete existing client scope asynchronously. ClientScopeRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_client_scopes_resource :param client_scope_id: The id of the client scope :type client_scope_id: str :return: Keycloak server response :rtype: dict .. py:method:: a_get_mappers_from_client_scope(client_scope_id: str) -> list :async: Get a list of all mappers connected to the client scope asynchronously. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_protocol_mappers_resource :param client_scope_id: Client scope id :type client_scope_id: str :returns: Keycloak server response (ProtocolMapperRepresentation) :rtype: list .. py:method:: a_add_mapper_to_client_scope(client_scope_id: str, payload: dict) -> bytes :async: Add a mapper to a client scope asynchronously. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_create_mapper :param client_scope_id: The id of the client scope :type client_scope_id: str :param payload: ProtocolMapperRepresentation :type payload: dict :return: Keycloak server Response :rtype: bytes .. py:method:: a_delete_mapper_from_client_scope(client_scope_id: str, protocol_mapper_id: str) -> dict :async: Delete a mapper from a client scope asynchronously. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_delete_mapper :param client_scope_id: The id of the client scope :type client_scope_id: str :param protocol_mapper_id: Protocol mapper id :type protocol_mapper_id: str :return: Keycloak server Response :rtype: dict .. py:method:: a_update_mapper_in_client_scope(client_scope_id: str, protocol_mapper_id: str, payload: dict) -> dict :async: Update an existing protocol mapper in a client scope asynchronously. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_protocol_mappers_resource :param client_scope_id: The id of the client scope :type client_scope_id: str :param protocol_mapper_id: The id of the protocol mapper which exists in the client scope and should to be updated :type protocol_mapper_id: str :param payload: ProtocolMapperRepresentation :type payload: dict :return: Keycloak server Response :rtype: dict .. py:method:: a_get_default_default_client_scopes() -> list :async: Get default default client scopes asynchronously. Return list of default default client scopes :return: Keycloak server response :rtype: list .. py:method:: a_delete_default_default_client_scope(scope_id: str) -> dict :async: Delete default default client scope asynchronously. :param scope_id: default default client scope id :type scope_id: str :return: Keycloak server response :rtype: dict .. py:method:: a_add_default_default_client_scope(scope_id: str) -> dict :async: Add default default client scope asynchronously. :param scope_id: default default client scope id :type scope_id: str :return: Keycloak server response :rtype: dict .. py:method:: a_get_default_optional_client_scopes() -> list :async: Get default optional client scopes asynchronously. Return list of default optional client scopes :return: Keycloak server response :rtype: list .. py:method:: a_delete_default_optional_client_scope(scope_id: str) -> dict :async: Delete default optional client scope asynchronously. :param scope_id: default optional client scope id :type scope_id: str :return: Keycloak server response :rtype: dict .. py:method:: a_add_default_optional_client_scope(scope_id: str) -> dict :async: Add default optional client scope asynchronously. :param scope_id: default optional client scope id :type scope_id: str :return: Keycloak server response :rtype: dict .. py:method:: a_add_client_specific_roles_to_client_scope(client_scope_id: str, client_roles_owner_id: str, roles: str | list) -> dict :async: Assign client roles to a client scope asynchronously. To assign roles to a client's dedicated scope, use a_assign_client_roles_to_client_scope. :param client_scope_id: client scope id :type client_scope_id: str :param client_roles_owner_id: id of client (not client-id) who has the roles :type client_roles_owner_id: str :param roles: roles list or role (use RoleRepresentation, must include id and name) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: a_remove_client_specific_roles_of_client_scope(client_scope_id: str, client_roles_owner_id: str, roles: str | list) -> dict :async: Delete client roles of a client scope asynchronously. To delete roles from a client's dedicated scope, use a_delete_client_roles_of_client_scope. :param client_scope_id: client scope id :type client_scope_id: str :param client_roles_owner_id: id of client (not client-id) who has the roles :type client_roles_owner_id: str :param roles: roles list or role (use RoleRepresentation, must include id and name) :type roles: list :return: Keycloak server response :rtype: dict .. py:method:: a_get_client_specific_roles_of_client_scope(client_scope_id: str, client_roles_owner_id: str) -> list :async: Get all client roles for a client scope asynchronously. To get roles for a client's dedicated scope, use a_get_client_roles_of_client_scope. :param client_scope_id: client scope id :type client_scope_id: str :param client_roles_owner_id: id of client (not client-id) who has the roles :type client_roles_owner_id: str :return: Keycloak server response (array RoleRepresentation) :rtype: list .. py:method:: a_get_all_roles_of_client_scope(client_scope_id: str) -> dict :async: Get all client roles for a client scope. To get roles for a client's dedicated scope, use a_get_client_roles_of_client_scope. :param client_scope_id: client scope id :type client_scope_id: str :return: Keycloak server response (array RoleRepresentation) :rtype: dict .. py:method:: a_get_mappers_from_client(client_id: str) -> list :async: List of all client mappers asynchronously. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_protocolmapperrepresentation :param client_id: Client id :type client_id: str :returns: KeycloakServerResponse (list of ProtocolMapperRepresentation) :rtype: list .. py:method:: a_add_mapper_to_client(client_id: str, payload: dict) -> bytes :async: Add a mapper to a client asynchronously. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_create_mapper :param client_id: The id of the client :type client_id: str :param payload: ProtocolMapperRepresentation :type payload: dict :return: Keycloak server Response :rtype: bytes .. py:method:: a_update_client_mapper(client_id: str, mapper_id: str, payload: dict) -> dict :async: Update client mapper asynchronously. :param client_id: The id of the client :type client_id: str :param mapper_id: The id of the mapper to be deleted :type mapper_id: str :param payload: ProtocolMapperRepresentation :type payload: dict :return: Keycloak server response :rtype: dict .. py:method:: a_remove_client_mapper(client_id: str, client_mapper_id: str) -> dict :async: Remove a mapper from the client asynchronously. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_protocol_mappers_resource :param client_id: The id of the client :type client_id: str :param client_mapper_id: The id of the mapper to be deleted :type client_mapper_id: str :return: Keycloak server response :rtype: dict .. py:method:: a_generate_client_secrets(client_id: str) -> dict :async: Generate a new secret for the client asynchronously. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_regeneratesecret :param client_id: id of client (not client-id) :type client_id: str :return: Keycloak server response (ClientRepresentation) :rtype: dict .. py:method:: a_get_client_secrets(client_id: str) -> dict :async: Get representation of the client secrets asynchronously. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientsecret :param client_id: id of client (not client-id) :type client_id: str :return: Keycloak server response (ClientRepresentation) :rtype: dict .. py:method:: a_get_components(query: dict | None = None) -> list :async: Get components asynchronously. Return a list of components, filtered according to query parameters ComponentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_componentrepresentation :param query: Query parameters (optional) :type query: dict :return: components list :rtype: list .. py:method:: a_create_component(payload: dict) -> str :async: Create a new component asynchronously. ComponentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_componentrepresentation :param payload: ComponentRepresentation :type payload: dict :return: Component id :rtype: str .. py:method:: a_get_component(component_id: str) -> dict :async: Get representation of the component asynchronously. :param component_id: Component id ComponentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_componentrepresentation :param component_id: Id of the component :type component_id: str :return: ComponentRepresentation :rtype: dict .. py:method:: a_update_component(component_id: str, payload: dict) -> dict :async: Update the component asynchronously. :param component_id: Component id :type component_id: str :param payload: ComponentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_componentrepresentation :type payload: dict :return: Http response :rtype: dict .. py:method:: a_delete_component(component_id: str) -> dict :async: Delete the component asynchronously. :param component_id: Component id :type component_id: str :return: Http response :rtype: dict .. py:method:: a_get_keys() -> dict :async: Get keys asynchronously. Return a list of keys, filtered according to query parameters KeysMetadataRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_key_resource :return: keys list :rtype: dict .. py:method:: a_get_admin_events(query: dict | None = None) -> list :async: Get Administrative events asynchronously. Return a list of events, filtered according to query parameters AdminEvents Representation array https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getevents https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_get_adminrealmsrealmadmin_events :param query: Additional query parameters :type query: dict :return: events list :rtype: list .. py:method:: a_get_events(query: dict | None = None) -> list :async: Get events asynchronously. Return a list of events, filtered according to query parameters EventRepresentation array https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_eventrepresentation :param query: Additional query parameters :type query: dict :return: events list :rtype: list .. py:method:: a_set_events(payload: dict) -> dict :async: Set realm events configuration asynchronously. RealmEventsConfigRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmeventsconfigrepresentation :param payload: Payload object for the events configuration :type payload: dict :return: Http response :rtype: dict .. py:method:: a_get_client_all_sessions(client_id: str, query: dict | None = None) -> list :async: Get sessions associated with the client asynchronously. UserSessionRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_usersessionrepresentation :param client_id: id of client :type client_id: str :param query: Additional query parameters :type query: dict :return: UserSessionRepresentation :rtype: list .. py:method:: a_get_client_sessions_stats() -> list :async: Get current session count for all clients with active sessions asynchronously. https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientsessionstats :return: Dict of clients and session count :rtype: list .. py:method:: a_get_client_management_permissions(client_id: str) -> dict :async: Get management permissions for a client asynchronously. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: Keycloak server response :rtype: dict .. py:method:: a_update_client_management_permissions(payload: dict, client_id: str) -> dict :async: Update management permissions for a client asynchronously. ManagementPermissionReference https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_managementpermissionreference Payload example:: payload={ "enabled": true } :param payload: ManagementPermissionReference :type payload: dict :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: Keycloak server response :rtype: dict .. py:method:: a_get_client_authz_policy_scopes(client_id: str, policy_id: str) -> list :async: Get scopes for a given policy asynchronously. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param policy_id: No Document :type policy_id: str :return: Keycloak server response :rtype: list .. py:method:: a_get_client_authz_policy_resources(client_id: str, policy_id: str) -> list :async: Get resources for a given policy asynchronously. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param policy_id: No Document :type policy_id: str :return: Keycloak server response :rtype: list .. py:method:: a_get_client_authz_scope_permission(client_id: str, scope_id: str) -> dict :async: Get permissions for a given scope asynchronously. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param scope_id: No Document :type scope_id: str :return: Keycloak server response :rtype: dict .. py:method:: a_create_client_authz_scope_permission(payload: dict, client_id: str) -> dict :async: Create permissions for a authz scope asynchronously. Payload example:: payload={ "name": "My Permission Name", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "resources": [some_resource_id], "scopes": [some_scope_id], "policies": [some_policy_id], } :param payload: No Document :type payload: dict :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: Keycloak server response :rtype: dict .. py:method:: a_update_client_authz_scope_permission(payload: dict, client_id: str, scope_id: str) -> bytes :async: Update permissions for a given scope asynchronously. Payload example:: payload={ "id": scope_id, "name": "My Permission Name", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "resources": [some_resource_id], "scopes": [some_scope_id], "policies": [some_policy_id], } :param payload: No Document :type payload: dict :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param scope_id: No Document :type scope_id: str :return: Keycloak server response :rtype: bytes .. py:method:: a_update_client_authz_resource_permission(payload: dict, client_id: str, resource_id: str) -> bytes :async: Update permissions for a given resource asynchronously. Payload example:: payload={ "id": resource_id, "name": "My Permission Name", "type": "resource", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "resources": [some_resource_id], "scopes": [], "policies": [some_policy_id], } :param payload: No Document :type payload: dict :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param resource_id: No Document :type resource_id: str :return: Keycloak server response :rtype: bytes .. py:method:: a_get_client_authz_client_policies(client_id: str) -> list :async: Get policies for a given client asynchronously. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: Keycloak server response (RoleRepresentation) :rtype: list .. py:method:: a_get_client_authz_permission_associated_policies(client_id: str, policy_id: str) -> list :async: Get associated policies for a given client permission asynchronously. :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :param policy_id: id in PolicyRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation :type policy_id: str :return: Keycloak server response (RoleRepresentation) :rtype: list .. py:method:: a_create_client_authz_client_policy(payload: dict, client_id: str) -> dict :async: Create a new policy for a given client asynchronously. Payload example:: payload={ "type": "client", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "name": "My Policy", "clients": [other_client_id], } :param payload: No Document :type payload: dict :param client_id: id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :type client_id: str :return: Keycloak server response (RoleRepresentation) :rtype: dict .. py:method:: a_get_composite_client_roles_of_group(client_id: str, group_id: str, brief_representation: bool = True) -> list :async: Get the composite client roles of the given group for the given client asynchronously. :param client_id: id of the client. :type client_id: str :param group_id: id of the group. :type group_id: str :param brief_representation: whether to omit attributes in the response :type brief_representation: bool :return: the composite client roles of the group (list of RoleRepresentation). :rtype: list .. py:method:: a_get_role_client_level_children(client_id: str, role_id: str) -> list :async: Get the child roles async of which the given composite client role is composed of. :param client_id: id of the client. :type client_id: str :param role_id: id of the role. :type role_id: str :return: the child roles (list of RoleRepresentation). :rtype: list .. py:method:: a_upload_certificate(client_id: str, certcont: str) -> dict :async: Upload a new certificate for the client asynchronously. :param client_id: id of the client. :type client_id: str :param certcont: the content of the certificate. :type certcont: str :return: dictionary {"certificate": ""}, where is the content of the uploaded certificate. :rtype: dict .. py:method:: a_get_required_action_by_alias(action_alias: str) -> dict | None :async: Get a required action by its alias asynchronously. :param action_alias: the alias of the required action. :type action_alias: str :return: the required action (RequiredActionProviderRepresentation). :rtype: dict .. py:method:: a_get_required_actions() -> list :async: Get the required actions for the realms asynchronously. :return: the required actions (list of RequiredActionProviderRepresentation). :rtype: list .. py:method:: a_update_required_action(action_alias: str, payload: dict) -> dict :async: Update a required action asynchronously. :param action_alias: the action alias. :type action_alias: str :param payload: the new required action (RequiredActionProviderRepresentation). :type payload: dict :return: empty dictionary. :rtype: dict .. py:method:: a_get_bruteforce_detection_status(user_id: str) -> dict :async: Get bruteforce detection status for user asynchronously. :param user_id: User id :type user_id: str :return: Bruteforce status. :rtype: dict .. py:method:: a_clear_bruteforce_attempts_for_user(user_id: str) -> dict :async: Clear bruteforce attempts for user asynchronously. :param user_id: User id :type user_id: str :return: empty dictionary. :rtype: dict .. py:method:: a_clear_all_bruteforce_attempts() -> dict :async: Clear bruteforce attempts for all users in realm asynchronously. :return: empty dictionary. :rtype: dict .. py:method:: a_clear_keys_cache() -> dict :async: Clear keys cache asynchronously. :return: empty dictionary. :rtype: dict .. py:method:: a_clear_realm_cache() -> dict :async: Clear realm cache asynchronously. :return: empty dictionary. :rtype: dict .. py:method:: a_clear_user_cache() -> dict :async: Clear user cache asynchronously. :return: empty dictionary. :rtype: dict .. py:method:: a_change_execution_priority(execution_id: str, diff: int) -> None :async: Raise or lower execution priority of diff time. :param execution_id: The ID of the execution :type execution_id: str :param diff: The difference in priority, positive to raise, negative to lower, the value is the number of times :type diff: int :raises KeycloakPostError: when post requests are failed .. py:method:: a_create_execution_config(execution_id: str, payload: dict) -> bytes :async: Update execution with new configuration. AuthenticatorConfigRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticatorconfigrepresentation :param execution_id: The ID of the execution :type execution_id: str :param payload: Configuration to add to the execution :type payload: dir :return: Response(json) :rtype: bytes .. py:method:: a_update_authentication_flow(flow_id: str, payload: dict) -> dict :async: Update an authentication flow. AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationflowrepresentation :param flow_id: The id of the flow :type flow_id: str :param payload: AuthenticationFlowRepresentation :type payload: dict :return: Keycloak server response :rtype: dict .. py:class:: KeycloakOpenID(server_url: str, realm_name: str, client_id: str, client_secret_key: str | None = None, verify: bool | str = True, custom_headers: dict | None = None, proxies: dict | None = None, timeout: int | None = 60, cert: str | tuple | None = None, max_retries: int = 1, pool_maxsize: int | None = None) Keycloak OpenID client. :param server_url: Keycloak server url :param client_id: client id :param realm_name: realm name :param client_secret_key: client secret key :param verify: Boolean value to enable or disable certificate validation or a string containing a path to a CA bundle to use :param custom_headers: dict of custom header to pass to each HTML request :param proxies: dict of proxies to sent the request by. :param timeout: connection timeout in seconds :param cert: An SSL certificate used by the requested host to authenticate the client. Either a path to an SSL certificate file, or two-tuple of (certificate file, key file). :param max_retries: The total number of times to retry HTTP requests. :param pool_maxsize: The maximum number of connections to save in the pool. :type pool_maxsize: int .. py:property:: client_id :type: str Get client id. :returns: Client id :rtype: str .. py:property:: client_secret_key :type: str | None Get the client secret key. :returns: Client secret key :rtype: str .. py:property:: realm_name :type: str Get the realm name. :returns: Realm name :rtype: str .. py:property:: connection :type: keycloak.connection.ConnectionManager Get connection. :returns: Connection manager object :rtype: ConnectionManager .. py:property:: authorization :type: keycloak.authorization.Authorization Get authorization. :returns: The authorization manager :rtype: Authorization .. py:method:: _add_secret_key(payload: dict) -> dict Add secret key if exists. :param payload: Payload :type payload: dict :returns: Payload with the secret key :rtype: dict .. py:method:: _build_name_role(role: str) -> str Build name of a role. :param role: Role name :type role: str :returns: Role path :rtype: str .. py:method:: _token_info(token: str, method_token_info: str, **kwargs: Any) -> dict Getter for the token data. :param token: Token :type token: str :param method_token_info: Token info method to use :type method_token_info: str :param kwargs: Additional keyword arguments passed to the decode_token method :type kwargs: dict :returns: Token info :rtype: dict .. py:method:: well_known() -> dict Get the well_known object. The most important endpoint to understand is the well-known configuration endpoint. It lists endpoints and other configuration options relevant to the OpenID Connect implementation in Keycloak. :returns: It lists endpoints and other configuration options relevant :rtype: dict .. py:method:: auth_url(redirect_uri: str, scope: str = 'email', state: str = '', nonce: str = '', code_challenge: str | None = None, code_challenge_method: str | None = None) -> str Get authorization URL endpoint. :param redirect_uri: Redirect url to receive oauth code :type redirect_uri: str :param scope: Scope of authorization request, split with the blank space :type scope: str :param state: State will be returned to the redirect_uri :type state: str :param nonce: Associates a Client session with an ID Token to mitigate replay attacks :type nonce: str :param code_challenge: PKCE code challenge :type code_challenge: str :param code_challenge_method: PKCE code challenge method :type code_challenge_method: str :returns: Authorization URL Full Build :rtype: str .. py:method:: token(username: str | None = '', password: str | None = '', grant_type: str = 'password', code: str = '', redirect_uri: str = '', totp: int | None = None, scope: str = 'openid', code_verifier: str | None = None, **extra: Any) -> dict Retrieve user token. The token endpoint is used to obtain tokens. Tokens can either be obtained by exchanging an authorization code or by supplying credentials directly depending on what flow is used. The token endpoint is also used to obtain new access tokens when they expire. http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint :param username: Username :type username: str :param password: Password :type password: str :param grant_type: Grant type :type grant_type: str :param code: Code :type code: str :param redirect_uri: Redirect URI :type redirect_uri: str :param totp: Time-based one-time password :type totp: int :param scope: Scope, defaults to openid :type scope: str :param code_verifier: PKCE code verifier :type code_verifier: str :param extra: Additional extra arguments :type extra: dict :returns: Keycloak token :rtype: dict .. py:method:: refresh_token(refresh_token: str, grant_type: str = 'refresh_token') -> dict Refresh the user token. The token endpoint is used to obtain tokens. Tokens can either be obtained by exchanging an authorization code or by supplying credentials directly depending on what flow is used. The token endpoint is also used to obtain new access tokens when they expire. http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint :param refresh_token: Refresh token from Keycloak :type refresh_token: str :param grant_type: Grant type :type grant_type: str :returns: New token :rtype: dict .. py:method:: exchange_token(token: str, audience: str | None = None, subject: str | None = None, subject_token_type: str | None = None, subject_issuer: str | None = None, requested_issuer: str | None = None, requested_token_type: str = 'urn:ietf:params:oauth:token-type:refresh_token', scope: str = 'openid') -> dict Exchange user token. Use a token to obtain an entirely different token. See https://www.keycloak.org/docs/latest/securing_apps/index.html#_token-exchange :param token: Access token :type token: str :param audience: Audience :type audience: str :param subject: Subject :type subject: str :param subject_token_type: Token Type specification :type subject_token_type: Optional[str] :param subject_issuer: Issuer :type subject_issuer: Optional[str] :param requested_issuer: Issuer :type requested_issuer: Optional[str] :param requested_token_type: Token type specification :type requested_token_type: str :param scope: Scope, defaults to openid :type scope: str :returns: Exchanged token :rtype: dict .. py:method:: userinfo(token: str) -> dict Get the user info object. The userinfo endpoint returns standard claims about the authenticated user, and is protected by a bearer token. http://openid.net/specs/openid-connect-core-1_0.html#UserInfo :param token: Access token :type token: str :returns: Userinfo object :rtype: dict .. py:method:: logout(refresh_token: str) -> dict Log out the authenticated user. :param refresh_token: Refresh token from Keycloak :type refresh_token: str :returns: Keycloak server response :rtype: dict .. py:method:: certs() -> dict Get certificates. The certificate endpoint returns the public keys enabled by the realm, encoded as a JSON Web Key (JWK). Depending on the realm settings there can be one or more keys enabled for verifying tokens. https://tools.ietf.org/html/rfc7517 :returns: Certificates :rtype: dict .. py:method:: public_key() -> str Retrieve the public key. The public key is exposed by the realm page directly. :returns: The public key :rtype: str .. py:method:: entitlement(token: str, resource_server_id: str) -> dict Get entitlements from the token. Client applications can use a specific endpoint to obtain a special security token called a requesting party token (RPT). This token consists of all the entitlements (or permissions) for a user as a result of the evaluation of the permissions and authorization policies associated with the resources being requested. With an RPT, client applications can gain access to protected resources at the resource server. :param token: Access token :type token: str :param resource_server_id: Resource server ID :type resource_server_id: str :returns: Entitlements :rtype: dict .. py:method:: introspect(token: str, rpt: str | None = None, token_type_hint: str | None = None) -> dict Introspect the user token. The introspection endpoint is used to retrieve the active state of a token. It is can only be invoked by confidential clients. https://tools.ietf.org/html/rfc7662 :param token: Access token :type token: str :param rpt: Requesting party token :type rpt: str :param token_type_hint: Token type hint :type token_type_hint: str :returns: Token info :rtype: dict :raises KeycloakRPTNotFound: In case of RPT not specified .. py:method:: _verify_token(token: str, key: jwcrypto.jwk.JWK | jwcrypto.jwk.JWKSet | None, **kwargs: Any) -> dict :staticmethod: Decode and optionally validate a token. :param token: The token to verify :type token: str :param key: Which key should be used for validation. If not provided, the validation is not performed and the token is implicitly valid. :type key: Union[jwk.JWK, jwk.JWKSet, None] :param kwargs: Additional keyword arguments for jwcrypto's JWT object :type kwargs: dict :returns: Decoded token .. py:method:: decode_token(token: str, validate: bool = True, **kwargs: Any) -> dict Decode user token. A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. This specification also defines a JWK Set JSON data structure that represents a set of JWKs. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and IANA registries established by that specification. https://tools.ietf.org/html/rfc7517 :param token: Keycloak token :type token: str :param validate: Determines whether the token should be validated with the public key. Defaults to True. :type validate: bool :param kwargs: Additional keyword arguments for jwcrypto's JWT object :type kwargs: dict :returns: Decoded token :rtype: dict .. py:method:: load_authorization_config(path: str) -> None Load Keycloak settings (authorization). :param path: settings file (json) :type path: str .. py:method:: get_policies(token: str, method_token_info: str = 'introspect', **kwargs: Any) -> list | None Get policies by user token. :param token: User token :type token: str :param method_token_info: Method for token info decoding :type method_token_info: str :param kwargs: Additional keyword arguments :type kwargs: dict :return: Policies :rtype: dict :raises KeycloakAuthorizationConfigError: In case of bad authorization configuration :raises KeycloakInvalidTokenError: In case of bad token .. py:method:: get_permissions(token: str, method_token_info: str = 'introspect', **kwargs: Any) -> list | None Get permission by user token. :param token: user token :type token: str :param method_token_info: Decode token method :type method_token_info: str :param kwargs: parameters for decode :type kwargs: dict :returns: permissions list :rtype: list :raises KeycloakAuthorizationConfigError: In case of bad authorization configuration :raises KeycloakInvalidTokenError: In case of bad token .. py:method:: uma_permissions(token: str, permissions: str = '', **extra_payload: Any) -> list Get UMA permissions by user token with requested permissions. The token endpoint is used to retrieve UMA permissions from Keycloak. It can only be invoked by confidential clients. http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint :param token: user token :type token: str :param permissions: list of uma permissions list(resource:scope) requested by the user :type permissions: str :param extra_payload: Additional payload data :type extra_payload: dict :returns: Keycloak server response :rtype: list .. py:method:: has_uma_access(token: str, permissions: str) -> keycloak.uma_permissions.AuthStatus Determine whether user has uma permissions with specified user token. :param token: user token :type token: str :param permissions: list of uma permissions (resource:scope) :type permissions: str :return: Authentication status :rtype: AuthStatus :raises KeycloakAuthenticationError: In case of failed authentication :raises KeycloakPostError: In case of failed request to Keycloak .. py:method:: register_client(token: str, payload: dict) -> dict Create a client. ClientRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :param token: Initial access token :type token: str :param payload: ClientRepresentation :type payload: dict :return: Client Representation :rtype: dict .. py:method:: device(scope: str = '') -> dict Get device authorization grant. The device endpoint is used to obtain a user code verification and user authentication. The response contains a device_code, user_code, verification_uri, verification_uri_complete, expires_in (lifetime in seconds for device_code and user_code), and polling interval. Users can either follow the verification_uri and enter the user_code or follow the verification_uri_complete. After authenticating with valid credentials, users can obtain tokens using the "urn:ietf:params:oauth:grant-type:device_code" grant_type and the device_code. https://auth0.com/docs/get-started/authentication-and-authorization-flow/device-authorization-flow https://github.com/keycloak/keycloak-community/blob/main/design/oauth2-device-authorization-grant.md#how-to-try-it :param scope: Scope of authorization request, split with the blank space :type scope: str :returns: Device Authorization Response :rtype: dict .. py:method:: update_client(token: str, client_id: str, payload: dict) -> dict Update a client. ClientRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :param token: registration access token :type token: str :param client_id: Keycloak client id :type client_id: str :param payload: ClientRepresentation :type payload: dict :return: Client Representation :rtype: bytes .. py:method:: _a_token_info(token: str, method_token_info: str, **kwargs: Any) -> dict :async: Asynchronous getter for the token data. :param token: Token :type token: str :param method_token_info: Token info method to use :type method_token_info: str :param kwargs: Additional keyword arguments passed to the decode_token method :type kwargs: dict :returns: Token info :rtype: dict .. py:method:: a_well_known() -> dict :async: Get the well_known object asynchronously. The most important endpoint to understand is the well-known configuration endpoint. It lists endpoints and other configuration options relevant to the OpenID Connect implementation in Keycloak. :returns: It lists endpoints and other configuration options relevant :rtype: dict .. py:method:: a_auth_url(redirect_uri: str, scope: str = 'email', state: str = '', nonce: str = '', code_challenge: str | None = None, code_challenge_method: str | None = None) -> str :async: Get authorization URL endpoint asynchronously. :param redirect_uri: Redirect url to receive oauth code :type redirect_uri: str :param scope: Scope of authorization request, split with the blank space :type scope: str :param state: State will be returned to the redirect_uri :type state: str :param nonce: Associates a Client session with an ID Token to mitigate replay attacks :type nonce: str :param code_challenge: PKCE code challenge :type code_challenge: str :param code_challenge_method: PKCE code challenge method :type code_challenge_method: str :returns: Authorization URL Full Build :rtype: str .. py:method:: a_token(username: str | None = '', password: str | None = '', grant_type: str = 'password', code: str = '', redirect_uri: str = '', totp: int | None = None, scope: str = 'openid', code_verifier: str | None = None, **extra: Any) -> dict :async: Retrieve user token asynchronously. The token endpoint is used to obtain tokens. Tokens can either be obtained by exchanging an authorization code or by supplying credentials directly depending on what flow is used. The token endpoint is also used to obtain new access tokens when they expire. http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint :param username: Username :type username: str :param password: Password :type password: str :param grant_type: Grant type :type grant_type: str :param code: Code :type code: str :param redirect_uri: Redirect URI :type redirect_uri: str :param totp: Time-based one-time password :type totp: int :param scope: Scope, defaults to openid :type scope: str :param code_verifier: PKCE code verifier :type code_verifier: str :param extra: Additional extra arguments :type extra: dict :returns: Keycloak token :rtype: dict .. py:method:: a_refresh_token(refresh_token: str, grant_type: str = 'refresh_token') -> dict :async: Refresh the user token asynchronously. The token endpoint is used to obtain tokens. Tokens can either be obtained by exchanging an authorization code or by supplying credentials directly depending on what flow is used. The token endpoint is also used to obtain new access tokens when they expire. http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint :param refresh_token: Refresh token from Keycloak :type refresh_token: str :param grant_type: Grant type :type grant_type: str :returns: New token :rtype: dict .. py:method:: a_exchange_token(token: str, audience: str | None = None, subject: str | None = None, subject_token_type: str | None = None, subject_issuer: str | None = None, requested_issuer: str | None = None, requested_token_type: str = 'urn:ietf:params:oauth:token-type:refresh_token', scope: str = 'openid') -> dict :async: Exchange user token asynchronously. Use a token to obtain an entirely different token. See https://www.keycloak.org/docs/latest/securing_apps/index.html#_token-exchange :param token: Access token :type token: str :param audience: Audience :type audience: str :param subject: Subject :type subject: str :param subject_token_type: Token Type specification :type subject_token_type: Optional[str] :param subject_issuer: Issuer :type subject_issuer: Optional[str] :param requested_issuer: Issuer :type requested_issuer: Optional[str] :param requested_token_type: Token type specification :type requested_token_type: str :param scope: Scope, defaults to openid :type scope: str :returns: Exchanged token :rtype: dict .. py:method:: a_userinfo(token: str) -> dict :async: Get the user info object asynchronously. The userinfo endpoint returns standard claims about the authenticated user, and is protected by a bearer token. http://openid.net/specs/openid-connect-core-1_0.html#UserInfo :param token: Access token :type token: str :returns: Userinfo object :rtype: dict .. py:method:: a_logout(refresh_token: str) -> dict :async: Log out the authenticated user asynchronously. :param refresh_token: Refresh token from Keycloak :type refresh_token: str :returns: Keycloak server response :rtype: dict .. py:method:: a_certs() -> dict :async: Get certificates asynchronously. The certificate endpoint returns the public keys enabled by the realm, encoded as a JSON Web Key (JWK). Depending on the realm settings there can be one or more keys enabled for verifying tokens. https://tools.ietf.org/html/rfc7517 :returns: Certificates :rtype: dict .. py:method:: a_public_key() -> str :async: Retrieve the public key asynchronously. The public key is exposed by the realm page directly. :returns: The public key :rtype: str .. py:method:: a_entitlement(token: str, resource_server_id: str) -> dict :async: Get entitlements from the token asynchronously. Client applications can use a specific endpoint to obtain a special security token called a requesting party token (RPT). This token consists of all the entitlements (or permissions) for a user as a result of the evaluation of the permissions and authorization policies associated with the resources being requested. With an RPT, client applications can gain access to protected resources at the resource server. :param token: Access token :type token: str :param resource_server_id: Resource server ID :type resource_server_id: str :returns: Entitlements :rtype: dict .. py:method:: a_introspect(token: str, rpt: str | None = None, token_type_hint: str | None = None) -> dict :async: Introspect the user token asynchronously. The introspection endpoint is used to retrieve the active state of a token. It is can only be invoked by confidential clients. https://tools.ietf.org/html/rfc7662 :param token: Access token :type token: str :param rpt: Requesting party token :type rpt: str :param token_type_hint: Token type hint :type token_type_hint: str :returns: Token info :rtype: dict :raises KeycloakRPTNotFound: In case of RPT not specified .. py:method:: a_decode_token(token: str, validate: bool = True, **kwargs: Any) -> dict :async: Decode user token asynchronously. A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. This specification also defines a JWK Set JSON data structure that represents a set of JWKs. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and IANA registries established by that specification. https://tools.ietf.org/html/rfc7517 :param token: Keycloak token :type token: str :param validate: Determines whether the token should be validated with the public key. Defaults to True. :type validate: bool :param kwargs: Additional keyword arguments for jwcrypto's JWT object :type kwargs: dict :returns: Decoded token :rtype: dict .. py:method:: a_load_authorization_config(path: str) -> None :async: Load Keycloak settings (authorization) asynchronously. :param path: settings file (json) :type path: str .. py:method:: a_get_policies(token: str, method_token_info: str = 'introspect', **kwargs: Any) -> list | None :async: Get policies by user token asynchronously. :param token: User token :type token: str :param method_token_info: Method for token info decoding :type method_token_info: str :param kwargs: Additional keyword arguments :type kwargs: dict :return: Policies :rtype: list | None :raises KeycloakAuthorizationConfigError: In case of bad authorization configuration :raises KeycloakInvalidTokenError: In case of bad token .. py:method:: a_get_permissions(token: str, method_token_info: str = 'introspect', **kwargs: Any) -> list | None :async: Get permission by user token asynchronously. :param token: user token :type token: str :param method_token_info: Decode token method :type method_token_info: str :param kwargs: parameters for decode :type kwargs: dict :returns: permissions list :rtype: list | None :raises KeycloakAuthorizationConfigError: In case of bad authorization configuration :raises KeycloakInvalidTokenError: In case of bad token .. py:method:: a_uma_permissions(token: str, permissions: str = '', **extra_payload: Any) -> list :async: Get UMA permissions by user token with requested permissions asynchronously. The token endpoint is used to retrieve UMA permissions from Keycloak. It can only be invoked by confidential clients. http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint :param token: user token :type token: str :param permissions: list of uma permissions list(resource:scope) requested by the user :type permissions: str :param extra_payload: Additional payload data :type extra_payload: dict :returns: Keycloak server response :rtype: list .. py:method:: a_has_uma_access(token: str, permissions: str) -> keycloak.uma_permissions.AuthStatus :async: Determine whether user has uma permissions with specified user token asynchronously. :param token: user token :type token: str :param permissions: list of uma permissions (resource:scope) :type permissions: str :return: Authentication status :rtype: AuthStatus :raises KeycloakAuthenticationError: In case of failed authentication :raises KeycloakPostError: In case of failed request to Keycloak .. py:method:: a_register_client(token: str, payload: dict) -> dict :async: Create a client asynchronously. ClientRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :param token: Initial access token :type token: str :param payload: ClientRepresentation :type payload: dict :return: Client Representation :rtype: dict .. py:method:: a_device(scope: str = '') -> dict :async: Get device authorization grant asynchronously. The device endpoint is used to obtain a user code verification and user authentication. The response contains a device_code, user_code, verification_uri, verification_uri_complete, expires_in (lifetime in seconds for device_code and user_code), and polling interval. Users can either follow the verification_uri and enter the user_code or follow the verification_uri_complete. After authenticating with valid credentials, users can obtain tokens using the "urn:ietf:params:oauth:grant-type:device_code" grant_type and the device_code. https://auth0.com/docs/get-started/authentication-and-authorization-flow/device-authorization-flow https://github.com/keycloak/keycloak-community/blob/main/design/oauth2-device-authorization-grant.md#how-to-try-it :param scope: Scope of authorization request, split with the blank space :type scope: str :returns: Device Authorization Response :rtype: dict .. py:method:: a_update_client(token: str, client_id: str, payload: dict) -> dict :async: Update a client asynchronously. ClientRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation :param token: registration access token :type token: str :param client_id: Keycloak client id :type client_id: str :param payload: ClientRepresentation :type payload: dict :return: Client Representation :rtype: dict .. py:class:: KeycloakUMA(connection: keycloak.openid_connection.KeycloakOpenIDConnection) Keycloak UMA client. :param connection: OpenID connection manager .. py:attribute:: connection .. py:attribute:: _well_known :value: None .. py:method:: _fetch_well_known() -> dict .. py:method:: format_url(url: str, **kwargs: Any) -> str :staticmethod: Substitute url path parameters. Given a parameterized url string, returns the string after url encoding and substituting the given params. For example, `format_url("https://myserver/{my_resource}/{id}", my_resource="hello world", id="myid")` would produce `https://myserver/hello+world/myid`. :param url: url string to format :type url: str :param kwargs: dict containing kwargs to substitute :type kwargs: dict :return: formatted string :rtype: str .. py:method:: a_format_url(url: str, **kwargs: Any) -> str :staticmethod: :async: Substitute url path parameters. Given a parameterized url string, returns the string after url encoding and substituting the given params. For example, `format_url("https://myserver/{my_resource}/{id}", my_resource="hello world", id="myid")` would produce `https://myserver/hello+world/myid`. :param url: url string to format :type url: str :param kwargs: dict containing kwargs to substitute :type kwargs: dict :return: formatted string :rtype: str .. py:property:: uma_well_known :type: dict Get the well_known UMA2 config. :returns: It lists endpoints and other configuration options relevant :rtype: dict .. py:property:: a_uma_well_known :type: dict Get the well_known UMA2 config async. :returns: It lists endpoints and other configuration options relevant :rtype: dict .. py:method:: resource_set_create(payload: dict) -> dict Create a resource set. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#rfc.section.2.2.1 ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :param payload: ResourceRepresentation :type payload: dict :return: ResourceRepresentation with the _id property assigned :rtype: dict .. py:method:: resource_set_update(resource_id: str, payload: dict) -> dict Update a resource set. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#update-resource-set ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :param resource_id: id of the resource :type resource_id: str :param payload: ResourceRepresentation :type payload: dict :return: Response dict (empty) :rtype: bytes .. py:method:: resource_set_read(resource_id: str) -> dict Read a resource set. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#read-resource-set ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :param resource_id: id of the resource :type resource_id: str :return: ResourceRepresentation :rtype: dict .. py:method:: resource_set_delete(resource_id: str) -> dict Delete a resource set. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#delete-resource-set :param resource_id: id of the resource :type resource_id: str :return: Response dict (empty) :rtype: dict .. py:method:: resource_set_list_ids(name: str = '', exact_name: bool = False, uri: str = '', owner: str = '', resource_type: str = '', scope: str = '', matchingUri: bool = False, first: int = 0, maximum: int = -1) -> list Query for list of resource set ids. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#list-resource-sets :param name: query resource name :type name: str :param exact_name: query exact match for resource name :type exact_name: bool :param uri: query resource uri :type uri: str :param owner: query resource owner :type owner: str :param resource_type: query resource type :type resource_type: str :param scope: query resource scope :type scope: str :param matchingUri: enable URI matching :type matchingUri: bool :param first: index of first matching resource to return :type first: int :param maximum: maximum number of resources to return (-1 for all) :type maximum: int :return: List of ids :rtype: List[str] .. py:method:: resource_set_list() -> collections.abc.Generator[dict, Any, Any] List all resource sets. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#list-resource-sets ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :yields: Iterator over a list of ResourceRepresentations :rtype: Iterator[dict] .. py:method:: permission_ticket_create(permissions: collections.abc.Iterable[keycloak.uma_permissions.UMAPermission]) -> dict Create a permission ticket. :param permissions: Iterable of uma permissions to validate the token against :type permissions: Iterable[UMAPermission] :returns: Keycloak decision :rtype: boolean :raises KeycloakPostError: In case permission resource not found .. py:method:: permissions_check(token: str, permissions: collections.abc.Iterable[keycloak.uma_permissions.UMAPermission], **extra_payload: Any) -> bool Check UMA permissions by user token with requested permissions. The token endpoint is used to check UMA permissions from Keycloak. It can only be invoked by confidential clients. https://www.keycloak.org/docs/latest/authorization_services/#_service_authorization_api :param token: user token :type token: str :param permissions: Iterable of uma permissions to validate the token against :type permissions: Iterable[UMAPermission] :param extra_payload: extra payload data :type extra_payload: dict :returns: Keycloak decision :rtype: boolean .. py:method:: policy_resource_create(resource_id: str, payload: dict) -> dict Create permission policy for resource. Supports name, description, scopes, roles, groups, clients https://www.keycloak.org/docs/latest/authorization_services/#associating-a-permission-with-a-resource :param resource_id: _id of resource :type resource_id: str :param payload: permission configuration :type payload: dict :return: PermissionRepresentation :rtype: dict .. py:method:: policy_update(policy_id: str, payload: dict) -> bytes Update permission policy. https://www.keycloak.org/docs/latest/authorization_services/#associating-a-permission-with-a-resource https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation :param policy_id: id of policy permission :type policy_id: str :param payload: policy permission configuration :type payload: dict :return: PermissionRepresentation :rtype: bytes .. py:method:: policy_delete(policy_id: str) -> dict Delete permission policy. https://www.keycloak.org/docs/latest/authorization_services/#removing-a-permission https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation :param policy_id: id of permission policy :type policy_id: str :return: PermissionRepresentation :rtype: dict .. py:method:: policy_query(resource: str = '', name: str = '', scope: str = '', first: int = 0, maximum: int = -1) -> list Query permission policies. https://www.keycloak.org/docs/latest/authorization_services/#querying-permission :param resource: query resource id :type resource: str :param name: query resource name :type name: str :param scope: query resource scope :type scope: str :param first: index of first matching resource to return :type first: int :param maximum: maximum number of resources to return (-1 for all) :type maximum: int :return: List of ids :return: List of ids :rtype: List[str] .. py:method:: a__fetch_well_known() -> dict :async: Get the well_known UMA2 config async. :returns: It lists endpoints and other configuration options relevant :rtype: dict .. py:method:: a_resource_set_create(payload: dict) -> dict :async: Create a resource set asynchronously. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#rfc.section.2.2.1 ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :param payload: ResourceRepresentation :type payload: dict :return: ResourceRepresentation with the _id property assigned :rtype: dict .. py:method:: a_resource_set_update(resource_id: str, payload: dict) -> dict :async: Update a resource set asynchronously. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#update-resource-set ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :param resource_id: id of the resource :type resource_id: str :param payload: ResourceRepresentation :type payload: dict :return: Response dict (empty) :rtype: dict .. py:method:: a_resource_set_read(resource_id: str) -> dict :async: Read a resource set asynchronously. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#read-resource-set ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :param resource_id: id of the resource :type resource_id: str :return: ResourceRepresentation :rtype: dict .. py:method:: a_resource_set_delete(resource_id: str) -> dict :async: Delete a resource set asynchronously. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#delete-resource-set :param resource_id: id of the resource :type resource_id: str :return: Response dict (empty) :rtype: dict .. py:method:: a_resource_set_list_ids(name: str = '', exact_name: bool = False, uri: str = '', owner: str = '', resource_type: str = '', scope: str = '', matchingUri: bool = False, first: int = 0, maximum: int = -1) -> list :async: Query for list of resource set ids asynchronously. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#list-resource-sets :param name: query resource name :type name: str :param exact_name: query exact match for resource name :type exact_name: bool :param uri: query resource uri :type uri: str :param owner: query resource owner :type owner: str :param resource_type: query resource type :type resource_type: str :param scope: query resource scope :type scope: str :param first: index of first matching resource to return :param matchingUri: enable URI matching :type matchingUri: bool :type first: int :param maximum: maximum number of resources to return (-1 for all) :type maximum: int :return: List of ids :rtype: List[str] .. py:method:: a_resource_set_list() -> collections.abc.AsyncGenerator[dict, Any] :async: List all resource sets asynchronously. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#list-resource-sets ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :yields: Iterator over a list of ResourceRepresentations :rtype: Iterator[dict] .. py:method:: a_permission_ticket_create(permissions: collections.abc.Iterable[keycloak.uma_permissions.UMAPermission]) -> dict :async: Create a permission ticket asynchronously. :param permissions: Iterable of uma permissions to validate the token against :type permissions: Iterable[UMAPermission] :returns: Keycloak decision :rtype: boolean :raises KeycloakPostError: In case permission resource not found .. py:method:: a_permissions_check(token: str, permissions: collections.abc.Iterable[keycloak.uma_permissions.UMAPermission], **extra_payload: Any) -> bool :async: Check UMA permissions by user token with requested permissions asynchronously. The token endpoint is used to check UMA permissions from Keycloak. It can only be invoked by confidential clients. https://www.keycloak.org/docs/latest/authorization_services/#_service_authorization_api :param token: user token :type token: str :param permissions: Iterable of uma permissions to validate the token against :type permissions: Iterable[UMAPermission] :param extra_payload: extra payload data :type extra_payload: dict :returns: Keycloak decision :rtype: boolean .. py:method:: a_policy_resource_create(resource_id: str, payload: dict) -> dict :async: Create permission policy for resource asynchronously. Supports name, description, scopes, roles, groups, clients https://www.keycloak.org/docs/latest/authorization_services/#associating-a-permission-with-a-resource :param resource_id: _id of resource :type resource_id: str :param payload: permission configuration :type payload: dict :return: PermissionRepresentation :rtype: dict .. py:method:: a_policy_update(policy_id: str, payload: dict) -> bytes :async: Update permission policy asynchronously. https://www.keycloak.org/docs/latest/authorization_services/#associating-a-permission-with-a-resource https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation :param policy_id: id of policy permission :type policy_id: str :param payload: policy permission configuration :type payload: dict :return: PermissionRepresentation :rtype: bytes .. py:method:: a_policy_delete(policy_id: str) -> dict :async: Delete permission policy asynchronously. https://www.keycloak.org/docs/latest/authorization_services/#removing-a-permission https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation :param policy_id: id of permission policy :type policy_id: str :return: PermissionRepresentation :rtype: dict .. py:method:: a_policy_query(resource: str = '', name: str = '', scope: str = '', first: int = 0, maximum: int = -1) -> list :async: Query permission policies asynchronously. https://www.keycloak.org/docs/latest/authorization_services/#querying-permission :param resource: query resource id :type resource: str :param name: query resource name :type name: str :param scope: query resource scope :type scope: str :param first: index of first matching resource to return :type first: int :param maximum: maximum number of resources to return (-1 for all) :type maximum: int :return: List of ids :return: List of ids :rtype: List[str] .. py:class:: KeycloakOpenIDConnection(server_url: str | None = None, grant_type: str | None = None, username: str | None = None, password: str | None = None, token: dict | None = None, totp: int | None = None, realm_name: str | None = 'master', client_id: str = 'admin-cli', verify: str | bool = True, client_secret_key: str | None = None, custom_headers: dict | None = None, user_realm_name: str | None = None, timeout: int | None = 60, cert: str | tuple | None = None, max_retries: int = 1, pool_maxsize: int | None = None) Bases: :py:obj:`keycloak.connection.ConnectionManager` A class to help with OpenID connections which can auto refresh tokens. :param object: _description_ :type object: _type_ .. py:attribute:: _server_url :value: None .. py:attribute:: _grant_type :value: None .. py:attribute:: _username :value: None .. py:attribute:: _password :value: None .. py:attribute:: _totp :value: None .. py:attribute:: _realm_name :value: None .. py:attribute:: _client_id :value: None .. py:attribute:: _verify :value: None .. py:attribute:: _client_secret_key :value: None .. py:attribute:: _connection :value: None .. py:attribute:: _custom_headers :value: None .. py:attribute:: _user_realm_name :value: None .. py:attribute:: _expires_at :value: None .. py:attribute:: _keycloak_openid :value: None .. py:attribute:: token_lifetime_fraction :value: 0.9 .. py:attribute:: headers Return header request to the server. :returns: Request headers :rtype: dict .. py:property:: server_url :type: str | None Get server url. :returns: Keycloak server url :rtype: str .. py:property:: grant_type :type: str | None Get grant type. :returns: Grant type :rtype: str .. py:property:: username :type: str | None Get username. :returns: Admin username :rtype: str .. py:property:: password :type: str | None Get password. :returns: Admin password :rtype: str .. py:property:: token :type: dict | None Get token. :returns: Access and refresh token :rtype: dict .. py:property:: totp :type: int | None Get totp. :returns: TOTP :rtype: str .. py:property:: realm_name :type: str | None Get realm name. :returns: Realm name :rtype: str .. py:property:: client_id :type: str | None Get client id. :returns: Client id :rtype: str .. py:attribute:: verify :value: True Return verify in use for request to the server. :returns: Verify indicator :rtype: bool .. py:property:: client_secret_key :type: str | None Get client secret key. :returns: Client secret key :rtype: str .. py:property:: user_realm_name :type: str | None Get user realm name. :returns: User realm name :rtype: str .. py:attribute:: timeout :value: 60 Return timeout in use for request to the server. :returns: Timeout :rtype: int .. py:property:: custom_headers :type: dict | None Get custom headers. :returns: Custom headers :rtype: dict .. py:attribute:: cert :value: None Return client certificates in use for request to the server. :returns: Client certificate :rtype: Union[str,Tuple[str,str]] .. py:property:: expires_at :type: datetime.datetime | None Get token expiry time. :returns: Datetime at which the current token will expire :rtype: datetime .. py:property:: keycloak_openid :type: keycloak.keycloak_openid.KeycloakOpenID Get the KeycloakOpenID object. The KeycloakOpenID is used to refresh tokens :returns: KeycloakOpenID :rtype: KeycloakOpenID .. py:method:: get_token() -> None Get admin token. The admin token is then set in the `token` attribute. .. py:method:: refresh_token() -> None Refresh the token. :raises KeycloakPostError: In case the refresh token request failed. .. py:method:: _refresh_if_required() -> None .. py:method:: raw_get(*args: Any, **kwargs: Any) -> requests.Response Call connection.raw_get. If auto_refresh is set for *get* and *access_token* is expired, it will refresh the token and try *get* once more. :param args: Additional arguments :type args: tuple :param kwargs: Additional keyword arguments :type kwargs: dict :returns: Response :rtype: Response .. py:method:: raw_post(*args: Any, **kwargs: Any) -> requests.Response Call connection.raw_post. If auto_refresh is set for *post* and *access_token* is expired, it will refresh the token and try *post* once more. :param args: Additional arguments :type args: tuple :param kwargs: Additional keyword arguments :type kwargs: dict :returns: Response :rtype: Response .. py:method:: raw_put(*args: Any, **kwargs: Any) -> requests.Response Call connection.raw_put. If auto_refresh is set for *put* and *access_token* is expired, it will refresh the token and try *put* once more. :param args: Additional arguments :type args: tuple :param kwargs: Additional keyword arguments :type kwargs: dict :returns: Response :rtype: Response .. py:method:: raw_delete(*args: Any, **kwargs: Any) -> requests.Response Call connection.raw_delete. If auto_refresh is set for *delete* and *access_token* is expired, it will refresh the token and try *delete* once more. :param args: Additional arguments :type args: tuple :param kwargs: Additional keyword arguments :type kwargs: dict :returns: Response :rtype: Response .. py:method:: a_get_token() -> None :async: Get admin token. The admin token is then set in the `token` attribute. .. py:method:: a_refresh_token() -> None :async: Refresh the token. :raises KeycloakPostError: In case the refresh token request failed. .. py:method:: a__refresh_if_required() -> None :async: Refresh the token if it is expired. .. py:method:: a_raw_get(*args: Any, **kwargs: Any) -> httpx.Response :async: Call connection.raw_get. If auto_refresh is set for *get* and *access_token* is expired, it will refresh the token and try *get* once more. :param args: Additional arguments :type args: tuple :param kwargs: Additional keyword arguments :type kwargs: dict :returns: Response :rtype: Response .. py:method:: a_raw_post(*args: Any, **kwargs: Any) -> httpx.Response :async: Call connection.raw_post. If auto_refresh is set for *post* and *access_token* is expired, it will refresh the token and try *post* once more. :param args: Additional arguments :type args: tuple :param kwargs: Additional keyword arguments :type kwargs: dict :returns: Response :rtype: Response .. py:method:: a_raw_put(*args: Any, **kwargs: Any) -> httpx.Response :async: Call connection.raw_put. If auto_refresh is set for *put* and *access_token* is expired, it will refresh the token and try *put* once more. :param args: Additional arguments :type args: tuple :param kwargs: Additional keyword arguments :type kwargs: dict :returns: Response :rtype: Response .. py:method:: a_raw_delete(*args: Any, **kwargs: Any) -> httpx.Response :async: Call connection.raw_delete. If auto_refresh is set for *delete* and *access_token* is expired, it will refresh the token and try *delete* once more. :param args: Additional arguments :type args: tuple :param kwargs: Additional keyword arguments :type kwargs: dict :returns: Response :rtype: Response