TypeScript wrapper for the Keycloak Admin API

Provision Keycloak with code that reads like intent.

Keycloak Fluent turns the official admin client into a fluent DSL for realms, users, clients, authentication flows, organizations, and operational endpoints. The docs now track the real API surface exercised in `src` and `tests`.

Open Quick Start Browse API Reference Browse Examples

Realms, users, clients, and mappersAuthentication flows and organizationsOperational helpers for admin automation

Built on top of the official Keycloak admin client

Docs now reflect the current src and tests surface area

Readable enough for one-off scripts, structured enough for production automation

provision.ts

import KeycloakAdminClientFluent from '@egose/keycloak-fluent';

const kc = new KeycloakAdminClientFluent({
  baseUrl: 'http://localhost:8080',
  realmName: 'master',
});

await kc.simpleAuth({
  username: 'admin',
  password: 'admin', // pragma: allowlist secret
});

const realm = await kc.realm('demo').ensure({
  displayName: 'Demo Realm',
});

const user = await realm.user('alice').ensure({
  email: 'alice@example.com',
  enabled: true,
});

await realm.organization('acme').ensure({ name: 'Acme Corp' });
await realm.authenticationFlow('browser-copy').copy('browser-copy-v2');
await realm.cache().clearUserCache();
await kc.whoAmI('master').get();

Why teams use it

The official client, with a better working surface for automation.

Provision With Handles, Not Request Plumbing

Start from a realm and move through users, groups, roles, clients, identity providers, organizations, workflows, and authentication flows with resource-scoped handles.

Idempotent Scripts By Default

Use ensure and discard to write repeatable setup code for local environments, CI jobs, migrations, and tenant provisioning.

Operational Helpers Included

The fluent layer also covers cache maintenance, attack detection, user storage provider sync, client policies, server info, and who-am-i lookups.

Current coverage

More than CRUD wrappers.

The landing page and docs now line up with the actual codebase. That includes the resource handles people expect, plus the operational endpoints that usually force teams back into raw admin client calls.

Core resources

realms
users
groups
roles
clients
client scopes

Identity and login

identity providers
identity provider mappers
protocol mappers
service accounts

Realm operations

authentication flows
organizations
workflows
components
events
sessions

System helpers

cache
attack detection
client policies
server info
who am i

Start here

Quick Start

Install the package, authenticate with `simpleAuth`, and create your first realm-scoped handles.

Explore surface area

API Reference

Jump straight into root helpers, realm handles, identity provider mappers, workflows, and system endpoints.

See the flow

Example Guides

Start from an overview, then jump into focused walkthroughs for realm bootstrap, identity setup, clients, and mappers.

Readable automation

Keep the power of Keycloak admin APIs without carrying the ceremony everywhere.

Use the fluent handles for day-to-day provisioning, and drop down to the underlying client whenever you need something lower level. The library stays close to Keycloak instead of inventing a parallel model.

Read Philosophy GitHub Repository