Ensure all workflow steps are described in the documentation.

- also change name of add/remove required action providers to better align with other step providers.

Closes #47655

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>

docs/documentation/server_admin/topics/workflows/defining-steps.adoc

@@ -64,22 +64,46 @@ on the realm resource associated with the event, so that each realm resource typ
 |Step
 |Description
 |Configuration
-| `set-user-required-action` | Set a required action to the user a|
+| `add-required-action` | Add a required action to the user a|
 * `action`: The name of the required action
-| `delete-user` | Delete the user | None
-| `disable-user` | Disable the user | None
+| `remove-required-action` | Remove a required action from the user a|
+* `action`: The name of the required action
+| `grant-role` | Grant one or more roles to the user a|
+* `role`: One or more role names to grant. This can be a single value or a list of values (e.g., `[value1, value2]`)
+| `revoke-role` | Revoke one or more roles from the user a|
+* `role`: One or more role names to revoke. This can be a single value or a list of values (e.g., `[value1, value2]`)
+| `join-group` | Add the user to one or more groups a|
+* `group`: One or more group names or paths to join. This can be a single value or a list of values (e.g., `[value1, value2]`)
+| `leave-group` | Remove the user from one or more groups a|
+* `group`: One or more group names or paths to leave. This can be a single value or a list of values (e.g., `[value1, value2]`)
+| `set-user-attribute` | Set one or more attributes on the user. Allows providing multiple `<name>`/`<value>` pairs a|
+* `<name>`: The attribute name
+* `<value>`: The value of the attribute
+| `remove-user-attribute` | Remove one or more attributes from the user a|
+* `attribute`: One or more attribute names to remove. This can be a single value or a list of values (e.g., `[value1, value2]`)
+| `notify-user` | Notify the user by email a|
+* `subject`: The email subject
+* `message`: The email message in plain text or HTML format
+* `to`: The recipient email address. If not provided, the user's email address will be used
 | `unlink-user` | Unlink the user from one or more external Identity Providers a|
 * `idp`: One or more Identity Provider aliases to unlink. This can be:
 ** Single value
-** List of values (i.e., `["value", "value2"]`) 
+** List of values (e.g., `[value1, value2]`)
 ** `*` to unlink user from all linked Identity Providers
-| `notify-user` | Notify the user by email a|
-- `subject`: The email subject
-- `message`: The email message in plain text or HTML format
-- `to`: The recipient email address. If not provided, the user's email address will be used
-| `set-user-attribute` | Set an attribute to the user. Allows providing multiple `<name>`/`<value>` pairs a|
-- `<name>`: The attribute name
-- `<value>`: The value of the attribute
+| `disable-user` | Disable the user | None
+| `delete-user` | Delete the user | None
+|===
+
+[[_workflow_client_steps_]]
+== Client steps
+
+[cols="3*", options="header"]
+|===
+|Step
+|Description
+|Configuration
+| `delete-client` | Delete the client | None
+| `disable-client` | Disable the client | None
 |===
 
 [[_workflow_immediate_steps_]]

docs/documentation/server_admin/topics/workflows/understanding-workflow-definition.adoc

@@ -24,7 +24,7 @@ steps:
            Best regards,<br/>
            ${realm.displayName} Team
         </p>
-  - uses: set-user-required-action
+  - uses: add-required-action
     after: 30d
     with:
       action: UPDATE_PASSWORD
@@ -40,7 +40,7 @@ It is composed of three main sections:
 *   `on`: The event that will trigger the workflow. In this case, the workflow is triggered when a new user is added to the realm.
 *   `steps`: A set of one or more steps to be executed when executing a workflow execution. In this example, three steps are defined:
     1. The first step uses the built-in `notify-user` action to send a welcome message to the new user.
-    2. The second step uses the built-in `set-user-required-action` action to require the user to update their password after 30 days.
+    2. The second step uses the built-in `add-required-action` action to require the user to update their password after 30 days.
     3. The third step uses the built-in `restart` action to restart the workflow from the second step so that the user is forced to update their password every 30 days.
 
 Here is a more detailed look at all settings available from the workflow definition:

services/src/main/java/org/keycloak/models/workflow/AddRequiredActionStepProviderFactory.java

@@ -7,7 +7,7 @@ import org.keycloak.models.KeycloakSession;
 
 public class AddRequiredActionStepProviderFactory implements WorkflowStepProviderFactory<AddRequiredActionStepProvider> {
 
-    public static final String ID = "set-user-required-action";
+    public static final String ID = "add-required-action";
 
     @Override
     public AddRequiredActionStepProvider create(KeycloakSession session, ComponentModel model) {

services/src/main/java/org/keycloak/models/workflow/RemoveRequiredActionStepProviderFactory.java

@@ -7,7 +7,7 @@ import org.keycloak.models.KeycloakSession;
 
 public class RemoveRequiredActionStepProviderFactory implements WorkflowStepProviderFactory<RemoveRequiredActionStepProvider> {
 
-    public static final String ID = "remove-user-required-action";
+    public static final String ID = "remove-required-action";
 
     @Override
     public RemoveRequiredActionStepProvider create(KeycloakSession session, ComponentModel model) {