keycloak(feat): add recipes for client management
This commit is contained in:
Masaki Yatsu
@@ -191,6 +191,16 @@ delete-realm realm:
|
||||
export KEYCLOAK_REALM_TO_DELETE={{ realm }}
|
||||
dotenvx run -q -f ../.env.local -- tsx ./scripts/delete-realm.ts
|
||||
|
||||
# Check if Keycloak client exists
|
||||
client-exists realm client_id:
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
export KEYCLOAK_ADMIN_USER=$(just admin-username)
|
||||
export KEYCLOAK_ADMIN_PASSWORD=$(just admin-password)
|
||||
export KEYCLOAK_REALM={{ realm }}
|
||||
export KEYCLOAK_CLIENT_ID={{ client_id }}
|
||||
dotenvx run -q -f ../.env.local -- tsx ./scripts/client-exists.ts
|
||||
|
||||
# Create Keycloak client
|
||||
create-client realm client_id redirect_url client_secret='' session_idle='' session_max='':
|
||||
#!/bin/bash
|
||||
@@ -243,6 +253,30 @@ add-attribute-mapper client_id attribute_name display_name='' claim_name='' opti
|
||||
export ATTRIBUTE_EDIT_PERMISSIONS="{{ edit_perms }}"
|
||||
dotenvx run -q -f ../.env.local -- tsx ./scripts/add-attribute-mapper.ts
|
||||
|
||||
# Add client roles mapper for Keycloak client
|
||||
add-client-roles-mapper client_id claim_name='client_roles' mapper_name='':
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
export KEYCLOAK_ADMIN_USER=$(just keycloak::admin-username)
|
||||
export KEYCLOAK_ADMIN_PASSWORD=$(just keycloak::admin-password)
|
||||
export KEYCLOAK_REALM=${KEYCLOAK_REALM}
|
||||
export CLIENT_ID={{ client_id }}
|
||||
export CLAIM_NAME="{{ claim_name }}"
|
||||
export MAPPER_NAME="{{ mapper_name }}"
|
||||
dotenvx run -q -f ../.env.local -- tsx ./scripts/add-client-roles-mapper.ts
|
||||
|
||||
# Update client roles mapper for Keycloak client (force recreation)
|
||||
update-client-roles-mapper client_id claim_name='client_roles' mapper_name='':
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
export KEYCLOAK_ADMIN_USER=$(just keycloak::admin-username)
|
||||
export KEYCLOAK_ADMIN_PASSWORD=$(just keycloak::admin-password)
|
||||
export KEYCLOAK_REALM=${KEYCLOAK_REALM}
|
||||
export CLIENT_ID={{ client_id }}
|
||||
export CLAIM_NAME="{{ claim_name }}"
|
||||
export MAPPER_NAME="{{ mapper_name }}"
|
||||
dotenvx run -q -f ../.env.local -- tsx ./scripts/update-client-roles-mapper.ts
|
||||
|
||||
# Add Keycloak client groups mapper
|
||||
add-groups-mapper client_id:
|
||||
#!/bin/bash
|
||||
@@ -495,6 +529,59 @@ add-user-to-client-role realm username client_id role_name:
|
||||
export KEYCLOAK_ROLE_NAME={{ role_name }}
|
||||
dotenvx run -q -f ../.env.local -- tsx ./scripts/add-user-to-client-role.ts
|
||||
|
||||
# List user's client roles
|
||||
list-user-client-roles realm username client_id:
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
export KEYCLOAK_ADMIN_USER=$(just admin-username)
|
||||
export KEYCLOAK_ADMIN_PASSWORD=$(just admin-password)
|
||||
export KEYCLOAK_REALM={{ realm }}
|
||||
export USERNAME={{ username }}
|
||||
export KEYCLOAK_CLIENT_ID={{ client_id }}
|
||||
dotenvx run -q -f ../.env.local -- tsx ./scripts/list-user-client-roles.ts
|
||||
|
||||
# Get user token information and client configuration
|
||||
get-user-token-info realm username client_id:
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
export KEYCLOAK_ADMIN_USER=$(just admin-username)
|
||||
export KEYCLOAK_ADMIN_PASSWORD=$(just admin-password)
|
||||
export KEYCLOAK_REALM={{ realm }}
|
||||
export USERNAME={{ username }}
|
||||
export KEYCLOAK_CLIENT_ID={{ client_id }}
|
||||
dotenvx run -q -f ../.env.local -- tsx ./scripts/get-user-token.ts
|
||||
|
||||
# Get client secret from Keycloak
|
||||
get-client-secret realm client_id:
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
export KEYCLOAK_ADMIN_USER=$(just admin-username)
|
||||
export KEYCLOAK_ADMIN_PASSWORD=$(just admin-password)
|
||||
export KEYCLOAK_REALM={{ realm }}
|
||||
export KEYCLOAK_CLIENT_ID={{ client_id }}
|
||||
dotenvx run -q -f ../.env.local -- tsx ./scripts/get-client-secret.ts
|
||||
|
||||
# Check detailed mapper configuration
|
||||
check-mapper-details realm client_id:
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
export KEYCLOAK_ADMIN_USER=$(just admin-username)
|
||||
export KEYCLOAK_ADMIN_PASSWORD=$(just admin-password)
|
||||
export KEYCLOAK_REALM={{ realm }}
|
||||
export KEYCLOAK_CLIENT_ID={{ client_id }}
|
||||
dotenvx run -q -f ../.env.local -- tsx ./scripts/check-mapper-details.ts
|
||||
|
||||
# Add client roles mapper to profile scope (generic)
|
||||
add-client-roles-to-profile-scope realm client_id claim_name='client_roles':
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
export KEYCLOAK_ADMIN_USER=$(just admin-username)
|
||||
export KEYCLOAK_ADMIN_PASSWORD=$(just admin-password)
|
||||
export KEYCLOAK_REALM={{ realm }}
|
||||
export KEYCLOAK_CLIENT_ID={{ client_id }}
|
||||
export CLAIM_NAME="{{ claim_name }}"
|
||||
dotenvx run -q -f ../.env.local -- tsx ./scripts/add-client-roles-to-profile-scope.ts
|
||||
|
||||
# Remove user from client role
|
||||
remove-user-from-client-role realm username client_id role_name:
|
||||
#!/bin/bash
|
||||
|
||||
Reference in New Issue
Block a user