Class ClientResource
java.lang.Object
org.keycloak.services.resources.admin.ClientResource
Base resource class for managing one particular client of a realm.
- Version:
- $Revision: 1 $
- Author:
- Bill Burke
-
Field Summary
Modifier and TypeFieldDescriptionprotected ClientModel
protected final ClientConnection
protected static final org.jboss.logging.Logger
protected RealmModel
protected final KeycloakSession
-
Constructor Summary
ConstructorDescriptionClientResource
(RealmModel realm, AdminPermissionEvaluator auth, ClientModel clientModel, KeycloakSession session, AdminEventBuilder adminEvent) -
Method Summary
Modifier and TypeMethodDescriptionvoid
addDefaultClientScope
(String clientScopeId) void
addOptionalClientScope
(String clientScopeId) void
Delete the clientGet application session count Returns a number of user sessions associated with this client { "count": number }getCertficateResource
(String attributePrefix) Get representation of certificate resourceGet representation of the clientGet the rotated client secretGet the client secretGet default client scopes.jakarta.ws.rs.core.Response
getInstallationProvider
(String providerId) Return object stating whether client Authorization permissions have been initialized or not and a referenceGet application offline session count Returns a number of offline user sessions associated with this client { "count": number }getOfflineUserSessions
(Integer firstResult, Integer maxResults) Get offline sessions for client Returns a list of offline user sessions associated with this clientGet optional client scopes.Base path for managing the scope mappings for the clientGet a user dedicated to the service accountgetUserSessions
(Integer firstResult, Integer maxResults) Get user sessions for client Returns a list of user sessions associated with this clientjakarta.ws.rs.core.Response
Invalidate the rotated secret for the clientPush the client's revocation policy to its admin URL If the client has an admin URL, push revocation policy to it.Generate a new registration access token for the clientGenerate a new secret for the clientvoid
registerNode
(Map<String, String> formParams) Register a cluster node with the client Manually register cluster node to this client - usually it's not needed to call this directly as adapter should handle by sending registration request to Keycloakvoid
removeDefaultClientScope
(String clientScopeId) void
removeOptionalClientScope
(String clientScopeId) Return object stating whether client Authorization permissions have been initialized or not and a referenceTest if registered cluster nodes are available Tests availability by sending 'ping' request to all cluster nodes.void
unregisterNode
(String node) Unregister a cluster node from the clientjakarta.ws.rs.core.Response
Update the client
-
Field Details
-
logger
protected static final org.jboss.logging.Logger logger -
realm
-
client
-
session
-
clientConnection
-
-
Constructor Details
-
ClientResource
public ClientResource(RealmModel realm, AdminPermissionEvaluator auth, ClientModel clientModel, KeycloakSession session, AdminEventBuilder adminEvent)
-
-
Method Details
-
getProtocolMappers
-
update
@PUT @Consumes("application/json") public jakarta.ws.rs.core.Response update(ClientRepresentation rep) Update the client- Parameters:
rep
-- Returns:
-
getClient
Get representation of the client- Returns:
-
getCertficateResource
@Path("certificates/{attr}") public ClientAttributeCertificateResource getCertficateResource(@PathParam("attr") String attributePrefix) Get representation of certificate resource- Parameters:
attributePrefix
-- Returns:
-
getInstallationProvider
@GET @Path("installation/providers/{providerId}") public jakarta.ws.rs.core.Response getInstallationProvider(@PathParam("providerId") String providerId) -
deleteClient
@DELETE public void deleteClient()Delete the client -
regenerateSecret
@Path("client-secret") @POST @Produces("application/json") @Consumes("application/json") public CredentialRepresentation regenerateSecret()Generate a new secret for the client- Returns:
-
regenerateRegistrationAccessToken
@Path("registration-access-token") @POST @Produces("application/json") @Consumes("application/json") public ClientRepresentation regenerateRegistrationAccessToken()Generate a new registration access token for the client- Returns:
-
getClientSecret
@Path("client-secret") @GET @Produces("application/json") public CredentialRepresentation getClientSecret()Get the client secret- Returns:
-
getScopeMappedResource
Base path for managing the scope mappings for the client- Returns:
-
getRoleContainerResource
-
getDefaultClientScopes
@GET @Produces("application/json") @Path("default-client-scopes") public Stream<ClientScopeRepresentation> getDefaultClientScopes()Get default client scopes. Only name and ids are returned.- Returns:
-
addDefaultClientScope
@PUT @Path("default-client-scopes/{clientScopeId}") public void addDefaultClientScope(@PathParam("clientScopeId") String clientScopeId) -
removeDefaultClientScope
@DELETE @Path("default-client-scopes/{clientScopeId}") public void removeDefaultClientScope(@PathParam("clientScopeId") String clientScopeId) -
getOptionalClientScopes
@GET @Produces("application/json") @Path("optional-client-scopes") public Stream<ClientScopeRepresentation> getOptionalClientScopes()Get optional client scopes. Only name and ids are returned.- Returns:
-
addOptionalClientScope
@PUT @Path("optional-client-scopes/{clientScopeId}") public void addOptionalClientScope(@PathParam("clientScopeId") String clientScopeId) -
removeOptionalClientScope
@DELETE @Path("optional-client-scopes/{clientScopeId}") public void removeOptionalClientScope(@PathParam("clientScopeId") String clientScopeId) -
clientScopeEvaluateResource
-
getServiceAccountUser
@Path("service-account-user") @GET @Produces("application/json") public UserRepresentation getServiceAccountUser()Get a user dedicated to the service account- Returns:
-
pushRevocation
@Path("push-revocation") @POST @Produces("application/json") public GlobalRequestResult pushRevocation()Push the client's revocation policy to its admin URL If the client has an admin URL, push revocation policy to it. -
getApplicationSessionCount
@Path("session-count") @GET @Produces("application/json") public Map<String,Long> getApplicationSessionCount()Get application session count Returns a number of user sessions associated with this client { "count": number }- Returns:
-
getUserSessions
@Path("user-sessions") @GET @Produces("application/json") public Stream<UserSessionRepresentation> getUserSessions(@QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResults) Get user sessions for client Returns a list of user sessions associated with this client- Parameters:
firstResult
- Paging offsetmaxResults
- Maximum results size (defaults to 100)- Returns:
-
getOfflineSessionCount
@Path("offline-session-count") @GET @Produces("application/json") public Map<String,Long> getOfflineSessionCount()Get application offline session count Returns a number of offline user sessions associated with this client { "count": number }- Returns:
-
getOfflineUserSessions
@Path("offline-sessions") @GET @Produces("application/json") public Stream<UserSessionRepresentation> getOfflineUserSessions(@QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResults) Get offline sessions for client Returns a list of offline user sessions associated with this client- Parameters:
firstResult
- Paging offsetmaxResults
- Maximum results size (defaults to 100)- Returns:
-
registerNode
@Path("nodes") @POST @Consumes("application/json") public void registerNode(Map<String, String> formParams) Register a cluster node with the client Manually register cluster node to this client - usually it's not needed to call this directly as adapter should handle by sending registration request to Keycloak- Parameters:
formParams
-
-
unregisterNode
Unregister a cluster node from the client- Parameters:
node
-
-
testNodesAvailable
@Path("test-nodes-available") @GET @Produces("application/json") public GlobalRequestResult testNodesAvailable()Test if registered cluster nodes are available Tests availability by sending 'ping' request to all cluster nodes.- Returns:
-
authorization
-
getManagementPermissions
@Path("management/permissions") @GET @Produces("application/json") public ManagementPermissionReference getManagementPermissions()Return object stating whether client Authorization permissions have been initialized or not and a reference- Returns:
-
setManagementPermissionsEnabled
@Path("management/permissions") @PUT @Produces("application/json") @Consumes("application/json") public ManagementPermissionReference setManagementPermissionsEnabled(ManagementPermissionReference ref) Return object stating whether client Authorization permissions have been initialized or not and a reference- Returns:
- initialized manage permissions reference
-
invalidateRotatedSecret
@Path("client-secret/rotated") @DELETE @Produces("application/json") @Consumes("application/json") public jakarta.ws.rs.core.Response invalidateRotatedSecret()Invalidate the rotated secret for the client- Returns:
-
getClientRotatedSecret
@Path("client-secret/rotated") @GET @Produces("application/json") public CredentialRepresentation getClientRotatedSecret()Get the rotated client secret- Returns:
-