Package org.keycloak.services.resources.admin

Class ClientResource

  • public class ClientResource
extends Object
    Base resource class for managing one particular client of a realm.
    Version:
    $Revision: 1 $
    Author:
    Bill Burke

    • Field Detail

      • logger

        protected static final org.jboss.logging.Logger logger

      • realm

        protected org.keycloak.models.RealmModel realm

      • client

        protected org.keycloak.models.ClientModel client

      • session

        protected final org.keycloak.models.KeycloakSession session

      • clientConnection

        protected final org.keycloak.common.ClientConnection clientConnection

    • Constructor Detail

      • ClientResource

        public ClientResource​(org.keycloak.models.RealmModel realm,
                      AdminPermissionEvaluator auth,
                      org.keycloak.models.ClientModel clientModel,
                      org.keycloak.models.KeycloakSession session,
                      AdminEventBuilder adminEvent)

    • Method Detail

      • update

        @PUT
@Consumes("application/json")
public javax.ws.rs.core.Response update​(org.keycloak.representations.idm.ClientRepresentation rep)
        Update the client
        Parameters:
        rep -
        Returns:

      • getClient

        @GET
@Produces("application/json")
public org.keycloak.representations.idm.ClientRepresentation getClient()
        Get representation of the client
        Returns:

      • getCertficateResource

        @Path("certificates/{attr}")
public ClientAttributeCertificateResource getCertficateResource​(@PathParam("attr")
                                                                String attributePrefix)
        Get representation of certificate resource
        Parameters:
        attributePrefix -
        Returns:

      • getInstallationProvider

        @GET
@Path("installation/providers/{providerId}")
public javax.ws.rs.core.Response getInstallationProvider​(@PathParam("providerId")
                                                         String providerId)

      • deleteClient

        @DELETE
public void deleteClient()
        Delete the client

      • regenerateSecret

        @Path("client-secret")
@POST
@Produces("application/json")
@Consumes("application/json")
public org.keycloak.representations.idm.CredentialRepresentation regenerateSecret()
        Generate a new secret for the client
        Returns:

      • regenerateRegistrationAccessToken

        @Path("registration-access-token")
@POST
@Produces("application/json")
@Consumes("application/json")
public org.keycloak.representations.idm.ClientRepresentation regenerateRegistrationAccessToken()
        Generate a new registration access token for the client
        Returns:

      • getClientSecret

        @Path("client-secret")
@GET
@Produces("application/json")
public org.keycloak.representations.idm.CredentialRepresentation getClientSecret()
        Get the client secret
        Returns:

      • getScopeMappedResource

        @Path("scope-mappings")
public ScopeMappedResource getScopeMappedResource()
        Base path for managing the scope mappings for the client
        Returns:

      • getDefaultClientScopes

        @GET
@Produces("application/json")
@Path("default-client-scopes")
public Stream<org.keycloak.representations.idm.ClientScopeRepresentation> getDefaultClientScopes()
        Get default client scopes. Only name and ids are returned.
        Returns:

      • addDefaultClientScope

        @PUT
@Path("default-client-scopes/{clientScopeId}")
public void addDefaultClientScope​(@PathParam("clientScopeId")
                                  String clientScopeId)

      • removeDefaultClientScope

        @DELETE
@Path("default-client-scopes/{clientScopeId}")
public void removeDefaultClientScope​(@PathParam("clientScopeId")
                                     String clientScopeId)

      • getOptionalClientScopes

        @GET
@Produces("application/json")
@Path("optional-client-scopes")
public Stream<org.keycloak.representations.idm.ClientScopeRepresentation> getOptionalClientScopes()
        Get optional client scopes. Only name and ids are returned.
        Returns:

      • addOptionalClientScope

        @PUT
@Path("optional-client-scopes/{clientScopeId}")
public void addOptionalClientScope​(@PathParam("clientScopeId")
                                   String clientScopeId)

      • removeOptionalClientScope

        @DELETE
@Path("optional-client-scopes/{clientScopeId}")
public void removeOptionalClientScope​(@PathParam("clientScopeId")
                                      String clientScopeId)

      • getServiceAccountUser

        @Path("service-account-user")
@GET
@Produces("application/json")
public org.keycloak.representations.idm.UserRepresentation getServiceAccountUser()
        Get a user dedicated to the service account
        Returns:

      • pushRevocation

        @Path("push-revocation")
@POST
@Produces("application/json")
public org.keycloak.representations.adapters.action.GlobalRequestResult pushRevocation()
        Push the client's revocation policy to its admin URL If the client has an admin URL, push revocation policy to it.

      • getApplicationSessionCount

        @Path("session-count")
@GET
@Produces("application/json")
public Map<String,​Long> getApplicationSessionCount()
        Get application session count Returns a number of user sessions associated with this client { "count": number }
        Returns:

      • getUserSessions

        @Path("user-sessions")
@GET
@Produces("application/json")
public Stream<org.keycloak.representations.idm.UserSessionRepresentation> getUserSessions​(@QueryParam("first")
                                                                                          Integer firstResult,
                                                                                          @QueryParam("max")
                                                                                          Integer maxResults)
        Get user sessions for client Returns a list of user sessions associated with this client
        Parameters:
        firstResult - Paging offset
        maxResults - Maximum results size (defaults to 100)
        Returns:

      • getOfflineSessionCount

        @Path("offline-session-count")
@GET
@Produces("application/json")
public Map<String,​Long> getOfflineSessionCount()
        Get application offline session count Returns a number of offline user sessions associated with this client { "count": number }
        Returns:

      • getOfflineUserSessions

        @Path("offline-sessions")
@GET
@Produces("application/json")
public Stream<org.keycloak.representations.idm.UserSessionRepresentation> getOfflineUserSessions​(@QueryParam("first")
                                                                                                 Integer firstResult,
                                                                                                 @QueryParam("max")
                                                                                                 Integer maxResults)
        Get offline sessions for client Returns a list of offline user sessions associated with this client
        Parameters:
        firstResult - Paging offset
        maxResults - Maximum results size (defaults to 100)
        Returns:

      • registerNode

        @Path("nodes")
@POST
@Consumes("application/json")
public void registerNode​(Map<String,​String> formParams)
        Register a cluster node with the client Manually register cluster node to this client - usually it's not needed to call this directly as adapter should handle by sending registration request to Keycloak
        Parameters:
        formParams -

      • unregisterNode

        @Path("nodes/{node}")
@DELETE
public void unregisterNode​(@PathParam("node")
                           String node)
        Unregister a cluster node from the client
        Parameters:
        node -

      • testNodesAvailable

        @Path("test-nodes-available")
@GET
@Produces("application/json")
public org.keycloak.representations.adapters.action.GlobalRequestResult testNodesAvailable()
        Test if registered cluster nodes are available Tests availability by sending 'ping' request to all cluster nodes.
        Returns:

      • getManagementPermissions

        @Path("management/permissions")
@GET
@Produces("application/json")
public org.keycloak.representations.idm.ManagementPermissionReference getManagementPermissions()
        Return object stating whether client Authorization permissions have been initialized or not and a reference
        Returns:

      • toMgmtRef

        public static org.keycloak.representations.idm.ManagementPermissionReference toMgmtRef​(org.keycloak.models.ClientModel client,
                                                                                       AdminPermissionManagement permissions)

      • setManagementPermissionsEnabled

        @Path("management/permissions")
@PUT
@Produces("application/json")
@Consumes("application/json")
public org.keycloak.representations.idm.ManagementPermissionReference setManagementPermissionsEnabled​(org.keycloak.representations.idm.ManagementPermissionReference ref)
        Return object stating whether client Authorization permissions have been initialized or not and a reference
        Returns:
        initialized manage permissions reference

      • invalidateRotatedSecret

        @Path("client-secret/rotated")
@DELETE
@Produces("application/json")
@Consumes("application/json")
public javax.ws.rs.core.Response invalidateRotatedSecret()
        Invalidate the rotated secret for the client
        Returns:

      • getClientRotatedSecret

        @Path("client-secret/rotated")
@GET
@Produces("application/json")
public org.keycloak.representations.idm.CredentialRepresentation getClientRotatedSecret()
        Get the rotated client secret
        Returns: