keycloak · mposolda · Aug 12, 2024 · Aug 12, 2024
diff --git a/.github/scripts/sync-keycloak-sources.sh b/.github/scripts/sync-keycloak-sources.sh
@@ -21,6 +21,11 @@ function syncFiles() {
   MODULE=$1;
   echo_header "Syncing files in the module $MODULE";
   cd $MODULE
+
+  # Remove the existing files before sync
+  rm -rf src/main/java/*
+  rm -rf src/main/resources/*
+
   mvn clean install -Psync
   mv target/unpacked/* src/main/java/
 

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -20,7 +20,7 @@ jobs:
     timeout-minutes: 30
     strategy:
       matrix:
-        keycloak_server_version: [ "25.0", "nightly" ]
+        keycloak_server_version: [ "24.0", "25.0", "nightly" ]
     steps:
       - uses: actions/checkout@v4
 

diff --git a/README.md b/README.md
@@ -2,6 +2,24 @@
 
 Keycloak-client java modules
 
+The files in the modules:
+
+* [admin-client](admin-client)
+* [admin-client-jee](admin-client-jee)
+* [authz-client](authz-client)
+* [policy-enforcer](policy-enforcer)
+
+are not "owned" by this repository and hence the Java files should ideally not be directly updated. Those files are "owned" by the [main Keycloak server repository](https://github.com/keycloak/keycloak)
+and hence are supposed to be updated there (whenever needed) and synced into this repository by the bash script [sync-keycloak-sources.sh](.github/scripts/sync-keycloak-sources.sh)
+
+## Syncing the files from Keycloak repository
+
+* Checkout [main Keycloak server repository](https://github.com/keycloak/keycloak) and build it on your laptop to make sure latest Keycloak stuff available in your local maven repository.
+
+* Run [sync-keycloak-sources.sh](.github/scripts/sync-keycloak-sources.sh)
+
+* Send PR with the changes to update corresponding branch (usually `main`) of [Keycloak client repository](https://github.com/keycloak/keycloak-client)
+
 ## Building the project
 
 ```

diff --git a/admin-client-jee/src/main/java/org/keycloak/OAuth2Constants.java b/admin-client-jee/src/main/java/org/keycloak/OAuth2Constants.java
@@ -152,6 +152,8 @@ public interface OAuth2Constants {
     String ISSUER = "iss";
 
     String AUTHENTICATOR_METHOD_REFERENCE = "amr";
+
+    String CNF = "cnf";
 }
 
 
diff --git a/admin-client-jee/src/main/java/org/keycloak/admin/client/JacksonProvider.java b/admin-client-jee/src/main/java/org/keycloak/admin/client/JacksonProvider.java
@@ -1,6 +1,20 @@
 package org.keycloak.admin.client;
 
+import javax.ws.rs.core.MediaType;
+
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider;
 
 public class JacksonProvider extends ResteasyJackson2Provider {
+
+    @Override
+    public ObjectMapper locateMapper(Class<?> type, MediaType mediaType) {
+        ObjectMapper objectMapper = super.locateMapper(type, mediaType);
+
+        // Same like JSONSerialization class. Makes it possible to use admin-client against older versions of Keycloak server where the properties on representations might be different
+        objectMapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
+
+        return objectMapper;
+    }
 }
diff --git a/...ient-jee/src/main/java/org/keycloak/admin/client/resource/OrganizationMemberResource.java b/...ient-jee/src/main/java/org/keycloak/admin/client/resource/OrganizationMemberResource.java
@@ -17,19 +17,28 @@
 
 package org.keycloak.admin.client.resource;
 
+import java.util.List;
+
 import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
+import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
-import org.keycloak.representations.idm.UserRepresentation;
+import org.keycloak.representations.idm.MemberRepresentation;
+import org.keycloak.representations.idm.OrganizationRepresentation;
 
 public interface OrganizationMemberResource {
 
     @GET
     @Produces(MediaType.APPLICATION_JSON)
-    UserRepresentation toRepresentation();
+    MemberRepresentation toRepresentation();
 
     @DELETE
     Response delete();
+
+    @Path("organizations")
+    @GET
+    @Produces(MediaType.APPLICATION_JSON)
+    List<OrganizationRepresentation> getOrganizations();
 }
diff --git a/...ent-jee/src/main/java/org/keycloak/admin/client/resource/OrganizationMembersResource.java b/...ent-jee/src/main/java/org/keycloak/admin/client/resource/OrganizationMembersResource.java
@@ -29,8 +29,8 @@
 import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
+import org.keycloak.representations.idm.MemberRepresentation;
 import org.keycloak.representations.idm.OrganizationRepresentation;
-import org.keycloak.representations.idm.UserRepresentation;
 
 public interface OrganizationMembersResource {
 
@@ -45,7 +45,7 @@ public interface OrganizationMembersResource {
      */
     @GET
     @Produces(MediaType.APPLICATION_JSON)
-    List<UserRepresentation> getAll();
+    List<MemberRepresentation> getAll();
 
     /**
      * Return all organization members that match the specified filters.
@@ -60,18 +60,13 @@ public interface OrganizationMembersResource {
      */
     @GET
     @Produces(MediaType.APPLICATION_JSON)
-    List<UserRepresentation> search(
+    List<MemberRepresentation> search(
             @QueryParam("search") String search,
             @QueryParam("exact") Boolean exact,
             @QueryParam("first") Integer first,
             @QueryParam("max") Integer max
     );
 
-    @Path("{id}/organization")
-    @GET
-    @Produces(MediaType.APPLICATION_JSON)
-    OrganizationRepresentation getOrganization(@PathParam("id") String id);
-
     @Path("{id}")
     OrganizationMemberResource member(@PathParam("id") String id);
 

diff --git a/admin-client-jee/src/main/java/org/keycloak/representations/idm/MemberRepresentation.java b/admin-client-jee/src/main/java/org/keycloak/representations/idm/MemberRepresentation.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2024 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.representations.idm;
+
+public class MemberRepresentation extends UserRepresentation {
+
+    private MembershipType membershipType;
+
+    public MemberRepresentation() {
+        super();
+    }
+
+    public MemberRepresentation(UserRepresentation user) {
+        super(user);
+    }
+
+    public MembershipType getMembershipType() {
+        return membershipType;
+    }
+
+    public void setMembershipType(MembershipType membershipType) {
+        this.membershipType = membershipType;
+    }
+}
diff --git a/admin-client-jee/src/main/java/org/keycloak/representations/idm/MembershipType.java b/admin-client-jee/src/main/java/org/keycloak/representations/idm/MembershipType.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2024 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.representations.idm;
+
+public enum MembershipType {
+
+    /**
+     * Indicates that member can exist without group/organization.
+     */
+    UNMANAGED,
+
+    /**
+     * Indicates that member cannot exist without group/organization.
+     */
+    MANAGED;
+}
diff --git a/...client-jee/src/main/java/org/keycloak/representations/idm/OrganizationRepresentation.java b/...client-jee/src/main/java/org/keycloak/representations/idm/OrganizationRepresentation.java
@@ -34,7 +34,7 @@ public class OrganizationRepresentation {
     private String description;
     private Map<String, List<String>> attributes;
     private Set<OrganizationDomainRepresentation> domains;
-    private List<UserRepresentation> members;
+    private List<MemberRepresentation> members;
     private List<IdentityProviderRepresentation> identityProviders;
 
     public String getId() {
@@ -119,19 +119,19 @@ public void removeDomain(OrganizationDomainRepresentation domain) {
         getDomains().remove(domain);
     }
 
-    public List<UserRepresentation> getMembers() {
+    public List<MemberRepresentation> getMembers() {
         return members;
     }
 
-    public void setMembers(List<UserRepresentation> members) {
+    public void setMembers(List<MemberRepresentation> members) {
         this.members = members;
     }
 
-    public void addMember(UserRepresentation user) {
+    public void addMember(MemberRepresentation member) {
         if (members == null) {
             members = new ArrayList<>();
         }
-        members.add(user);
+        members.add(member);
     }
 
     public List<IdentityProviderRepresentation> getIdentityProviders() {

diff --git a/admin-client-jee/src/main/java/org/keycloak/representations/idm/UserRepresentation.java b/admin-client-jee/src/main/java/org/keycloak/representations/idm/UserRepresentation.java
@@ -52,6 +52,43 @@ public class UserRepresentation extends AbstractUserRepresentation{
     protected List<String> groups;
     private Map<String, Boolean> access;
 
+    public UserRepresentation() {
+    }
+
+    public UserRepresentation(UserRepresentation rep) {
+        // AbstractUserRepresentation
+        this.id = rep.getId();
+        this.username = rep.getUsername();
+        this.firstName = rep.getFirstName();
+        this.lastName = rep.getLastName();
+        this.email = rep.getEmail();
+        this.emailVerified = rep.isEmailVerified();
+        this.attributes = rep.getAttributes();
+        this.setUserProfileMetadata(rep.getUserProfileMetadata());
+
+        this.self = rep.getSelf();
+        this.origin = rep.getOrigin();
+        this.createdTimestamp = rep.getCreatedTimestamp();
+        this.enabled = rep.isEnabled();
+        this.totp = rep.isTotp();
+        this.federationLink = rep.getFederationLink();
+        this.serviceAccountClientId = rep.getServiceAccountClientId();
+        this.credentials = rep.getCredentials();
+        this.disableableCredentialTypes = rep.getDisableableCredentialTypes();
+        this.requiredActions = rep.getRequiredActions();
+        this.federatedIdentities = rep.getFederatedIdentities();
+        this.realmRoles = rep.getRealmRoles();
+        this.clientRoles = rep.getClientRoles();
+        this.clientConsents = rep.getClientConsents();
+        this.notBefore = rep.getNotBefore();
+
+        this.applicationRoles = rep.getApplicationRoles();
+        this.socialLinks = rep.getSocialLinks();
+
+        this.groups = rep.getGroups();
+        this.access = rep.getAccess();
+    }
+
     public String getSelf() {
         return self;
     }

diff --git a/admin-client/src/main/java/org/keycloak/OAuth2Constants.java b/admin-client/src/main/java/org/keycloak/OAuth2Constants.java
@@ -152,6 +152,8 @@ public interface OAuth2Constants {
     String ISSUER = "iss";
 
     String AUTHENTICATOR_METHOD_REFERENCE = "amr";
+
+    String CNF = "cnf";
 }
 
 
diff --git a/admin-client/src/main/java/org/keycloak/admin/client/JacksonProvider.java b/admin-client/src/main/java/org/keycloak/admin/client/JacksonProvider.java
@@ -1,6 +1,20 @@
 package org.keycloak.admin.client;
 
+import jakarta.ws.rs.core.MediaType;
+
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider;
 
 public class JacksonProvider extends ResteasyJackson2Provider {
+
+    @Override
+    public ObjectMapper locateMapper(Class<?> type, MediaType mediaType) {
+        ObjectMapper objectMapper = super.locateMapper(type, mediaType);
+
+        // Same like JSONSerialization class. Makes it possible to use admin-client against older versions of Keycloak server where the properties on representations might be different
+        objectMapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
+
+        return objectMapper;
+    }
 }
diff --git a/...n-client/src/main/java/org/keycloak/admin/client/resource/OrganizationMemberResource.java b/...n-client/src/main/java/org/keycloak/admin/client/resource/OrganizationMemberResource.java
@@ -17,19 +17,28 @@
 
 package org.keycloak.admin.client.resource;
 
+import java.util.List;
+
 import jakarta.ws.rs.DELETE;
 import jakarta.ws.rs.GET;
+import jakarta.ws.rs.Path;
 import jakarta.ws.rs.Produces;
 import jakarta.ws.rs.core.MediaType;
 import jakarta.ws.rs.core.Response;
-import org.keycloak.representations.idm.UserRepresentation;
+import org.keycloak.representations.idm.MemberRepresentation;
+import org.keycloak.representations.idm.OrganizationRepresentation;
 
 public interface OrganizationMemberResource {
 
     @GET
     @Produces(MediaType.APPLICATION_JSON)
-    UserRepresentation toRepresentation();
+    MemberRepresentation toRepresentation();
 
     @DELETE
     Response delete();
+
+    @Path("organizations")
+    @GET
+    @Produces(MediaType.APPLICATION_JSON)
+    List<OrganizationRepresentation> getOrganizations();
 }
diff --git a/...-client/src/main/java/org/keycloak/admin/client/resource/OrganizationMembersResource.java b/...-client/src/main/java/org/keycloak/admin/client/resource/OrganizationMembersResource.java
@@ -29,8 +29,8 @@
 import jakarta.ws.rs.QueryParam;
 import jakarta.ws.rs.core.MediaType;
 import jakarta.ws.rs.core.Response;
+import org.keycloak.representations.idm.MemberRepresentation;
 import org.keycloak.representations.idm.OrganizationRepresentation;
-import org.keycloak.representations.idm.UserRepresentation;
 
 public interface OrganizationMembersResource {
 
@@ -45,7 +45,7 @@ public interface OrganizationMembersResource {
      */
     @GET
     @Produces(MediaType.APPLICATION_JSON)
-    List<UserRepresentation> getAll();
+    List<MemberRepresentation> getAll();
 
     /**
      * Return all organization members that match the specified filters.
@@ -60,18 +60,13 @@ public interface OrganizationMembersResource {
      */
     @GET
     @Produces(MediaType.APPLICATION_JSON)
-    List<UserRepresentation> search(
+    List<MemberRepresentation> search(
             @QueryParam("search") String search,
             @QueryParam("exact") Boolean exact,
             @QueryParam("first") Integer first,
             @QueryParam("max") Integer max
     );
 
-    @Path("{id}/organization")
-    @GET
-    @Produces(MediaType.APPLICATION_JSON)
-    OrganizationRepresentation getOrganization(@PathParam("id") String id);
-
     @Path("{id}")
     OrganizationMemberResource member(@PathParam("id") String id);