Overview
This is a REST API reference for the Keycloak Admin REST API.
OpenAPI Definitions
| The OpenAPI definitions are a feature that is currently in preview. Please provide your feedback by joining this discussion while we’re continuing to work on this. If you find something is outdated or wrong, create a GitHub issue and provide a pull request. |
Resources
Attack Detection
DELETE /admin/realms/{realm}/attack-detection/brute-force/users
Clear any user login failures for all users This can release temporary disabled users
DELETE /admin/realms/{realm}/attack-detection/brute-force/users/{userId}
Clear any user login failures for the user This can release temporary disabled user
Authentication Management
GET /admin/realms/{realm}/authentication/authenticator-providers
Get authenticator providers Returns a stream of authenticator providers.
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[[AnyType]] |
GET /admin/realms/{realm}/authentication/client-authenticator-providers
Get client authenticator providers Returns a stream of client authenticator providers.
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[[AnyType]] |
GET /admin/realms/{realm}/authentication/config-description/{providerId}
Get authenticator provider’s configuration description
DELETE /admin/realms/{realm}/authentication/config/{id}
Delete authenticator configuration
GET /admin/realms/{realm}/authentication/config/{id}
Get authenticator configuration
PUT /admin/realms/{realm}/authentication/config/{id}
Update authenticator configuration
POST /admin/realms/{realm}/authentication/config
Create new authenticator configuration
GET /admin/realms/{realm}/authentication/executions/{executionId}/config/{id}
Get execution’s configuration
POST /admin/realms/{realm}/authentication/executions/{executionId}/config
Update execution with new configuration
GET /admin/realms/{realm}/authentication/executions/{executionId}
Get Single Execution
POST /admin/realms/{realm}/authentication/executions/{executionId}/lower-priority
Lower execution’s priority
POST /admin/realms/{realm}/authentication/executions/{executionId}/raise-priority
Raise execution’s priority
POST /admin/realms/{realm}/authentication/executions
Add new authentication execution
POST /admin/realms/{realm}/authentication/flows/{flowAlias}/copy
Copy existing authentication flow under a new name The new name is given as 'newName' attribute of the passed JSON object
POST /admin/realms/{realm}/authentication/flows/{flowAlias}/executions/execution
Add new authentication execution to a flow
POST /admin/realms/{realm}/authentication/flows/{flowAlias}/executions/flow
Add new flow with new execution to existing flow
GET /admin/realms/{realm}/authentication/flows/{flowAlias}/executions
Get authentication executions for a flow
PUT /admin/realms/{realm}/authentication/flows/{flowAlias}/executions
Update authentication executions of a Flow
GET /admin/realms/{realm}/authentication/flows
Get authentication flows Returns a stream of authentication flows.
GET /admin/realms/{realm}/authentication/flows/{id}
Get authentication flow for id
PUT /admin/realms/{realm}/authentication/flows/{id}
Update an authentication flow
POST /admin/realms/{realm}/authentication/flows
Create a new authentication flow
GET /admin/realms/{realm}/authentication/form-action-providers
Get form action providers Returns a stream of form action providers.
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[[AnyType]] |
GET /admin/realms/{realm}/authentication/form-providers
Get form providers Returns a stream of form providers.
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[[AnyType]] |
GET /admin/realms/{realm}/authentication/per-client-config-description
Get configuration descriptions for all clients
POST /admin/realms/{realm}/authentication/register-required-action
Register a new required actions
DELETE /admin/realms/{realm}/authentication/required-actions/{alias}/config
Delete RequiredAction configuration
GET /admin/realms/{realm}/authentication/required-actions/{alias}/config-description
Get RequiredAction provider configuration description
GET /admin/realms/{realm}/authentication/required-actions/{alias}/config
Get RequiredAction configuration
PUT /admin/realms/{realm}/authentication/required-actions/{alias}/config
Update RequiredAction configuration
DELETE /admin/realms/{realm}/authentication/required-actions/{alias}
Delete required action
GET /admin/realms/{realm}/authentication/required-actions/{alias}
Get required action for alias
POST /admin/realms/{realm}/authentication/required-actions/{alias}/lower-priority
Lower required action’s priority
PUT /admin/realms/{realm}/authentication/required-actions/{alias}
Update required action
POST /admin/realms/{realm}/authentication/required-actions/{alias}/raise-priority
Raise required action’s priority
GET /admin/realms/{realm}/authentication/required-actions
Get required actions Returns a stream of required actions.
GET /admin/realms/{realm}/authentication/unregistered-required-actions
Get unregistered required actions Returns a stream of unregistered required actions.
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[[string]] |
Client Attribute Certificate
POST /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}/download
Get a keystore file for the client, containing private key and public certificate
Parameters
Path Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
realm |
realm name (not id!) |
null |
|
client-uuid |
id of client (not client-id!) |
null |
|
attr |
null |
POST /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}/generate-and-download
Generate a new keypair and certificate, and get the private key file Generates a keypair and certificate and serves the private key in a specified keystore format. Only generated public certificate is saved in Keycloak DB - the private key is not.
Parameters
Path Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
realm |
realm name (not id!) |
null |
|
client-uuid |
id of client (not client-id!) |
null |
|
attr |
null |
POST /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}/generate
Generate a new certificate with new key pair
GET /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}
Get key info
POST /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}/upload-certificate
Upload only certificate, not private key
Client Initial Access
Client Registration Policy
Client Role Mappings
GET /admin/realms/{realm}/groups/{group-id}/role-mappings/clients/{client-id}/available
Get available client-level roles that can be mapped to the user or group
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
GET /admin/realms/{realm}/groups/{group-id}/role-mappings/clients/{client-id}/composite
Get effective client-level role mappings This recurses any composite roles
Parameters
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
DELETE /admin/realms/{realm}/groups/{group-id}/role-mappings/clients/{client-id}
Delete client-level roles from user or group role mapping
GET /admin/realms/{realm}/groups/{group-id}/role-mappings/clients/{client-id}
Get client-level role mappings for the user or group, and the app
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
POST /admin/realms/{realm}/groups/{group-id}/role-mappings/clients/{client-id}
Add client-level roles to the user or group role mapping
GET /admin/realms/{realm}/users/{user-id}/role-mappings/clients/{client-id}/available
Get available client-level roles that can be mapped to the user or group
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
GET /admin/realms/{realm}/users/{user-id}/role-mappings/clients/{client-id}/composite
Get effective client-level role mappings This recurses any composite roles
Parameters
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
DELETE /admin/realms/{realm}/users/{user-id}/role-mappings/clients/{client-id}
Delete client-level roles from user or group role mapping
GET /admin/realms/{realm}/users/{user-id}/role-mappings/clients/{client-id}
Get client-level role mappings for the user or group, and the app
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
POST /admin/realms/{realm}/users/{user-id}/role-mappings/clients/{client-id}
Add client-level roles to the user or group role mapping
Client Scopes
GET /admin/realms/{realm}/client-scopes/{client-scope-id}
Get representation of the client scope
PUT /admin/realms/{realm}/client-scopes/{client-scope-id}
Update the client scope
GET /admin/realms/{realm}/client-scopes
Get client scopes belonging to the realm Returns a list of client scopes belonging to the realm
POST /admin/realms/{realm}/client-scopes
Create a new client scope Client Scope’s name must be unique!
GET /admin/realms/{realm}/client-templates/{client-scope-id}
Get representation of the client scope
PUT /admin/realms/{realm}/client-templates/{client-scope-id}
Update the client scope
GET /admin/realms/{realm}/client-templates
Get client scopes belonging to the realm Returns a list of client scopes belonging to the realm
Clients
GET /admin/realms/{realm}/clients/{client-uuid}/client-secret
Get the client secret
POST /admin/realms/{realm}/clients/{client-uuid}/client-secret
Generate a new secret for the client
DELETE /admin/realms/{realm}/clients/{client-uuid}/client-secret/rotated
Invalidate the rotated secret for the client
GET /admin/realms/{realm}/clients/{client-uuid}/client-secret/rotated
Get the rotated client secret
GET /admin/realms/{realm}/clients/{client-uuid}/default-client-scopes
Get default client scopes. Only name and ids are returned.
GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-access-token
Create JSON with payload of example access token
Parameters
GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-id-token
Create JSON with payload of example id token
Parameters
GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-userinfo
Create JSON with payload of example user info
Parameters
GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/protocol-mappers
Return list of all protocol mappers, which will be used when generating tokens issued for particular client.
Description
This means protocol mappers assigned to this client directly and protocol mappers assigned to all client scopes of this client.
Parameters
GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/scope-mappings/{roleContainerId}/granted
Get effective scope mapping of all roles of particular role container, which this client is defacto allowed to have in the accessToken issued for him.
Description
This contains scope mappings, which this client has directly, as well as scope mappings, which are granted to all client scopes, which are linked with this client.
Parameters
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[RoleRepresentation] |
|
403 |
Forbidden |
<<>> |
GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/scope-mappings/{roleContainerId}/not-granted
Get roles, which this client doesn’t have scope for and can’t have them in the accessToken issued for him.
Description
Defacto all the other roles of particular role container, which are not in {@link #getGrantedScopeMappings()}
Parameters
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[RoleRepresentation] |
|
403 |
Forbidden |
<<>> |
GET /admin/realms/{realm}/clients/{client-uuid}
Get representation of the client
GET /admin/realms/{realm}/clients/{client-uuid}/management/permissions
Return object stating whether client Authorization permissions have been initialized or not and a reference
PUT /admin/realms/{realm}/clients/{client-uuid}/management/permissions
Return object stating whether client Authorization permissions have been initialized or not and a reference
Parameters
Path Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
realm |
realm name (not id!) |
null |
|
client-uuid |
id of client (not client-id!) |
null |
DELETE /admin/realms/{realm}/clients/{client-uuid}/nodes/{node}
Unregister a cluster node from the client
POST /admin/realms/{realm}/clients/{client-uuid}/nodes
Register a cluster node with the client Manually register cluster node to this client - usually it’s not needed to call this directly as adapter should handle by sending registration request to Keycloak
GET /admin/realms/{realm}/clients/{client-uuid}/offline-session-count
Get application offline session count Returns a number of offline user sessions associated with this client { \"count\": number }
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
Map[[long]] |
GET /admin/realms/{realm}/clients/{client-uuid}/offline-sessions
Get offline sessions for client Returns a list of offline user sessions associated with this client
Parameters
DELETE /admin/realms/{realm}/clients/{client-uuid}/optional-client-scopes/{clientScopeId}
GET /admin/realms/{realm}/clients/{client-uuid}/optional-client-scopes
Get optional client scopes. Only name and ids are returned.
POST /admin/realms/{realm}/clients/{client-uuid}/push-revocation
Push the client’s revocation policy to its admin URL If the client has an admin URL, push revocation policy to it.
PUT /admin/realms/{realm}/clients/{client-uuid}
Update the client
POST /admin/realms/{realm}/clients/{client-uuid}/registration-access-token
Generate a new registration access token for the client
GET /admin/realms/{realm}/clients/{client-uuid}/service-account-user
Get a user dedicated to the service account
GET /admin/realms/{realm}/clients/{client-uuid}/session-count
Get application session count Returns a number of user sessions associated with this client { \"count\": number }
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
Map[[long]] |
GET /admin/realms/{realm}/clients/{client-uuid}/test-nodes-available
Test if registered cluster nodes are available Tests availability by sending 'ping' request to all cluster nodes.
GET /admin/realms/{realm}/clients/{client-uuid}/user-sessions
Get user sessions for client Returns a list of user sessions associated with this client
Parameters
GET /admin/realms/{realm}/clients
Get clients belonging to the realm.
Description
If a client can’t be retrieved from the storage due to a problem with the underlying storage, it is silently removed from the returned list. This ensures that concurrent modifications to the list don’t prevent callers from retrieving this list.
Parameters
Query Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
clientId |
filter by clientId |
null |
|
first |
the first result |
null |
|
max |
the max results to return |
null |
|
q |
null |
||
search |
whether this is a search query or a getClientById query |
false |
|
viewableOnly |
filter clients that cannot be viewed in full by admin |
false |
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[ClientRepresentation] |
Component
GET /admin/realms/{realm}/components
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[ComponentRepresentation] |
PUT /admin/realms/{realm}/components/{id}
GET /admin/realms/{realm}/components/{id}/sub-component-types
List of subcomponent types that are available to configure for a particular parent component.
Parameters
default
GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server
POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/import
POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/permission/evaluate
Parameters
Path Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
realm |
realm name (not id!) |
null |
|
client-uuid |
id of client (not client-id!) |
null |
GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/permission
Parameters
POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/permission
GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/permission/providers
GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/permission/search
Parameters
POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/policy/evaluate
Parameters
Path Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
realm |
realm name (not id!) |
null |
|
client-uuid |
id of client (not client-id!) |
null |
GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/policy
Parameters
POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/policy
GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/policy/providers
GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/policy/search
Parameters
PUT /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server
GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource
Parameters
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[ResourceRepresentation] |
POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource
Parameters
Path Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
realm |
realm name (not id!) |
null |
|
client-uuid |
id of client (not client-id!) |
null |
GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource/{resource-id}/attributes
DELETE /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource/{resource-id}
GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource/{resource-id}
Parameters
GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource/{resource-id}/permissions
Parameters
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[PolicyRepresentation] |
404 |
Not found |
<<>> |
PUT /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource/{resource-id}
GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource/{resource-id}/scopes
Parameters
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[ScopeRepresentation] |
404 |
Not found |
<<>> |
GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource/search
Parameters
GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope
Parameters
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[ScopeRepresentation] |
POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope
DELETE /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/{scope-id}
GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/{scope-id}
GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/{scope-id}/permissions
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[PolicyRepresentation] |
404 |
Not found |
<<>> |
PUT /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/{scope-id}
GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/{scope-id}/resources
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[ResourceRepresentation] |
404 |
Not found |
<<>> |
GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/search
Parameters
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[ScopeRepresentation] |
204 |
No Content |
<<>> |
400 |
Bad Request |
<<>> |
Groups
GET /admin/realms/{realm}/groups/count
Returns the groups counts.
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
Map[[long]] |
GET /admin/realms/{realm}/groups
Get group hierarchy. Only name and id are returned. subGroups are only returned when using the search or q parameter. If none of these parameters is provided, the top-level groups are returned without subGroups being filled.
Parameters
Query Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
briefRepresentation |
true |
||
exact |
false |
||
first |
null |
||
max |
null |
||
populateHierarchy |
true |
||
q |
null |
||
search |
null |
||
subGroupsCount |
Boolean which defines whether to return the count of subgroups for each group (default: true |
true |
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[GroupRepresentation] |
GET /admin/realms/{realm}/groups/{group-id}/children
Return a paginated list of subgroups that have a parent group corresponding to the group on the URL
Parameters
Path Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
realm |
realm name (not id!) |
null |
|
group-id |
null |
Query Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
briefRepresentation |
Boolean which defines whether brief groups representations are returned or not (default: false) |
false |
|
exact |
Boolean which defines whether the params "search" must match exactly or not |
null |
|
first |
The position of the first result to be returned (pagination offset). |
null |
|
max |
The maximum number of results that are to be returned. Defaults to 10 |
null |
|
search |
A String representing either an exact group name or a partial name |
null |
|
subGroupsCount |
Boolean which defines whether to return the count of subgroups for each subgroup of this group (default: true |
true |
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[GroupRepresentation] |
POST /admin/realms/{realm}/groups/{group-id}/children
Set or create child.
Description
This will just set the parent if it exists. Create it and set the parent if the group doesn’t exist.
GET /admin/realms/{realm}/groups/{group-id}/management/permissions
Return object stating whether client Authorization permissions have been initialized or not and a reference
PUT /admin/realms/{realm}/groups/{group-id}/management/permissions
Return object stating whether client Authorization permissions have been initialized or not and a reference
Parameters
Path Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
realm |
realm name (not id!) |
null |
|
group-id |
null |
GET /admin/realms/{realm}/groups/{group-id}/members
Get users Returns a stream of users, filtered according to query parameters
Parameters
Path Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
realm |
realm name (not id!) |
null |
|
group-id |
null |
Query Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
briefRepresentation |
Only return basic information (only guaranteed to return id, username, created, first and last name, email, enabled state, email verification state, federation link, and access. Note that it means that namely user attributes, required actions, and not before are not returned.) |
null |
|
first |
Pagination offset |
null |
|
max |
Maximum results size (defaults to 100) |
null |
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[UserRepresentation] |
PUT /admin/realms/{realm}/groups/{group-id}
Update group, ignores subgroups.
POST /admin/realms/{realm}/groups
create or add a top level realm groupSet or create child.
Description
This will update the group and set the parent if it exists. Create it and set the parent if the group doesn’t exist.
Identity Providers
POST /admin/realms/{realm}/identity-provider/import-config
Import identity provider from JSON body
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
Map[[string]] |
DELETE /admin/realms/{realm}/identity-provider/instances/{alias}
Delete the identity provider
GET /admin/realms/{realm}/identity-provider/instances/{alias}/export
Export public broker configuration for identity provider
GET /admin/realms/{realm}/identity-provider/instances/{alias}
Get the identity provider
GET /admin/realms/{realm}/identity-provider/instances/{alias}/management/permissions
Return object stating whether client Authorization permissions have been initialized or not and a reference
PUT /admin/realms/{realm}/identity-provider/instances/{alias}/management/permissions
Return object stating whether client Authorization permissions have been initialized or not and a reference
Parameters
Path Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
realm |
realm name (not id!) |
null |
|
alias |
null |
GET /admin/realms/{realm}/identity-provider/instances/{alias}/mapper-types
Get mapper types for identity provider
GET /admin/realms/{realm}/identity-provider/instances/{alias}/mappers
Get mappers for identity provider
DELETE /admin/realms/{realm}/identity-provider/instances/{alias}/mappers/{id}
Delete a mapper for the identity provider
GET /admin/realms/{realm}/identity-provider/instances/{alias}/mappers/{id}
Get mapper by id for the identity provider
PUT /admin/realms/{realm}/identity-provider/instances/{alias}/mappers/{id}
Update a mapper for the identity provider
POST /admin/realms/{realm}/identity-provider/instances/{alias}/mappers
Add a mapper to identity provider
PUT /admin/realms/{realm}/identity-provider/instances/{alias}
Update the identity provider
GET /admin/realms/{realm}/identity-provider/instances/{alias}/reload-keys
Reaload keys for the identity provider if the provider supports it, \"true\" is returned if reload was performed, \"false\" if not.
GET /admin/realms/{realm}/identity-provider/instances
List identity providers
Parameters
Query Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
briefRepresentation |
Boolean which defines whether brief representations are returned (default: false) |
null |
|
first |
Pagination offset |
null |
|
max |
Maximum results size (defaults to 100) |
null |
|
realmOnly |
Boolean which defines if only realm-level IDPs (not associated with orgs) should be returned (default: false) |
null |
|
search |
Filter specific providers by name. Search can be prefix (name*), contains (name) or exact ("name"). Default prefixed. |
null |
POST /admin/realms/{realm}/identity-provider/instances
Create a new identity provider
Organizations
GET /admin/realms/{realm}/organizations/count
Returns the organizations counts.
Parameters
Query Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
exact |
Boolean which defines whether the param 'search' must match exactly or not |
null |
|
q |
A query to search for custom attributes, in the format 'key1:value2 key2:value2' |
null |
|
search |
A String representing either an organization name or domain |
null |
GET /admin/realms/{realm}/organizations
Returns a paginated list of organizations filtered according to the specified parameters
Parameters
Query Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
briefRepresentation |
if false, return the full representation. Otherwise, only the basic fields are returned. |
true |
|
exact |
Boolean which defines whether the param 'search' must match exactly or not |
null |
|
first |
The position of the first result to be processed (pagination offset) |
null |
|
max |
The maximum number of results to be returned - defaults to 10 |
null |
|
q |
A query to search for custom attributes, in the format 'key1:value2 key2:value2' |
null |
|
search |
A String representing either an organization name or domain |
null |
GET /admin/realms/{realm}/organizations/members/{member-id}/organizations
Returns the organizations associated with the user that has the specified id
Parameters
GET /admin/realms/{realm}/organizations/{org-id}
Returns the organization representation
DELETE /admin/realms/{realm}/organizations/{org-id}/identity-providers/{alias}
Removes the identity provider with the specified alias from the organization
Description
Breaks the association between the identity provider and the organization. The provider itself is not deleted. If no provider is found, or if it is not currently associated with the org, an error response is returned
GET /admin/realms/{realm}/organizations/{org-id}/identity-providers/{alias}
Returns the identity provider associated with the organization that has the specified alias
Description
Searches for an identity provider with the given alias. If one is found and is associated with the organization, it is returned. Otherwise, an error response with status NOT_FOUND is returned
GET /admin/realms/{realm}/organizations/{org-id}/identity-providers
Returns all identity providers associated with the organization
POST /admin/realms/{realm}/organizations/{org-id}/identity-providers
Adds the identity provider with the specified id to the organization
Description
Adds, or associates, an existing identity provider with the organization. If no identity provider is found, or if it is already associated with the organization, an error response is returned
Parameters
Path Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
realm |
realm name (not id!) |
null |
|
org-id |
null |
Body Parameter
| Name | Description | Default | Pattern |
|---|---|---|---|
body |
Payload should contain only id or alias of the identity provider to be associated with the organization (id or alias with or without quotes). Surrounding whitespace characters will be trimmed. [string] |
GET /admin/realms/{realm}/organizations/{org-id}/members/count
Returns number of members in the organization.
GET /admin/realms/{realm}/organizations/{org-id}/members
Returns a paginated list of organization members filtered according to the specified parameters
Parameters
Path Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
realm |
realm name (not id!) |
null |
|
org-id |
null |
Query Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
exact |
Boolean which defines whether the param 'search' must match exactly or not |
null |
|
first |
The position of the first result to be processed (pagination offset) |
null |
|
max |
The maximum number of results to be returned. Defaults to 10 |
null |
|
membershipType |
The membership type |
null |
|
search |
A String representing either a member's username, e-mail, first name, or last name. |
null |
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[MemberRepresentation] |
POST /admin/realms/{realm}/organizations/{org-id}/members/invite-existing-user
Invites an existing user to the organization, using the specified user id
POST /admin/realms/{realm}/organizations/{org-id}/members/invite-user
Invites an existing user or sends a registration link to a new user, based on the provided e-mail address.
Description
If the user with the given e-mail address exists, it sends an invitation link, otherwise it sends a registration link.
DELETE /admin/realms/{realm}/organizations/{org-id}/members/{member-id}
Removes the user with the specified id from the organization
Description
Breaks the association between the user and organization. The user itself is deleted in case the membership is managed, otherwise the user is not deleted. If no user is found, or if they are not a member of the organization, an error response is returned
GET /admin/realms/{realm}/organizations/{org-id}/members/{member-id}
Returns the member of the organization with the specified id
Description
Searches for auser with the given id. If one is found, and is currently a member of the organization, returns it. Otherwise,an error response with status NOT_FOUND is returned
GET /admin/realms/{realm}/organizations/{org-id}/members/{member-id}/organizations
Returns the organizations associated with the user that has the specified id
Parameters
POST /admin/realms/{realm}/organizations/{org-id}/members
Adds the user with the specified id as a member of the organization
Description
Adds, or associates, an existing user with the organization. If no user is found, or if it is already associated with the organization, an error response is returned
Parameters
Path Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
realm |
realm name (not id!) |
null |
|
org-id |
null |
Body Parameter
| Name | Description | Default | Pattern |
|---|---|---|---|
body |
Payload should contain only id of the user to be added to the organization (UUID with or without quotes). Surrounding whitespace characters will be trimmed. [string] |
PUT /admin/realms/{realm}/organizations/{org-id}
Updates the organization
Protocol Mappers
POST /admin/realms/{realm}/client-scopes/{client-scope-id}/protocol-mappers/add-models
Create multiple mappers
GET /admin/realms/{realm}/client-scopes/{client-scope-id}/protocol-mappers/models
Get mappers
DELETE /admin/realms/{realm}/client-scopes/{client-scope-id}/protocol-mappers/models/{id}
Delete the mapper
GET /admin/realms/{realm}/client-scopes/{client-scope-id}/protocol-mappers/models/{id}
Get mapper by id
PUT /admin/realms/{realm}/client-scopes/{client-scope-id}/protocol-mappers/models/{id}
Update the mapper
POST /admin/realms/{realm}/client-scopes/{client-scope-id}/protocol-mappers/models
Create a mapper
GET /admin/realms/{realm}/client-scopes/{client-scope-id}/protocol-mappers/protocol/{protocol}
Get mappers by name for a specific protocol
POST /admin/realms/{realm}/client-templates/{client-scope-id}/protocol-mappers/add-models
Create multiple mappers
GET /admin/realms/{realm}/client-templates/{client-scope-id}/protocol-mappers/models
Get mappers
DELETE /admin/realms/{realm}/client-templates/{client-scope-id}/protocol-mappers/models/{id}
Delete the mapper
GET /admin/realms/{realm}/client-templates/{client-scope-id}/protocol-mappers/models/{id}
Get mapper by id
PUT /admin/realms/{realm}/client-templates/{client-scope-id}/protocol-mappers/models/{id}
Update the mapper
POST /admin/realms/{realm}/client-templates/{client-scope-id}/protocol-mappers/models
Create a mapper
GET /admin/realms/{realm}/client-templates/{client-scope-id}/protocol-mappers/protocol/{protocol}
Get mappers by name for a specific protocol
POST /admin/realms/{realm}/clients/{client-uuid}/protocol-mappers/add-models
Create multiple mappers
GET /admin/realms/{realm}/clients/{client-uuid}/protocol-mappers/models
Get mappers
DELETE /admin/realms/{realm}/clients/{client-uuid}/protocol-mappers/models/{id}
Delete the mapper
GET /admin/realms/{realm}/clients/{client-uuid}/protocol-mappers/models/{id}
Get mapper by id
PUT /admin/realms/{realm}/clients/{client-uuid}/protocol-mappers/models/{id}
Update the mapper
POST /admin/realms/{realm}/clients/{client-uuid}/protocol-mappers/models
Create a mapper
Realms Admin
GET /admin/realms
Get accessible realms Returns a list of accessible realms. The list is filtered based on what realms the caller is allowed to view.
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RealmRepresentation] |
403 |
Forbidden |
<<>> |
POST /admin/realms
Import a realm. Imports a realm from a full representation of that realm.
GET /admin/realms/{realm}/admin-events
Get admin events Returns all admin events, or filters events based on URL query parameters listed here
Parameters
Query Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
authClient |
null |
||
authIpAddress |
null |
||
authRealm |
null |
||
authUser |
user id |
null |
|
dateFrom |
From (inclusive) date (yyyy-MM-dd) or time in Epoch timestamp millis (number of milliseconds since January 1, 1970, 00:00:00 GMT) |
null |
|
dateTo |
To (inclusive) date (yyyy-MM-dd) or time in Epoch timestamp millis (number of milliseconds since January 1, 1970, 00:00:00 GMT) |
null |
|
direction |
The direction to sort events by (asc or desc) |
null |
|
first |
null |
||
max |
Maximum results size (defaults to 100) |
null |
|
operationTypes |
null |
||
resourcePath |
null |
||
resourceTypes |
null |
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[AdminEventRepresentation] |
400 |
Bad Request |
<<>> |
403 |
Forbidden |
<<>> |
POST /admin/realms/{realm}/client-description-converter
Base path for importing clients under this realm.
GET /admin/realms/{realm}/client-policies/policies
PUT /admin/realms/{realm}/client-policies/policies
GET /admin/realms/{realm}/client-policies/profiles
PUT /admin/realms/{realm}/client-policies/profiles
GET /admin/realms/{realm}/client-session-stats
Get client session stats Returns a JSON map.
Description
The key is the client id, the value is the number of sessions that currently are active with that client. Only clients that actually have a session associated with them will be in this map.
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[[string]] |
403 |
Forbidden |
<<>> |
GET /admin/realms/{realm}/client-types
List all client types available in the current realm
Description
This endpoint returns a list of both global and realm level client types and the attributes they set
PUT /admin/realms/{realm}/client-types
Update a client type
GET /admin/realms/{realm}/credential-registrators
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[[string]] |
403 |
Forbidden |
<<>> |
GET /admin/realms/{realm}/default-default-client-scopes
Get realm default client scopes. Only name and ids are returned.
GET /admin/realms/{realm}/default-groups
Get group hierarchy. Only name and ids are returned.
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[GroupRepresentation] |
403 |
Forbidden |
<<>> |
GET /admin/realms/{realm}/default-optional-client-scopes
Get realm optional client scopes. Only name and ids are returned.
GET /admin/realms/{realm}/events/config
Get the events provider configuration Returns JSON object with events provider configuration
PUT /admin/realms/{realm}/events/config
GET /admin/realms/{realm}/events
Get events Returns all events, or filters them based on URL query parameters listed here
Parameters
Query Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
client |
App or oauth client name |
null |
|
dateFrom |
From (inclusive) date (yyyy-MM-dd) or time in Epoch timestamp millis (number of milliseconds since January 1, 1970, 00:00:00 GMT) |
null |
|
dateTo |
To (inclusive) date (yyyy-MM-dd) or time in Epoch timestamp millis (number of milliseconds since January 1, 1970, 00:00:00 GMT) |
null |
|
direction |
The direction to sort events by (asc or desc) |
null |
|
first |
Paging offset |
null |
|
ipAddress |
IP Address |
null |
|
max |
Maximum results size (defaults to 100) |
null |
|
type |
The types of events to return [String] |
null |
|
user |
User id |
null |
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[EventRepresentation] |
400 |
Bad Request |
<<>> |
403 |
Forbidden |
<<>> |
GET /admin/realms/{realm}
Get the top-level representation of the realm It will not include nested information like User and Client representations.
GET /admin/realms/{realm}/group-by-path/{path}
GET /admin/realms/{realm}/localization
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[[string]] |
403 |
Forbidden |
<<>> |
GET /admin/realms/{realm}/localization/{locale}
Parameters
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
Map[[string]] |
403 |
Forbidden |
<<>> |
GET /admin/realms/{realm}/localization/{locale}/{key}
PUT /admin/realms/{realm}/localization/{locale}/{key}
POST /admin/realms/{realm}/localization/{locale}
Import localization from uploaded JSON file
POST /admin/realms/{realm}/logout-all
Removes all user sessions.
Description
Any client that has an admin url will also be told to invalidate any sessions they have.
POST /admin/realms/{realm}/partial-export
Partial export of existing realm into a JSON file.
POST /admin/realms/{realm}/partialImport
Partial import from a JSON file to an existing realm.
POST /admin/realms/{realm}/push-revocation
Push the realm’s revocation policy to any client that has an admin url associated with it.
PUT /admin/realms/{realm}
Update the top-level information of the realm Any user, roles or client information in the representation will be ignored.
DELETE /admin/realms/{realm}/sessions/{session}
Remove a specific user session.
Description
Any client that has an admin url will also be told to invalidate this particular session.
POST /admin/realms/{realm}/testSMTPConnection
Test SMTP connection with current logged in user
GET /admin/realms/{realm}/users-management-permissions
Role Mapper
GET /admin/realms/{realm}/groups/{group-id}/role-mappings
Get role mappings
GET /admin/realms/{realm}/groups/{group-id}/role-mappings/realm/available
Get realm-level roles that can be mapped
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[RoleRepresentation] |
|
403 |
Forbidden |
<<>> |
GET /admin/realms/{realm}/groups/{group-id}/role-mappings/realm/composite
Get effective realm-level role mappings This will recurse all composite roles to get the result.
Parameters
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[RoleRepresentation] |
|
403 |
Forbidden |
<<>> |
DELETE /admin/realms/{realm}/groups/{group-id}/role-mappings/realm
Delete realm-level role mappings
GET /admin/realms/{realm}/groups/{group-id}/role-mappings/realm
Get realm-level role mappings
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[RoleRepresentation] |
|
403 |
Forbidden |
<<>> |
POST /admin/realms/{realm}/groups/{group-id}/role-mappings/realm
Add realm-level role mappings to the user
GET /admin/realms/{realm}/users/{user-id}/role-mappings
Get role mappings
GET /admin/realms/{realm}/users/{user-id}/role-mappings/realm/available
Get realm-level roles that can be mapped
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[RoleRepresentation] |
|
403 |
Forbidden |
<<>> |
GET /admin/realms/{realm}/users/{user-id}/role-mappings/realm/composite
Get effective realm-level role mappings This will recurse all composite roles to get the result.
Parameters
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[RoleRepresentation] |
|
403 |
Forbidden |
<<>> |
DELETE /admin/realms/{realm}/users/{user-id}/role-mappings/realm
Delete realm-level role mappings
GET /admin/realms/{realm}/users/{user-id}/role-mappings/realm
Get realm-level role mappings
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[RoleRepresentation] |
|
403 |
Forbidden |
<<>> |
POST /admin/realms/{realm}/users/{user-id}/role-mappings/realm
Add realm-level role mappings to the user
Roles
GET /admin/realms/{realm}/clients/{client-uuid}/roles
Get all roles for the realm or client
Parameters
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[RoleRepresentation] |
|
403 |
Forbidden |
<<>> |
POST /admin/realms/{realm}/clients/{client-uuid}/roles
Create a new role for the realm or client
GET /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/composites/clients/{client-uuid}
Get client-level roles for the client that are in the role’s composite
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[RoleRepresentation] |
|
403 |
Forbidden |
<<>> |
404 |
Not Found |
<<>> |
DELETE /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/composites
Remove roles from the role’s composite
GET /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/composites
Get composites of the role
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[RoleRepresentation] |
|
403 |
Forbidden |
<<>> |
404 |
Not Found |
<<>> |
POST /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/composites
Add a composite to the role
GET /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/composites/realm
Get realm-level roles of the role’s composite
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[RoleRepresentation] |
|
403 |
Forbidden |
<<>> |
404 |
Not Found |
<<>> |
DELETE /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}
Delete a role by name
GET /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}
Get a role by name
GET /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/groups
Returns a stream of groups that have the specified role name
Parameters
Path Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
realm |
realm name (not id!) |
null |
|
client-uuid |
id of client (not client-id!) |
null |
|
role-name |
the role name. |
null |
Query Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
briefRepresentation |
if false, return a full representation of the {@code GroupRepresentation} objects. |
true |
|
first |
first result to return. Ignored if negative or {@code null}. |
null |
|
max |
maximum number of results to return. Ignored if negative or {@code null}. |
null |
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[UserRepresentation] |
|
403 |
Forbidden |
<<>> |
404 |
Not Found |
<<>> |
GET /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/management/permissions
Return object stating whether role Authorization permissions have been initialized or not and a reference
PUT /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/management/permissions
Return object stating whether role Authorization permissions have been initialized or not and a reference
Parameters
Path Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
realm |
realm name (not id!) |
null |
|
client-uuid |
id of client (not client-id!) |
null |
|
role-name |
null |
PUT /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}
Update a role by name
GET /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/users
Returns a stream of users that have the specified role name.
Parameters
Path Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
realm |
realm name (not id!) |
null |
|
client-uuid |
id of client (not client-id!) |
null |
|
role-name |
the role name. |
null |
Query Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
briefRepresentation |
Boolean which defines whether brief representations are returned (default: false) |
null |
|
first |
first result to return. Ignored if negative or {@code null}. |
null |
|
max |
maximum number of results to return. Ignored if negative or {@code null}. |
null |
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[UserRepresentation] |
|
403 |
Forbidden |
<<>> |
404 |
Not Found |
<<>> |
GET /admin/realms/{realm}/roles
Get all roles for the realm or client
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[RoleRepresentation] |
|
403 |
Forbidden |
<<>> |
POST /admin/realms/{realm}/roles
Create a new role for the realm or client
GET /admin/realms/{realm}/roles/{role-name}/composites/clients/{client-uuid}
Get client-level roles for the client that are in the role’s composite
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[RoleRepresentation] |
|
403 |
Forbidden |
<<>> |
404 |
Not Found |
<<>> |
DELETE /admin/realms/{realm}/roles/{role-name}/composites
Remove roles from the role’s composite
GET /admin/realms/{realm}/roles/{role-name}/composites
Get composites of the role
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[RoleRepresentation] |
|
403 |
Forbidden |
<<>> |
404 |
Not Found |
<<>> |
POST /admin/realms/{realm}/roles/{role-name}/composites
Add a composite to the role
GET /admin/realms/{realm}/roles/{role-name}/composites/realm
Get realm-level roles of the role’s composite
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[RoleRepresentation] |
|
403 |
Forbidden |
<<>> |
404 |
Not Found |
<<>> |
GET /admin/realms/{realm}/roles/{role-name}
Get a role by name
GET /admin/realms/{realm}/roles/{role-name}/groups
Returns a stream of groups that have the specified role name
Parameters
Path Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
realm |
realm name (not id!) |
null |
|
role-name |
the role name. |
null |
Query Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
briefRepresentation |
if false, return a full representation of the {@code GroupRepresentation} objects. |
true |
|
first |
first result to return. Ignored if negative or {@code null}. |
null |
|
max |
maximum number of results to return. Ignored if negative or {@code null}. |
null |
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[UserRepresentation] |
|
403 |
Forbidden |
<<>> |
404 |
Not Found |
<<>> |
GET /admin/realms/{realm}/roles/{role-name}/management/permissions
Return object stating whether role Authorization permissions have been initialized or not and a reference
PUT /admin/realms/{realm}/roles/{role-name}/management/permissions
Return object stating whether role Authorization permissions have been initialized or not and a reference
Parameters
Path Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
realm |
realm name (not id!) |
null |
|
role-name |
null |
PUT /admin/realms/{realm}/roles/{role-name}
Update a role by name
GET /admin/realms/{realm}/roles/{role-name}/users
Returns a stream of users that have the specified role name.
Parameters
Path Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
realm |
realm name (not id!) |
null |
|
role-name |
the role name. |
null |
Query Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
briefRepresentation |
Boolean which defines whether brief representations are returned (default: false) |
null |
|
first |
first result to return. Ignored if negative or {@code null}. |
null |
|
max |
maximum number of results to return. Ignored if negative or {@code null}. |
null |
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[UserRepresentation] |
|
403 |
Forbidden |
<<>> |
404 |
Not Found |
<<>> |
Roles (by ID)
GET /admin/realms/{realm}/roles-by-id/{role-id}/composites/clients/{clientUuid}
Get client-level roles for the client that are in the role’s composite
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[RoleRepresentation] |
|
403 |
Forbidden |
<<>> |
404 |
Not Found |
<<>> |
DELETE /admin/realms/{realm}/roles-by-id/{role-id}/composites
Remove a set of roles from the role’s composite
GET /admin/realms/{realm}/roles-by-id/{role-id}/composites
Get role’s children Returns a set of role’s children provided the role is a composite.
Parameters
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[RoleRepresentation] |
|
403 |
Forbidden |
<<>> |
POST /admin/realms/{realm}/roles-by-id/{role-id}/composites
Make the role a composite role by associating some child roles
GET /admin/realms/{realm}/roles-by-id/{role-id}/composites/realm
Get realm-level roles that are in the role’s composite
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
List[RoleRepresentation] |
|
403 |
Forbidden |
<<>> |
GET /admin/realms/{realm}/roles-by-id/{role-id}
Get a specific role’s representation
GET /admin/realms/{realm}/roles-by-id/{role-id}/management/permissions
Return object stating whether role Authorization permissions have been initialized or not and a reference
PUT /admin/realms/{realm}/roles-by-id/{role-id}/management/permissions
Return object stating whether role Authorization permissions have been initialized or not and a reference
Parameters
Path Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
realm |
realm name (not id!) |
null |
|
role-id |
null |
Scope Mappings
GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/clients/{client}/available
The available client-level roles Returns the roles for the client that can be associated with the client’s scope
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/clients/{client}/composite
Get effective client roles Returns the roles for the client that are associated with the client’s scope.
Parameters
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
DELETE /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/clients/{client}
Remove client-level roles from the client’s scope.
GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/clients/{client}
Get the roles associated with a client’s scope Returns roles for the client.
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
POST /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/clients/{client}
Add client-level roles to the client’s scope
GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings
Get all scope mappings for the client
GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm/available
Get realm-level roles that are available to attach to this client’s scope
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm/composite
Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists.
Description
The method is really to show a comprehensive total view of realm-level roles associated with the client.
Parameters
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
DELETE /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm
Remove a set of realm-level roles from the client’s scope
GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm
Get realm-level roles associated with the client’s scope
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
POST /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm
Add a set of realm-level roles to the client’s scope
GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/clients/{client}/available
The available client-level roles Returns the roles for the client that can be associated with the client’s scope
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/clients/{client}/composite
Get effective client roles Returns the roles for the client that are associated with the client’s scope.
Parameters
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
DELETE /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/clients/{client}
Remove client-level roles from the client’s scope.
GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/clients/{client}
Get the roles associated with a client’s scope Returns roles for the client.
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
POST /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/clients/{client}
Add client-level roles to the client’s scope
GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings
Get all scope mappings for the client
GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/realm/available
Get realm-level roles that are available to attach to this client’s scope
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/realm/composite
Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists.
Description
The method is really to show a comprehensive total view of realm-level roles associated with the client.
Parameters
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
DELETE /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/realm
Remove a set of realm-level roles from the client’s scope
GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/realm
Get realm-level roles associated with the client’s scope
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
POST /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/realm
Add a set of realm-level roles to the client’s scope
GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/clients/{client}/available
The available client-level roles Returns the roles for the client that can be associated with the client’s scope
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/clients/{client}/composite
Get effective client roles Returns the roles for the client that are associated with the client’s scope.
Parameters
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
DELETE /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/clients/{client}
Remove client-level roles from the client’s scope.
GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/clients/{client}
Get the roles associated with a client’s scope Returns roles for the client.
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
POST /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/clients/{client}
Add client-level roles to the client’s scope
GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings
Get all scope mappings for the client
GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/realm/available
Get realm-level roles that are available to attach to this client’s scope
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/realm/composite
Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists.
Description
The method is really to show a comprehensive total view of realm-level roles associated with the client.
Parameters
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
DELETE /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/realm
Remove a set of realm-level roles from the client’s scope
GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/realm
Get realm-level roles associated with the client’s scope
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[RoleRepresentation] |
POST /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/realm
Add a set of realm-level roles to the client’s scope
Users
GET /admin/realms/{realm}/users/count
Returns the number of users that match the given criteria.
Description
It can be called in three different ways. 1. Don’t specify any criteria and pass {@code null}. The number of all users within that realm will be returned. <p> 2. If {@code search} is specified other criteria such as {@code last} will be ignored even though you set them. The {@code search} string will be matched against the first and last name, the username and the email of a user. <p> 3. If {@code search} is unspecified but any of {@code last}, {@code first}, {@code email} or {@code username} those criteria are matched against their respective fields on a user entity. Combined with a logical and.
Parameters
Query Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
email |
A String contained in email, or the complete email, if param "exact" is true |
null |
|
emailVerified |
whether the email has been verified |
null |
|
enabled |
Boolean representing if user is enabled or not |
null |
|
exact |
Boolean which defines whether the params "last", "first", "email" and "username" must match exactly |
null |
|
firstName |
A String contained in firstName, or the complete firstName, if param "exact" is true |
null |
|
idpAlias |
The alias of an Identity Provider linked to the user |
null |
|
idpUserId |
The userId at an Identity Provider linked to the user |
null |
|
lastName |
A String contained in lastName, or the complete lastName, if param "exact" is true |
null |
|
q |
A query to search for custom attributes, in the format 'key1:value2 key2:value2' |
null |
|
search |
A String contained in username, first or last name, or email. Default search behavior is prefix-based (e.g., foo or foo*). Use foo for infix search and "foo" for exact search. |
null |
|
username |
A String contained in username, or the complete username, if param "exact" is true |
null |
GET /admin/realms/{realm}/users
Get users Returns a stream of users, filtered according to query parameters.
Parameters
Query Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
briefRepresentation |
Boolean which defines whether brief representations are returned (default: false) |
null |
|
email |
A String contained in email, or the complete email, if param "exact" is true |
null |
|
emailVerified |
whether the email has been verified |
null |
|
enabled |
Boolean representing if user is enabled or not |
null |
|
exact |
Boolean which defines whether the params "last", "first", "email" and "username" must match exactly |
null |
|
first |
Pagination offset |
null |
|
firstName |
A String contained in firstName, or the complete firstName, if param "exact" is true |
null |
|
idpAlias |
The alias of an Identity Provider linked to the user |
null |
|
idpUserId |
The userId at an Identity Provider linked to the user |
null |
|
lastName |
A String contained in lastName, or the complete lastName, if param "exact" is true |
null |
|
max |
Maximum results size (defaults to 100) |
null |
|
q |
A query to search for custom attributes, in the format 'key1:value2 key2:value2' |
null |
|
search |
A String contained in username, first or last name, or email. Default search behavior is prefix-based (e.g., foo or foo*). Use foo for infix search and "foo" for exact search. |
null |
|
username |
A String contained in username, or the complete username, if param "exact" is true |
null |
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[UserRepresentation] |
403 |
Forbidden |
<<>> |
POST /admin/realms/{realm}/users
Create a new user Username must be unique.
GET /admin/realms/{realm}/users/profile
GET /admin/realms/{realm}/users/profile/metadata
PUT /admin/realms/{realm}/users/profile
GET /admin/realms/{realm}/users/{user-id}/configured-user-storage-credential-types
Return credential types, which are provided by the user storage where user is stored.
Description
Returned values can contain for example \"password\", \"otp\" etc. This will always return empty list for \"local\" users, which are not backed by any user storage
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[[string]] |
403 |
Forbidden |
<<>> |
DELETE /admin/realms/{realm}/users/{user-id}/consents/{client}
Revoke consent and offline tokens for particular client from user
GET /admin/realms/{realm}/users/{user-id}/consents
Get consents granted by the user
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[[AnyType]] |
403 |
Forbidden |
<<>> |
DELETE /admin/realms/{realm}/users/{user-id}/credentials/{credentialId}
Remove a credential for a user
POST /admin/realms/{realm}/users/{user-id}/credentials/{credentialId}/moveAfter/{newPreviousCredentialId}
Move a credential to a position behind another credential
Parameters
Path Parameters
| Name | Description | Default | Pattern |
|---|---|---|---|
realm |
realm name (not id!) |
null |
|
user-id |
null |
||
credentialId |
The credential to move |
null |
|
newPreviousCredentialId |
The credential that will be the previous element in the list. If set to null, the moved credential will be the first element in the list. |
null |
POST /admin/realms/{realm}/users/{user-id}/credentials/{credentialId}/moveToFirst
Move a credential to a first position in the credentials list of the user
PUT /admin/realms/{realm}/users/{user-id}/credentials/{credentialId}/userLabel
Update a credential label for a user
GET /admin/realms/{realm}/users/{user-id}/credentials
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[CredentialRepresentation] |
403 |
Forbidden |
<<>> |
PUT /admin/realms/{realm}/users/{user-id}/disable-credential-types
Disable all credentials for a user of a specific type
PUT /admin/realms/{realm}/users/{user-id}/execute-actions-email
Send an email to the user with a link they can click to execute particular actions.
Description
An email contains a link the user can click to perform a set of required actions. The redirectUri and clientId parameters are optional. If no redirect is given, then there will be no link back to click after actions have completed. Redirect uri must be a valid uri for the particular clientId.
GET /admin/realms/{realm}/users/{user-id}/federated-identity
Get social logins associated with the user
DELETE /admin/realms/{realm}/users/{user-id}/federated-identity/{provider}
Remove a social login provider from user
POST /admin/realms/{realm}/users/{user-id}/federated-identity/{provider}
Add a social login provider to the user
GET /admin/realms/{realm}/users/{user-id}
Get representation of the user
Parameters
GET /admin/realms/{realm}/users/{user-id}/groups/count
Parameters
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
Map[[long]] |
403 |
Forbidden |
<<>> |
GET /admin/realms/{realm}/users/{user-id}/groups
Parameters
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
List[GroupRepresentation] |
403 |
Forbidden |
<<>> |
POST /admin/realms/{realm}/users/{user-id}/impersonation
Impersonate the user
POST /admin/realms/{realm}/users/{user-id}/logout
Remove all user sessions associated with the user Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user.
GET /admin/realms/{realm}/users/{user-id}/offline-sessions/{clientUuid}
Get offline sessions associated with the user and client
PUT /admin/realms/{realm}/users/{user-id}
Update the user
PUT /admin/realms/{realm}/users/{user-id}/reset-password-email
Send an email to the user with a link they can click to reset their password.
Description
The redirectUri and clientId parameters are optional. The default for the redirect is the account client. This endpoint has been deprecated. Please use the execute-actions-email passing a list with UPDATE_PASSWORD within it.
PUT /admin/realms/{realm}/users/{user-id}/reset-password
Set up a new password for the user.
PUT /admin/realms/{realm}/users/{user-id}/send-verify-email
Send an email-verification email to the user An email contains a link the user can click to verify their email address.
Description
The redirectUri, clientId and lifespan parameters are optional. The default for the redirect is the account client. The default for the lifespan is 12 hours
GET /admin/realms/{realm}/users/{user-id}/sessions
Get sessions associated with the user
GET /admin/realms/{realm}/users/{user-id}/unmanagedAttributes
Responses
| Code | Message | Datatype |
|---|---|---|
200 |
OK |
Map[[string]] |
403 |
Forbidden |
<<>> |
Definitions
AbstractPolicyRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
name |
String |
|
description |
String |
|
type |
String |
|
policies |
Set of [string] |
|
resources |
Set of [string] |
|
scopes |
Set of [string] |
|
logic |
Logic |
|
decisionStrategy |
DecisionStrategy |
|
owner |
String |
|
resourceType |
String |
|
resourcesData |
Set of ResourceRepresentation |
|
scopesData |
Set of ScopeRepresentation |
Access
| Name | Type | Format |
|---|---|---|
roles |
Set of [string] |
|
verify_caller |
Boolean |
AccessToken
| Name | Type | Format |
|---|---|---|
jti |
String |
|
exp |
Long |
int64 |
nbf |
Long |
int64 |
iat |
Long |
int64 |
iss |
String |
|
sub |
String |
|
typ |
String |
|
azp |
String |
|
otherClaims |
Map of [AnyType] |
|
nonce |
String |
|
auth_time |
Long |
int64 |
sid |
String |
|
at_hash |
String |
|
c_hash |
String |
|
name |
String |
|
given_name |
String |
|
family_name |
String |
|
middle_name |
String |
|
nickname |
String |
|
preferred_username |
String |
|
profile |
String |
|
picture |
String |
|
website |
String |
|
email |
String |
|
email_verified |
Boolean |
|
gender |
String |
|
birthdate |
String |
|
zoneinfo |
String |
|
locale |
String |
|
phone_number |
String |
|
phone_number_verified |
Boolean |
|
address |
AddressClaimSet |
|
updated_at |
Long |
int64 |
claims_locales |
String |
|
acr |
String |
|
s_hash |
String |
|
trusted-certs |
Set of [string] |
|
allowed-origins |
Set of [string] |
|
realm_access |
Access |
|
resource_access |
Map of Access |
|
authorization |
Authorization |
|
cnf |
Confirmation |
|
scope |
String |
AddressClaimSet
| Name | Type | Format |
|---|---|---|
formatted |
String |
|
street_address |
String |
|
locality |
String |
|
region |
String |
|
postal_code |
String |
|
country |
String |
AdminEventRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
time |
Long |
int64 |
realmId |
String |
|
authDetails |
AuthDetailsRepresentation |
|
operationType |
String |
|
resourceType |
String |
|
resourcePath |
String |
|
representation |
String |
|
error |
String |
|
details |
Map of [string] |
ApplicationRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
clientId |
String |
|
description |
String |
|
type |
String |
|
rootUrl |
String |
|
adminUrl |
String |
|
baseUrl |
String |
|
surrogateAuthRequired |
Boolean |
|
enabled |
Boolean |
|
alwaysDisplayInConsole |
Boolean |
|
clientAuthenticatorType |
String |
|
secret |
String |
|
registrationAccessToken |
String |
|
defaultRoles |
List of [string] |
|
redirectUris |
List of [string] |
|
webOrigins |
List of [string] |
|
notBefore |
Integer |
int32 |
bearerOnly |
Boolean |
|
consentRequired |
Boolean |
|
standardFlowEnabled |
Boolean |
|
implicitFlowEnabled |
Boolean |
|
directAccessGrantsEnabled |
Boolean |
|
serviceAccountsEnabled |
Boolean |
|
authorizationServicesEnabled |
Boolean |
|
directGrantsOnly |
Boolean |
|
publicClient |
Boolean |
|
frontchannelLogout |
Boolean |
|
protocol |
String |
|
attributes |
Map of [string] |
|
authenticationFlowBindingOverrides |
Map of [string] |
|
fullScopeAllowed |
Boolean |
|
nodeReRegistrationTimeout |
Integer |
int32 |
registeredNodes |
Map of [integer] |
int32 |
protocolMappers |
List of ProtocolMapperRepresentation |
|
clientTemplate |
String |
|
useTemplateConfig |
Boolean |
|
useTemplateScope |
Boolean |
|
useTemplateMappers |
Boolean |
|
defaultClientScopes |
List of [string] |
|
optionalClientScopes |
List of [string] |
|
authorizationSettings |
ResourceServerRepresentation |
|
access |
Map of [boolean] |
|
origin |
String |
|
name |
String |
|
claims |
ApplicationRepresentation_claims |
ApplicationRepresentationClaims
| Name | Type | Format |
|---|---|---|
name |
Boolean |
|
username |
Boolean |
|
profile |
Boolean |
|
picture |
Boolean |
|
website |
Boolean |
|
email |
Boolean |
|
gender |
Boolean |
|
locale |
Boolean |
|
address |
Boolean |
|
phone |
Boolean |
AuthDetailsRepresentation
| Name | Type | Format |
|---|---|---|
realmId |
String |
|
clientId |
String |
|
userId |
String |
|
ipAddress |
String |
AuthenticationExecutionExportRepresentation
| Name | Type | Format |
|---|---|---|
authenticatorConfig |
String |
|
authenticator |
String |
|
authenticatorFlow |
Boolean |
|
requirement |
String |
|
priority |
Integer |
int32 |
autheticatorFlow |
Boolean |
|
flowAlias |
String |
|
userSetupAllowed |
Boolean |
AuthenticationExecutionInfoRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
requirement |
String |
|
displayName |
String |
|
alias |
String |
|
description |
String |
|
requirementChoices |
List of [string] |
|
configurable |
Boolean |
|
authenticationFlow |
Boolean |
|
providerId |
String |
|
authenticationConfig |
String |
|
flowId |
String |
|
level |
Integer |
int32 |
index |
Integer |
int32 |
priority |
Integer |
int32 |
AuthenticationExecutionRepresentation
| Name | Type | Format |
|---|---|---|
authenticatorConfig |
String |
|
authenticator |
String |
|
authenticatorFlow |
Boolean |
|
requirement |
String |
|
priority |
Integer |
int32 |
autheticatorFlow |
Boolean |
|
id |
String |
|
flowId |
String |
|
parentFlow |
String |
AuthenticationFlowRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
alias |
String |
|
description |
String |
|
providerId |
String |
|
topLevel |
Boolean |
|
builtIn |
Boolean |
|
authenticationExecutions |
AuthenticatorConfigInfoRepresentation
| Name | Type | Format |
|---|---|---|
name |
String |
|
providerId |
String |
|
helpText |
String |
|
properties |
List of ConfigPropertyRepresentation |
AuthenticatorConfigRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
alias |
String |
|
config |
Map of [string] |
Authorization
| Name | Type | Format |
|---|---|---|
permissions |
List of Permission |
AuthorizationSchema
| Name | Type | Format |
|---|---|---|
resourceTypes |
Map of ResourceType |
CertificateRepresentation
| Name | Type | Format |
|---|---|---|
privateKey |
String |
|
publicKey |
String |
|
certificate |
String |
|
kid |
String |
ClaimRepresentation
| Name | Type | Format |
|---|---|---|
name |
Boolean |
|
username |
Boolean |
|
profile |
Boolean |
|
picture |
Boolean |
|
website |
Boolean |
|
email |
Boolean |
|
gender |
Boolean |
|
locale |
Boolean |
|
address |
Boolean |
|
phone |
Boolean |
ClientInitialAccessCreatePresentation
| Name | Type | Format |
|---|---|---|
expiration |
Integer |
int32 |
count |
Integer |
int32 |
ClientInitialAccessPresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
token |
String |
|
timestamp |
Integer |
int32 |
expiration |
Integer |
int32 |
count |
Integer |
int32 |
remainingCount |
Integer |
int32 |
ClientMappingsRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
client |
String |
|
mappings |
List of RoleRepresentation |
ClientPoliciesRepresentation
| Name | Type | Format |
|---|---|---|
policies |
List of ClientPolicyRepresentation |
|
globalPolicies |
List of ClientPolicyRepresentation |
ClientPolicyConditionRepresentation
| Name | Type | Format |
|---|---|---|
condition |
String |
|
configuration |
Map of [AnyType] |
ClientPolicyExecutorRepresentation
| Name | Type | Format |
|---|---|---|
executor |
String |
|
configuration |
Map of [AnyType] |
ClientPolicyRepresentation
| Name | Type | Format |
|---|---|---|
name |
String |
|
description |
String |
|
enabled |
Boolean |
|
conditions |
||
profiles |
List of [string] |
ClientProfileRepresentation
| Name | Type | Format |
|---|---|---|
name |
String |
|
description |
String |
|
executors |
ClientProfilesRepresentation
| Name | Type | Format |
|---|---|---|
profiles |
List of ClientProfileRepresentation |
|
globalProfiles |
List of ClientProfileRepresentation |
ClientRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
clientId |
String |
|
name |
String |
|
description |
String |
|
type |
String |
|
rootUrl |
String |
|
adminUrl |
String |
|
baseUrl |
String |
|
surrogateAuthRequired |
Boolean |
|
enabled |
Boolean |
|
alwaysDisplayInConsole |
Boolean |
|
clientAuthenticatorType |
String |
|
secret |
String |
|
registrationAccessToken |
String |
|
defaultRoles |
List of [string] |
|
redirectUris |
List of [string] |
|
webOrigins |
List of [string] |
|
notBefore |
Integer |
int32 |
bearerOnly |
Boolean |
|
consentRequired |
Boolean |
|
standardFlowEnabled |
Boolean |
|
implicitFlowEnabled |
Boolean |
|
directAccessGrantsEnabled |
Boolean |
|
serviceAccountsEnabled |
Boolean |
|
authorizationServicesEnabled |
Boolean |
|
directGrantsOnly |
Boolean |
|
publicClient |
Boolean |
|
frontchannelLogout |
Boolean |
|
protocol |
String |
|
attributes |
Map of [string] |
|
authenticationFlowBindingOverrides |
Map of [string] |
|
fullScopeAllowed |
Boolean |
|
nodeReRegistrationTimeout |
Integer |
int32 |
registeredNodes |
Map of [integer] |
int32 |
protocolMappers |
List of ProtocolMapperRepresentation |
|
clientTemplate |
String |
|
useTemplateConfig |
Boolean |
|
useTemplateScope |
Boolean |
|
useTemplateMappers |
Boolean |
|
defaultClientScopes |
List of [string] |
|
optionalClientScopes |
List of [string] |
|
authorizationSettings |
ResourceServerRepresentation |
|
access |
Map of [boolean] |
|
origin |
String |
ClientScopeRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
name |
String |
|
description |
String |
|
protocol |
String |
|
attributes |
Map of [string] |
|
protocolMappers |
List of ProtocolMapperRepresentation |
ClientTemplateRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
name |
String |
|
description |
String |
|
protocol |
String |
|
fullScopeAllowed |
Boolean |
|
bearerOnly |
Boolean |
|
consentRequired |
Boolean |
|
standardFlowEnabled |
Boolean |
|
implicitFlowEnabled |
Boolean |
|
directAccessGrantsEnabled |
Boolean |
|
serviceAccountsEnabled |
Boolean |
|
publicClient |
Boolean |
|
frontchannelLogout |
Boolean |
|
attributes |
Map of [string] |
|
protocolMappers |
List of ProtocolMapperRepresentation |
ClientTypeRepresentation
| Name | Type | Format |
|---|---|---|
name |
String |
|
provider |
String |
|
parent |
String |
|
config |
Map of PropertyConfig |
ClientTypesRepresentation
| Name | Type | Format |
|---|---|---|
client-types |
List of ClientTypeRepresentation |
|
global-client-types |
List of ClientTypeRepresentation |
ComponentExportRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
name |
String |
|
providerId |
String |
|
subType |
String |
|
subComponents |
Map of [array] |
|
config |
Map of [array] |
ComponentRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
name |
String |
|
providerId |
String |
|
providerType |
String |
|
parentId |
String |
|
subType |
String |
|
config |
Map of [array] |
ComponentTypeRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
helpText |
String |
|
properties |
List of ConfigPropertyRepresentation |
|
clientProperties |
List of ConfigPropertyRepresentation |
|
metadata |
Map of [AnyType] |
Composites
| Name | Type | Format |
|---|---|---|
realm |
Set of [string] |
|
client |
Map of [array] |
|
application |
Map of [array] |
ConfigPropertyRepresentation
| Name | Type | Format |
|---|---|---|
name |
String |
|
label |
String |
|
helpText |
String |
|
type |
String |
|
defaultValue |
oas_any_type_not_mapped |
|
options |
List of [string] |
|
secret |
Boolean |
|
required |
Boolean |
|
readOnly |
Boolean |
CredentialRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
type |
String |
|
userLabel |
String |
|
createdDate |
Long |
int64 |
secretData |
String |
|
credentialData |
String |
|
priority |
Integer |
int32 |
value |
String |
|
temporary |
Boolean |
|
device |
String |
|
hashedSaltedValue |
String |
|
salt |
String |
|
hashIterations |
Integer |
int32 |
counter |
Integer |
int32 |
algorithm |
String |
|
digits |
Integer |
int32 |
period |
Integer |
int32 |
config |
Map |
|
federationLink |
String |
ErrorRepresentation
| Name | Type | Format |
|---|---|---|
field |
String |
|
errorMessage |
String |
|
params |
List of [AnyType] |
|
errors |
List of ErrorRepresentation |
EvaluationResultRepresentation
| Name | Type | Format |
|---|---|---|
resource |
ResourceRepresentation |
|
scopes |
List of ScopeRepresentation |
|
policies |
Set of PolicyResultRepresentation |
|
status |
DecisionEffect |
|
allowedScopes |
Set of ScopeRepresentation |
|
deniedScopes |
Set of ScopeRepresentation |
EventRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
time |
Long |
int64 |
type |
String |
|
realmId |
String |
|
clientId |
String |
|
userId |
String |
|
sessionId |
String |
|
ipAddress |
String |
|
error |
String |
|
details |
Map of [string] |
FederatedIdentityRepresentation
| Name | Type | Format |
|---|---|---|
identityProvider |
String |
|
userId |
String |
|
userName |
String |
GlobalRequestResult
| Name | Type | Format |
|---|---|---|
successRequests |
List of [string] |
|
failedRequests |
List of [string] |
GroupRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
name |
String |
|
description |
String |
|
path |
String |
|
parentId |
String |
|
subGroupCount |
Long |
int64 |
subGroups |
List of GroupRepresentation |
|
attributes |
Map of [array] |
|
realmRoles |
List of [string] |
|
clientRoles |
Map of [array] |
|
access |
Map of [boolean] |
IDToken
| Name | Type | Format |
|---|---|---|
jti |
String |
|
exp |
Long |
int64 |
nbf |
Long |
int64 |
iat |
Long |
int64 |
iss |
String |
|
sub |
String |
|
typ |
String |
|
azp |
String |
|
otherClaims |
Map of [AnyType] |
|
nonce |
String |
|
auth_time |
Long |
int64 |
sid |
String |
|
at_hash |
String |
|
c_hash |
String |
|
name |
String |
|
given_name |
String |
|
family_name |
String |
|
middle_name |
String |
|
nickname |
String |
|
preferred_username |
String |
|
profile |
String |
|
picture |
String |
|
website |
String |
|
email |
String |
|
email_verified |
Boolean |
|
gender |
String |
|
birthdate |
String |
|
zoneinfo |
String |
|
locale |
String |
|
phone_number |
String |
|
phone_number_verified |
Boolean |
|
address |
AddressClaimSet |
|
updated_at |
Long |
int64 |
claims_locales |
String |
|
acr |
String |
|
s_hash |
String |
IdentityProviderMapperRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
name |
String |
|
identityProviderAlias |
String |
|
identityProviderMapper |
String |
|
config |
Map of [string] |
IdentityProviderMapperTypeRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
name |
String |
|
category |
String |
|
helpText |
String |
|
properties |
List of ConfigPropertyRepresentation |
IdentityProviderRepresentation
| Name | Type | Format |
|---|---|---|
alias |
String |
|
displayName |
String |
|
internalId |
String |
|
providerId |
String |
|
enabled |
Boolean |
|
updateProfileFirstLoginMode |
String |
|
trustEmail |
Boolean |
|
storeToken |
Boolean |
|
addReadTokenRoleOnCreate |
Boolean |
|
authenticateByDefault |
Boolean |
|
linkOnly |
Boolean |
|
hideOnLogin |
Boolean |
|
firstBrokerLoginFlowAlias |
String |
|
postBrokerLoginFlowAlias |
String |
|
organizationId |
String |
|
config |
Map of [string] |
|
updateProfileFirstLogin |
Boolean |
InstallationAdapterConfig
| Name | Type | Format |
|---|---|---|
realm |
String |
|
realm-public-key |
String |
|
auth-server-url |
String |
|
ssl-required |
String |
|
bearer-only |
Boolean |
|
resource |
String |
|
public-client |
Boolean |
|
verify-token-audience |
Boolean |
|
credentials |
Map of [AnyType] |
|
use-resource-role-mappings |
Boolean |
|
confidential-port |
Integer |
int32 |
policy-enforcer |
PolicyEnforcerConfig |
KeyMetadataRepresentation
| Name | Type | Format |
|---|---|---|
providerId |
String |
|
providerPriority |
Long |
int64 |
kid |
String |
|
status |
String |
|
type |
String |
|
algorithm |
String |
|
publicKey |
String |
|
certificate |
String |
|
use |
KeyUse |
|
validTo |
Long |
int64 |
KeyStoreConfig
| Name | Type | Format |
|---|---|---|
realmCertificate |
Boolean |
|
storePassword |
String |
|
keyPassword |
String |
|
keyAlias |
String |
|
realmAlias |
String |
|
format |
String |
|
keySize |
Integer |
int32 |
validity |
Integer |
int32 |
KeysMetadataRepresentation
| Name | Type | Format |
|---|---|---|
active |
Map of [string] |
|
keys |
List of KeyMetadataRepresentation |
ManagementPermissionReference
| Name | Type | Format |
|---|---|---|
enabled |
Boolean |
|
resource |
String |
|
scopePermissions |
Map of [string] |
MappingsRepresentation
| Name | Type | Format |
|---|---|---|
realmMappings |
List of RoleRepresentation |
|
clientMappings |
Map of ClientMappingsRepresentation |
MemberRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
username |
String |
|
firstName |
String |
|
lastName |
String |
|
email |
String |
|
emailVerified |
Boolean |
|
attributes |
Map of [array] |
|
userProfileMetadata |
UserProfileMetadata |
|
enabled |
Boolean |
|
self |
String |
|
origin |
String |
|
createdTimestamp |
Long |
int64 |
totp |
Boolean |
|
federationLink |
String |
|
serviceAccountClientId |
String |
|
credentials |
List of CredentialRepresentation |
|
disableableCredentialTypes |
Set of [string] |
|
requiredActions |
List of [string] |
|
federatedIdentities |
List of FederatedIdentityRepresentation |
|
realmRoles |
List of [string] |
|
clientRoles |
Map of [array] |
|
clientConsents |
List of UserConsentRepresentation |
|
notBefore |
Integer |
int32 |
applicationRoles |
Map of [array] |
|
socialLinks |
List of SocialLinkRepresentation |
|
groups |
List of [string] |
|
access |
Map of [boolean] |
|
membershipType |
MembershipType |
MethodConfig
| Name | Type | Format |
|---|---|---|
method |
String |
|
scopes |
List of [string] |
|
scopes-enforcement-mode |
ScopeEnforcementMode |
OAuthClientRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
clientId |
String |
|
description |
String |
|
type |
String |
|
rootUrl |
String |
|
adminUrl |
String |
|
baseUrl |
String |
|
surrogateAuthRequired |
Boolean |
|
enabled |
Boolean |
|
alwaysDisplayInConsole |
Boolean |
|
clientAuthenticatorType |
String |
|
secret |
String |
|
registrationAccessToken |
String |
|
defaultRoles |
List of [string] |
|
redirectUris |
List of [string] |
|
webOrigins |
List of [string] |
|
notBefore |
Integer |
int32 |
bearerOnly |
Boolean |
|
consentRequired |
Boolean |
|
standardFlowEnabled |
Boolean |
|
implicitFlowEnabled |
Boolean |
|
directAccessGrantsEnabled |
Boolean |
|
serviceAccountsEnabled |
Boolean |
|
authorizationServicesEnabled |
Boolean |
|
directGrantsOnly |
Boolean |
|
publicClient |
Boolean |
|
frontchannelLogout |
Boolean |
|
protocol |
String |
|
attributes |
Map of [string] |
|
authenticationFlowBindingOverrides |
Map of [string] |
|
fullScopeAllowed |
Boolean |
|
nodeReRegistrationTimeout |
Integer |
int32 |
registeredNodes |
Map of [integer] |
int32 |
protocolMappers |
List of ProtocolMapperRepresentation |
|
clientTemplate |
String |
|
useTemplateConfig |
Boolean |
|
useTemplateScope |
Boolean |
|
useTemplateMappers |
Boolean |
|
defaultClientScopes |
List of [string] |
|
optionalClientScopes |
List of [string] |
|
authorizationSettings |
ResourceServerRepresentation |
|
access |
Map of [boolean] |
|
origin |
String |
|
name |
String |
|
claims |
ApplicationRepresentation_claims |
OrganizationRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
name |
String |
|
alias |
String |
|
enabled |
Boolean |
|
description |
String |
|
redirectUrl |
String |
|
attributes |
Map of [array] |
|
domains |
||
members |
List of MemberRepresentation |
|
identityProviders |
List of IdentityProviderRepresentation |
PathConfig
| Name | Type | Format |
|---|---|---|
name |
String |
|
type |
String |
|
path |
String |
|
methods |
List of MethodConfig |
|
scopes |
List of [string] |
|
id |
String |
|
enforcement-mode |
EnforcementMode |
|
claim-information-point |
Map of [map] |
|
invalidated |
Boolean |
|
staticPath |
Boolean |
|
static |
Boolean |
Permission
| Name | Type | Format |
|---|---|---|
rsid |
String |
|
rsname |
String |
|
scopes |
Set of [string] |
|
claims |
Map of [set] |
PolicyEnforcerConfig
| Name | Type | Format |
|---|---|---|
enforcement-mode |
EnforcementMode |
|
paths |
List of PathConfig |
|
path-cache |
PathCacheConfig |
|
lazy-load-paths |
Boolean |
|
on-deny-redirect-to |
String |
|
user-managed-access |
Object |
|
claim-information-point |
Map of [map] |
|
http-method-as-scope |
Boolean |
|
realm |
String |
|
auth-server-url |
String |
|
credentials |
Map of [AnyType] |
|
resource |
String |
PolicyEvaluationRequest
| Name | Type | Format |
|---|---|---|
context |
Map of [map] |
|
resources |
List of ResourceRepresentation |
|
resourceType |
String |
|
clientId |
String |
|
userId |
String |
|
roleIds |
List of [string] |
|
entitlements |
Boolean |
PolicyEvaluationResponse
| Name | Type | Format |
|---|---|---|
results |
List of EvaluationResultRepresentation |
|
entitlements |
Boolean |
|
status |
DecisionEffect |
|
rpt |
AccessToken |
PolicyProviderRepresentation
| Name | Type | Format |
|---|---|---|
type |
String |
|
name |
String |
|
group |
String |
PolicyRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
name |
String |
|
description |
String |
|
type |
String |
|
policies |
Set of [string] |
|
resources |
Set of [string] |
|
scopes |
Set of [string] |
|
logic |
Logic |
|
decisionStrategy |
DecisionStrategy |
|
owner |
String |
|
resourceType |
String |
|
resourcesData |
Set of ResourceRepresentation |
|
scopesData |
Set of ScopeRepresentation |
|
config |
Map of [string] |
PolicyResultRepresentation
| Name | Type | Format |
|---|---|---|
policy |
PolicyRepresentation |
|
status |
DecisionEffect |
|
associatedPolicies |
List of PolicyResultRepresentation |
|
scopes |
Set of [string] |
|
resourceType |
String |
ProtocolMapperEvaluationRepresentation
| Name | Type | Format |
|---|---|---|
mapperId |
String |
|
mapperName |
String |
|
containerId |
String |
|
containerName |
String |
|
containerType |
String |
|
protocolMapper |
String |
ProtocolMapperRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
name |
String |
|
protocol |
String |
|
protocolMapper |
String |
|
consentRequired |
Boolean |
|
consentText |
String |
|
config |
Map of [string] |
PublishedRealmRepresentation
| Name | Type | Format |
|---|---|---|
realm |
String |
|
public_key |
String |
|
token-service |
String |
|
account-service |
String |
|
tokens-not-before |
Integer |
int32 |
RealmEventsConfigRepresentation
| Name | Type | Format |
|---|---|---|
eventsEnabled |
Boolean |
|
eventsExpiration |
Long |
int64 |
eventsListeners |
List of [string] |
|
enabledEventTypes |
List of [string] |
|
adminEventsEnabled |
Boolean |
|
adminEventsDetailsEnabled |
Boolean |
RealmRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
realm |
String |
|
displayName |
String |
|
displayNameHtml |
String |
|
notBefore |
Integer |
int32 |
defaultSignatureAlgorithm |
String |
|
revokeRefreshToken |
Boolean |
|
refreshTokenMaxReuse |
Integer |
int32 |
accessTokenLifespan |
Integer |
int32 |
accessTokenLifespanForImplicitFlow |
Integer |
int32 |
ssoSessionIdleTimeout |
Integer |
int32 |
ssoSessionMaxLifespan |
Integer |
int32 |
ssoSessionIdleTimeoutRememberMe |
Integer |
int32 |
ssoSessionMaxLifespanRememberMe |
Integer |
int32 |
offlineSessionIdleTimeout |
Integer |
int32 |
offlineSessionMaxLifespanEnabled |
Boolean |
|
offlineSessionMaxLifespan |
Integer |
int32 |
clientSessionIdleTimeout |
Integer |
int32 |
clientSessionMaxLifespan |
Integer |
int32 |
clientOfflineSessionIdleTimeout |
Integer |
int32 |
clientOfflineSessionMaxLifespan |
Integer |
int32 |
accessCodeLifespan |
Integer |
int32 |
accessCodeLifespanUserAction |
Integer |
int32 |
accessCodeLifespanLogin |
Integer |
int32 |
actionTokenGeneratedByAdminLifespan |
Integer |
int32 |
actionTokenGeneratedByUserLifespan |
Integer |
int32 |
oauth2DeviceCodeLifespan |
Integer |
int32 |
oauth2DevicePollingInterval |
Integer |
int32 |
enabled |
Boolean |
|
sslRequired |
String |
|
passwordCredentialGrantAllowed |
Boolean |
|
registrationAllowed |
Boolean |
|
registrationEmailAsUsername |
Boolean |
|
rememberMe |
Boolean |
|
verifyEmail |
Boolean |
|
loginWithEmailAllowed |
Boolean |
|
duplicateEmailsAllowed |
Boolean |
|
resetPasswordAllowed |
Boolean |
|
editUsernameAllowed |
Boolean |
|
userCacheEnabled |
Boolean |
|
realmCacheEnabled |
Boolean |
|
bruteForceProtected |
Boolean |
|
permanentLockout |
Boolean |
|
maxTemporaryLockouts |
Integer |
int32 |
bruteForceStrategy |
BruteForceStrategy |
|
maxFailureWaitSeconds |
Integer |
int32 |
minimumQuickLoginWaitSeconds |
Integer |
int32 |
waitIncrementSeconds |
Integer |
int32 |
quickLoginCheckMilliSeconds |
Long |
int64 |
maxDeltaTimeSeconds |
Integer |
int32 |
failureFactor |
Integer |
int32 |
privateKey |
String |
|
publicKey |
String |
|
certificate |
String |
|
codeSecret |
String |
|
roles |
RolesRepresentation |
|
groups |
List of GroupRepresentation |
|
defaultRoles |
List of [string] |
|
defaultRole |
RoleRepresentation |
|
adminPermissionsClient |
ClientRepresentation |
|
defaultGroups |
List of [string] |
|
requiredCredentials |
Set of [string] |
|
passwordPolicy |
String |
|
otpPolicyType |
String |
|
otpPolicyAlgorithm |
String |
|
otpPolicyInitialCounter |
Integer |
int32 |
otpPolicyDigits |
Integer |
int32 |
otpPolicyLookAheadWindow |
Integer |
int32 |
otpPolicyPeriod |
Integer |
int32 |
otpPolicyCodeReusable |
Boolean |
|
otpSupportedApplications |
List of [string] |
|
localizationTexts |
Map of [map] |
|
webAuthnPolicyRpEntityName |
String |
|
webAuthnPolicySignatureAlgorithms |
List of [string] |
|
webAuthnPolicyRpId |
String |
|
webAuthnPolicyAttestationConveyancePreference |
String |
|
webAuthnPolicyAuthenticatorAttachment |
String |
|
webAuthnPolicyRequireResidentKey |
String |
|
webAuthnPolicyUserVerificationRequirement |
String |
|
webAuthnPolicyCreateTimeout |
Integer |
int32 |
webAuthnPolicyAvoidSameAuthenticatorRegister |
Boolean |
|
webAuthnPolicyAcceptableAaguids |
List of [string] |
|
webAuthnPolicyExtraOrigins |
List of [string] |
|
webAuthnPolicyPasswordlessRpEntityName |
String |
|
webAuthnPolicyPasswordlessSignatureAlgorithms |
List of [string] |
|
webAuthnPolicyPasswordlessRpId |
String |
|
webAuthnPolicyPasswordlessAttestationConveyancePreference |
String |
|
webAuthnPolicyPasswordlessAuthenticatorAttachment |
String |
|
webAuthnPolicyPasswordlessRequireResidentKey |
String |
|
webAuthnPolicyPasswordlessUserVerificationRequirement |
String |
|
webAuthnPolicyPasswordlessCreateTimeout |
Integer |
int32 |
webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister |
Boolean |
|
webAuthnPolicyPasswordlessAcceptableAaguids |
List of [string] |
|
webAuthnPolicyPasswordlessExtraOrigins |
List of [string] |
|
webAuthnPolicyPasswordlessPasskeysEnabled |
Boolean |
|
clientProfiles |
ClientProfilesRepresentation |
|
clientPolicies |
ClientPoliciesRepresentation |
|
users |
List of UserRepresentation |
|
federatedUsers |
List of UserRepresentation |
|
scopeMappings |
List of ScopeMappingRepresentation |
|
clientScopeMappings |
Map of [array] |
|
clients |
List of ClientRepresentation |
|
clientScopes |
List of ClientScopeRepresentation |
|
defaultDefaultClientScopes |
List of [string] |
|
defaultOptionalClientScopes |
List of [string] |
|
browserSecurityHeaders |
Map of [string] |
|
smtpServer |
Map of [string] |
|
userFederationProviders |
||
userFederationMappers |
||
loginTheme |
String |
|
accountTheme |
String |
|
adminTheme |
String |
|
emailTheme |
String |
|
eventsEnabled |
Boolean |
|
eventsExpiration |
Long |
int64 |
eventsListeners |
List of [string] |
|
enabledEventTypes |
List of [string] |
|
adminEventsEnabled |
Boolean |
|
adminEventsDetailsEnabled |
Boolean |
|
identityProviders |
List of IdentityProviderRepresentation |
|
identityProviderMappers |
||
protocolMappers |
List of ProtocolMapperRepresentation |
|
components |
Map of [array] |
|
internationalizationEnabled |
Boolean |
|
supportedLocales |
Set of [string] |
|
defaultLocale |
String |
|
authenticationFlows |
List of AuthenticationFlowRepresentation |
|
authenticatorConfig |
||
requiredActions |
||
browserFlow |
String |
|
registrationFlow |
String |
|
directGrantFlow |
String |
|
resetCredentialsFlow |
String |
|
clientAuthenticationFlow |
String |
|
dockerAuthenticationFlow |
String |
|
firstBrokerLoginFlow |
String |
|
attributes |
Map of [string] |
|
keycloakVersion |
String |
|
userManagedAccessAllowed |
Boolean |
|
organizationsEnabled |
Boolean |
|
organizations |
List of OrganizationRepresentation |
|
verifiableCredentialsEnabled |
Boolean |
|
adminPermissionsEnabled |
Boolean |
|
social |
Boolean |
|
updateProfileOnInitialSocialLogin |
Boolean |
|
socialProviders |
Map of [string] |
|
applicationScopeMappings |
Map of [array] |
|
applications |
List of ApplicationRepresentation |
|
oauthClients |
List of OAuthClientRepresentation |
|
clientTemplates |
List of ClientTemplateRepresentation |
RequiredActionConfigInfoRepresentation
| Name | Type | Format |
|---|---|---|
properties |
List of ConfigPropertyRepresentation |
RequiredActionConfigRepresentation
| Name | Type | Format |
|---|---|---|
config |
Map of [string] |
RequiredActionProviderRepresentation
| Name | Type | Format |
|---|---|---|
alias |
String |
|
name |
String |
|
providerId |
String |
|
enabled |
Boolean |
|
defaultAction |
Boolean |
|
priority |
Integer |
int32 |
config |
Map of [string] |
ResourceRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
name |
String |
|
uris |
Set of [string] |
|
type |
String |
|
scopes |
Set of ScopeRepresentation |
|
icon_uri |
String |
|
owner |
ResourceRepresentation_owner |
|
ownerManagedAccess |
Boolean |
|
displayName |
String |
|
attributes |
Map of [array] |
|
uri |
String |
|
scopesUma |
Set of ScopeRepresentation |
ResourceServerRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
clientId |
String |
|
name |
String |
|
allowRemoteResourceManagement |
Boolean |
|
policyEnforcementMode |
PolicyEnforcementMode |
|
resources |
List of ResourceRepresentation |
|
policies |
List of PolicyRepresentation |
|
scopes |
List of ScopeRepresentation |
|
decisionStrategy |
DecisionStrategy |
|
authorizationSchema |
AuthorizationSchema |
ResourceType
| Name | Type | Format |
|---|---|---|
type |
String |
|
scopes |
Set of [string] |
|
scopeAliases |
Map of [set] |
|
groupType |
String |
RoleRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
name |
String |
|
description |
String |
|
scopeParamRequired |
Boolean |
|
composite |
Boolean |
|
composites |
Composites |
|
clientRole |
Boolean |
|
containerId |
String |
|
attributes |
Map of [array] |
RolesRepresentation
| Name | Type | Format |
|---|---|---|
realm |
List of RoleRepresentation |
|
client |
Map of [array] |
|
application |
Map of [array] |
ScopeMappingRepresentation
| Name | Type | Format |
|---|---|---|
self |
String |
|
client |
String |
|
clientTemplate |
String |
|
clientScope |
String |
|
roles |
Set of [string] |
ScopeRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
name |
String |
|
iconUri |
String |
|
policies |
List of PolicyRepresentation |
|
resources |
List of ResourceRepresentation |
|
displayName |
String |
SocialLinkRepresentation
| Name | Type | Format |
|---|---|---|
socialProvider |
String |
|
socialUserId |
String |
|
socialUsername |
String |
UPAttribute
| Name | Type | Format |
|---|---|---|
name |
String |
|
displayName |
String |
|
validations |
Map of [map] |
|
annotations |
Map of [AnyType] |
|
required |
UPAttributeRequired |
|
permissions |
UPAttributePermissions |
|
selector |
UPAttributeSelector |
|
group |
String |
|
multivalued |
Boolean |
|
defaultValue |
String |
UPAttributeSelector
| Name | Type | Format |
|---|---|---|
scopes |
Set of [string] |
UPConfig
| Name | Type | Format |
|---|---|---|
attributes |
List of UPAttribute |
|
groups |
List of UPGroup |
|
unmanagedAttributePolicy |
UnmanagedAttributePolicy |
UPGroup
| Name | Type | Format |
|---|---|---|
name |
String |
|
displayHeader |
String |
|
displayDescription |
String |
|
annotations |
Map of [AnyType] |
UserConsentRepresentation
| Name | Type | Format |
|---|---|---|
clientId |
String |
|
grantedClientScopes |
List of [string] |
|
createdDate |
Long |
int64 |
lastUpdatedDate |
Long |
int64 |
grantedRealmRoles |
List of [string] |
UserFederationMapperRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
name |
String |
|
federationProviderDisplayName |
String |
|
federationMapperType |
String |
|
config |
Map of [string] |
UserFederationProviderRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
displayName |
String |
|
providerName |
String |
|
config |
Map of [string] |
|
priority |
Integer |
int32 |
fullSyncPeriod |
Integer |
int32 |
changedSyncPeriod |
Integer |
int32 |
lastSync |
Integer |
int32 |
UserProfileAttributeGroupMetadata
| Name | Type | Format |
|---|---|---|
name |
String |
|
displayHeader |
String |
|
displayDescription |
String |
|
annotations |
Map of [AnyType] |
UserProfileAttributeMetadata
| Name | Type | Format |
|---|---|---|
name |
String |
|
displayName |
String |
|
required |
Boolean |
|
readOnly |
Boolean |
|
annotations |
Map of [AnyType] |
|
validators |
Map of [map] |
|
group |
String |
|
multivalued |
Boolean |
|
defaultValue |
String |
UserProfileMetadata
| Name | Type | Format |
|---|---|---|
attributes |
List of UserProfileAttributeMetadata |
|
groups |
UserRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
username |
String |
|
firstName |
String |
|
lastName |
String |
|
email |
String |
|
emailVerified |
Boolean |
|
attributes |
Map of [array] |
|
userProfileMetadata |
UserProfileMetadata |
|
enabled |
Boolean |
|
self |
String |
|
origin |
String |
|
createdTimestamp |
Long |
int64 |
totp |
Boolean |
|
federationLink |
String |
|
serviceAccountClientId |
String |
|
credentials |
List of CredentialRepresentation |
|
disableableCredentialTypes |
Set of [string] |
|
requiredActions |
List of [string] |
|
federatedIdentities |
List of FederatedIdentityRepresentation |
|
realmRoles |
List of [string] |
|
clientRoles |
Map of [array] |
|
clientConsents |
List of UserConsentRepresentation |
|
notBefore |
Integer |
int32 |
applicationRoles |
Map of [array] |
|
socialLinks |
List of SocialLinkRepresentation |
|
groups |
List of [string] |
|
access |
Map of [boolean] |
UserSessionRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
username |
String |
|
userId |
String |
|
ipAddress |
String |
|
start |
Long |
int64 |
lastAccess |
Long |
int64 |
rememberMe |
Boolean |
|
clients |
Map of [string] |
|
transientUser |
Boolean |
WorkflowConditionRepresentation
| Name | Type | Format |
|---|---|---|
uses |
String |
|
id |
String |
|
config |
Map of [array] |
WorkflowRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
name |
String |
|
uses |
String |
|
enabled |
Boolean |
|
on |
oas_any_type_not_mapped |
|
concurrency |
WorkflowConcurrencyRepresentation |
|
if |
List of WorkflowConditionRepresentation |
|
steps |
List of WorkflowStepRepresentation |
|
state |
WorkflowStateRepresentation |
|
with |
Map of [array] |
|
onValues |
List of [string] |
|
cancelIfRunning |
Boolean |
WorkflowSetRepresentation
| Name | Type | Format |
|---|---|---|
workflows |
List of WorkflowRepresentation |
WorkflowStateRepresentation
| Name | Type | Format |
|---|---|---|
errors |
List of [string] |
WorkflowStepRepresentation
| Name | Type | Format |
|---|---|---|
id |
String |
|
uses |
String |
|
after |
String |
|
priority |
String |
|
config |
Map of [array] |