upstream/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-06-09 09:04:21 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 16
keycloak/js/libs/keycloak-admin-client/openapi.yaml
Peter Zaoral 2844fb49e2
Querying MVP in Client v2 (#48342) 
* Initial implementation of Querying for Client v2

Closes #48765

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>

* Initial implementation of Querying for Client v2

Closes #48765

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>

* Initial implementation of Querying for Client v2

Closes #48765

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>

* Initial implementation of Querying for Client v2

Closes #48765

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>

* Initial implementation of Querying for Client v2

Closes #48765

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>

---------

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2026-06-02 08:04:10 +00:00

372 lines
12 KiB
YAML
Raw Permalink Blame History

---
openapi: 3.1.0
components:
schemas:
Auth:
type: object
required:
- method
properties:
method:
type: string
pattern: \S
description: "Which authentication method is used for this client. Validation:\
\ must not be blank; valid client authenticator type is required"
secret:
type: string
minLength: 6
maxLength: 255
description: "Secret used to authenticate this client with Secret authentication.\
\ Validation: size must be between 6 and 255; on update: Client secret\
\ must not be blank"
certificate:
type: string
maxLength: 65536
description: "Public key used to authenticate this client with Signed JWT\
\ authentication. Validation: size must be between 0 and 65536"
BaseClientRepresentation:
description: Base client representation with common properties for all client
types
type: object
properties:
uuid:
type: string
description: "UUID generated by the server. Validation: on update/on patch:\
\ UUID is server-managed and must not be user-specified"
readOnly: true
clientId:
type: string
pattern: \S
minLength: 1
maxLength: 255
description: "ID uniquely identifying this client. Validation: must not\
\ be blank; size must be between 1 and 255"
displayName:
type: string
maxLength: 255
description: "Human readable name of the client. Validation: size must be\
\ between 0 and 255"
description:
type: string
maxLength: 255
description: "Human readable description of the client. Validation: size\
\ must be between 0 and 255"
enabled:
type: boolean
description: Whether this client is enabled
appUrl:
type: string
maxLength: 255
description: "URL to the application's homepage that is represented by this\
\ client. Validation: size must be between 0 and 255; must be a valid\
\ URL"
format: uri
redirectUris:
type: array
uniqueItems: true
items:
type: string
pattern: \S
maxLength: 255
maxItems: 100
description: "URIs that the browser can redirect to after login. Validation:\
\ size must be between 0 and 100; each element must not be blank, size\
\ must be between 0 and 255; Invalid redirect URI"
roles:
type: array
uniqueItems: true
items:
type: string
pattern: \S
maxLength: 255
maxItems: 300
description: "Roles associated with this client. Validation: size must be\
\ between 0 and 300; each element must not be blank, size must be between\
\ 0 and 255"
protocol:
type: string
pattern: \S
description: "Validation: on update/on patch: protocol cannot be changed\
\ for an existing client"
required:
- clientId
- protocol
discriminator:
propertyName: protocol
mapping:
openid-connect: "#/components/schemas/OIDCClientRepresentation"
saml: "#/components/schemas/SAMLClientRepresentation"
Flow:
type: string
enum:
- STANDARD
- IMPLICIT
- DIRECT_GRANT
- SERVICE_ACCOUNT
- TOKEN_EXCHANGE
- DEVICE
- CIBA
NameIdFormat:
type: string
enum:
- username
- email
- persistent
- transient
OIDCClientRepresentation:
type: object
properties:
loginFlows:
type: array
uniqueItems: true
items:
$ref: "#/components/schemas/Flow"
description: "Login flows that are enabled for this client. Validation:\
\ SERVICE_ACCOUNT and TOKEN_EXCHANGE flows require a confidential client\
\ (auth must be specified); STANDARD and IMPLICIT flows require at least\
\ one redirect URI"
auth:
$ref: "#/components/schemas/Auth"
description: Authentication configuration for this client
webOrigins:
type: array
uniqueItems: true
items:
type: string
pattern: \S
maxLength: 255
maxItems: 100
description: "Web origins that are allowed to make requests to this client.\
\ Validation: size must be between 0 and 100; each element must not be\
\ blank, size must be between 0 and 255, must be a valid web origin (scheme://host[:port]),\
\ or '+' to derive from redirect URIs, or '*' to allow all"
serviceAccountRoles:
type: array
uniqueItems: true
items:
type: string
pattern: \S
maxLength: 255
maxItems: 300
description: "Roles assigned to the service account. Validation: size must\
\ be between 0 and 300; each element must not be blank, size must be between\
\ 0 and 255; serviceAccountRoles can only be set when SERVICE_ACCOUNT\
\ flow is enabled"
protocol:
type: string
allOf:
- $ref: "#/components/schemas/BaseClientRepresentation"
SAMLClientRepresentation:
description: SAML Client configuration
type: object
properties:
nameIdFormat:
$ref: "#/components/schemas/NameIdFormat"
description: Name ID format to use for the subject
forceNameIdFormat:
type: boolean
description: Force the specified Name ID format even if the client requests
a different one
includeAuthnStatement:
type: boolean
description: Include AuthnStatement in the SAML response
signDocuments:
type: boolean
description: Sign SAML documents on the server side
signAssertions:
type: boolean
description: Sign SAML assertions
clientSignatureRequired:
type: boolean
description: Require client to sign SAML requests
forcePostBinding:
type: boolean
description: Force POST binding for SAML responses
frontChannelLogout:
type: boolean
description: Use front-channel logout (browser redirect)
signatureAlgorithm:
$ref: "#/components/schemas/SignatureAlgorithm"
description: Signature algorithm for signing SAML documents
signatureCanonicalizationMethod:
type: string
description: "Canonicalization method for XML signatures. Validation: must\
\ be a valid XML canonicalization method URI (see javax.xml.crypto.dsig.CanonicalizationMethod\
\ constants)"
signingCertificate:
type: string
maxLength: 65536
description: "X.509 certificate for signing (PEM format, without headers).\
\ Validation: size must be between 0 and 65536"
allowEcpFlow:
type: boolean
description: Allow ECP (Enhanced Client or Proxy) flow
protocol:
type: string
allOf:
- $ref: "#/components/schemas/BaseClientRepresentation"
SignatureAlgorithm:
type: string
enum:
- RSA_SHA1
- RSA_SHA256
- RSA_SHA256_MGF1
- RSA_SHA512
- RSA_SHA512_MGF1
- DSA_SHA1
securitySchemes:
bearer-auth:
type: http
scheme: bearer
bearerFormat: JWT
description: Bearer token authentication using a Keycloak access token
tags:
- name: Clients (v2)
paths:
/admin/api/{realmName}/clients/v2:
get:
summary: Get all clients
description: "Returns a list of clients in the realm, optionally filtered by\
\ a query expression"
operationId: getClients
tags:
- Clients (v2)
parameters:
- description: "Set of fields to include in the response. Must be top-level\
\ fields. If omitted or empty, all fields will be populated."
name: fields
in: query
schema:
type: array
uniqueItems: true
items:
type: string
- description: "Filter expression using SCIM-like syntax, e.g. clientId eq \"\
my-app\" and enabled eq true"
name: q
in: query
schema:
type: string
responses:
"200":
description: OK
content:
application/json:
schema:
type: array
items:
$ref: "#/components/schemas/BaseClientRepresentation"
post:
summary: Create a new client
description: Creates a new client in the realm
operationId: createClient
tags:
- Clients (v2)
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/BaseClientRepresentation"
required: true
responses:
"201":
description: Created
content:
application/json:
schema:
$ref: "#/components/schemas/BaseClientRepresentation"
parameters:
- name: realmName
in: path
required: true
schema:
type: string
/admin/api/{realmName}/clients/v2/{id}:
get:
summary: Get a client
description: Returns a single client by its clientId
operationId: getClient
tags:
- Clients (v2)
responses:
"200":
description: OK
content:
application/json:
schema:
$ref: "#/components/schemas/BaseClientRepresentation"
"404":
description: Not Found
put:
summary: Create or update a client
description: Creates or updates a client in the realm
operationId: createOrUpdateClient
tags:
- Clients (v2)
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/BaseClientRepresentation"
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
$ref: "#/components/schemas/BaseClientRepresentation"
"201":
description: Created
content:
application/json:
schema:
$ref: "#/components/schemas/BaseClientRepresentation"
patch:
summary: Patch a client
description: Partially updates a client using JSON Merge Patch
operationId: patchClient
tags:
- Clients (v2)
requestBody:
content:
application/merge-patch+json:
schema:
type: object
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
$ref: "#/components/schemas/BaseClientRepresentation"
"404":
description: Not Found
delete:
summary: Delete a client
description: Deletes a client from the realm
operationId: deleteClient
tags:
- Clients (v2)
responses:
"204":
description: Client successfully deleted
"404":
description: Not Found
parameters:
- name: realmName
in: path
required: true
schema:
type: string
- name: id
in: path
required: true
schema:
type: string
security:
- bearer-auth: []
info:
title: Keycloak API
version: 999.0.0-SNAPSHOT
Reference in a new issue View git blame Copy permalink