Skip to main content

Keycloak actions

1. About Create Client:

To create a new client inside the realm of Keycloak

We can send token using "msg.req.headers.authorization" property.

If you have an access token in any other property i.e msg.payload or msg.accesstoken etc. save it to msg.req.headers.authorization first and then pass inside the connector.

Following message properties can be inside the connector properties if provided.

  • msg.config.baseUrl => Base_Url
  • msg.config.realm => Realm
  • msg.config.dataProperty => Data_Property

Base_Url Provide your base URL of Keycloak.

Realm Provide your existing realm name.

Data_Property Provide required client body to create, (check msg.model format below)

Sample msg.model

msg.data = 
{
    "clientId": "",
    "name": "",
    "adminUrl": "http://localhost:4200",
    "alwaysDisplayInConsole": false,
    "access": {
        "view": true,
        "configure": true,
        "manage": false
    },
    "attributes": {},
    "authenticationFlowBindingOverrides" : {},
    "authorizationServicesEnabled": false,
    "bearerOnly": false,
    "directAccessGrantsEnabled": true,
    "enabled": true,
    "protocol": "openid-connect",
    "description": "rest-api",
    
    "rootUrl":"",
    "baseUrl": `/realms/ignite/account/`,
    "surrogateAuthRequired": false,
    "clientAuthenticatorType": "client-secret",
    "defaultRoles": [
        "manage-account",
        "view-profile"
    ],
    "redirectUris": [
        `/realms/ignite/account/*`
    ],
    "webOrigins": [],
    "notBefore": 0,
    "consentRequired": false,
    "standardFlowEnabled": true,
    "implicitFlowEnabled": false,
    "serviceAccountsEnabled": false,
    "publicClient": false,
    "frontchannelLogout": false,
    "fullScopeAllowed": false,
    "nodeReRegistrationTimeout": 0,
    "defaultClientScopes": [
        "web-origins",
        "role_list",
        "profile",
        "roles",
        "email"
    ],
    "optionalClientScopes": [
        "address",
        "phone",
        "offline_access",
        "microprofile-jwt"
    ]
};
return msg;

NOTE: check adminurl, baseurl, rooturl, and redirect url

2. About Create Client Role:

This action is used to create a new client role inside a specific realm.

We can send token using "msg.req.headers.authorization" property.

If you have an access token in any other property i.e msg.payload or msg.accesstoken etc. save it to msg.req.headers.authorization first and then pass inside the connector.

Following message properties can be inside the connector properties if provided.

  • msg.config.baseUrl => Base_Url
  • msg.config.realm => Realm
  • msg.config.KclkClientId => Kclk_Client_Id
  • msg.config.dataProperty => Data_Property

Base_Url Provide your base URL of Keycloak.

Realm Provide your existing realm name.

Clientid Provide your existing client id (you can find it in URL after opening the client property).

Data_Property Provide required client role body to create, (check msg.model format below)

Sample msg.model

msg.data = 
{
    "name":""
};
return msg;

3. About Create Realm and Admin User:

This action creates a new realm and an admin user inside a newly deployed Keycloak

Following message properties can be inside the connector properties if provided.

  • msg.config.baseUrl => Base_Url
  • msg.config.username => Admin_Username
  • msg.config.password => Admin_Password
  • msg.config.dataProperty => Data_Property
  • msg.config.newadminname => NewAdmName
  • msg.config.newadminemail => NewAdmEmail

Base_Url Provide your base URL of Keycloak.

Admin_Username Provide your username of the administrator account.

Admin_Password Provide your password for the administrator account.

Data_Property Provide required realm body to create, (check msg.model format below)

NewAdmName Provide your new admin user name for your new realm.

NewAdmEmail Provide your new admin email for your new realm.

Sample msg.model

msg.data = 
{
"realm": "",
"enabled": true,
}
return msg;

4. About Create User:

This action creates a new user with his new name, password, client id, and secret

We can send token using "msg.req.headers.authorization" property.

If you have an access token in any other property i.e msg.payload or msg.accesstoken etc. save it to msg.req.headers.authorization first and then pass inside the connector.

Following message properties can be inside the connector properties if provided.

  • msg.config.baseUrl => Base_Url
  • msg.config.realm => Realm
  • msg.config.dataProperty => Data_Property

Base_Url Provide your base URL of Keycloak.

Realm Provide your existing realm name.

Data_Property Provide required user body to create, (check msg.model format below)

Sample msg.model

msg.data = 
{
    "username": "",
    "enabled": true,
    "totp": false,
    "emailVerified": false,
    "firstName": "",
    "lastName": "",
    "email": "",
    "disableableCredentialTypes": [],
    "requiredActions": [],
    "notBefore": 0,
    "access": {
        "manageGroupMembership": true,
        "view": true,
        "mapRoles": true,
        "impersonate": true,
        "manage": true
    }
};

return msg;

5. About Delete Realm:

To delete any realm, you can use this action by passing the name of the realm

Following message properties can be inside the connector properties if provided.

  • msg.config.baseUrl => Base_Url
  • msg.config.username => Admin_Username
  • msg.config.password => Admin_Password
  • msg.config.realm => Realm

Base_Url Provide your base URL of Keycloak.

Admin_Username Provide the username of the authorized user.

Admin_Password Provide the password of the authorized user.

Realm Provide the name of the realm you want to delete.

6. About Delete User:

To delete a user from Keycloak realm you can use this connector action

We can send token using "msg.req.headers.authorization" property.

If you have an access token in any other property i.e msg.payload or msg.accesstoken etc. save it to msg.req.headers.authorization first and then pass inside the connector.

Following message properties can be inside the connector properties if provided.

  • msg.config.baseUrl => Base_Url
  • msg.config.realm => Realm
  • msg.config.userid => User_Id

Base_Url Provide your base URL of Keycloak.

Realm Provide your existing realm name.

Data_Property Provide required credentials of a user, (check msg.model format below)

User_Id Provide the user id of the user you want to delete details.

7. About Get Clients:

To get the list of all clients in a realm use this action.

We can send token using "msg.req.headers.authorization" property.

If you have an access token in any other property i.e msg.payload or msg.accesstoken etc. save it to msg.req.headers.authorization first and then pass inside the connector.

Following message properties can be inside the connector properties if provided.

  • msg.config.baseUrl => Base_Url
  • msg.config.realm => Realm

Base_Url Provide your base URL of Keycloak.

Realm Provide your existing realm name.

8. About Get Token:

To get a token of the user inside a realm you can use this token

Following message properties can be inside the connector properties if provided.

  • msg.config.baseUrl => Base_Url
  • msg.config.realm => Realm
  • msg.config.clientId => Client_Id
  • msg.config.clientSecret => Client_Secret
  • msg.config.dataProperty => Data_Property

Base_Url Provide your base URL of Keycloak.

Realm Provide your existing realm name.

Client_Id Provide your existing client id (a simple name of the client).

Client_Secret Provide your client secret from the client credentials tab.

Data_Property Provide required credentials of the user, (check msg.model format below)

Sample msg.model

msg.credentials = {
username: "",
password: ""
};

9. About Get Users:

To fetch details of all users inside a realm this connector action is used

Following message properties can be inside the connector properties if provided.

We can send token using "msg.req.headers.authorization" property.

If you have an access token in any other property i.e msg.payload or msg.accesstoken etc. save it to msg.req.headers.authorization first and then pass inside the connector.

  • msg.config.baseUrl => Base_Url
  • msg.config.realm => Realm

Base_Url Provide your base url of keycloak.

Realm Provide your existing realm name.

10. About Update User:

To update an existing user detail inside a realm use this connector

We can send token using "msg.req.headers.authorization" property.

If you have an access token in any other property i.e msg.payload or msg.accesstoken etc. save it to msg.req.headers.authorization first and then pass inside the connector.

Following message properties can be inside the connector properties if provided.

  • msg.config.baseUrl => Base_Url
  • msg.config.realm => Realm
  • msg.config.dataProperty => Data_Property
  • msg.config.userid => User_Id

Base_Url Provide your base URL of Keycloak.

Realm Provide your existing realm name.

Data_Property Provide required realm body to update, (check msg.model format below)

User_Id Provide the user id of the user you want to update details.

Sample msg.model

msg.data = 
{
    "enabled": true,
    "totp": false,
    "emailVerified": false,
    "firstName": "",
    "lastName": "",
    "email": "",
    "disableableCredentialTypes": [],
    "requiredActions": [],
    "notBefore": 0,
    "access": {
        "manageGroupMembership": true,
        "view": true,
        "mapRoles": true,
        "impersonate": true,
        "manage": true
    }
};

return msg;

11. About Validate Token:

To validate the token which Keycloak generates using user info, you can use this connector

We can send token using "msg.req.headers.authorization" property.

If you have an access token in any other property i.e msg.payload or msg.accesstoken etc. save it to msg.req.headers.authorization first and then pass inside the connector.

Following message properties can be inside the connector properties if provided.

  • msg.config.baseUrl => Base_Url
  • msg.config.realm => Realm

Base_Url Provide your base URL of Keycloak.

Realm Provide your existing realm name.