Skip to main content

Realm Admin Service Account API

The RealmAdminServiceAccountHandle class extends the ServiceAccountHandle class and provides a specialized API for managing realm admin service account clients in Keycloak. These clients are configured with realm management roles for administrative access.

Class: RealmAdminServiceAccountHandle

Constructor

constructor(core: KeycloakAdminClient, realmHandle: RealmHandle, clientId: string)
  • Parameters:
    • core: An instance of KeycloakAdminClient.
    • realmHandle: A handle to the realm where the client resides.
    • clientId: The ID of the realm admin service account client to manage.

Instance Methods

create(data: RealmAdminServiceAccountInputData)

Creates a new realm admin service account client and assigns realm management roles.

public async create(data: RealmAdminServiceAccountInputData)
  • Parameters:
    • data: The data for the new realm admin service account client.
  • Throws: An error if the client already exists or if realm management roles cannot be assigned.

update(data: RealmAdminServiceAccountInputData)

Updates the realm admin service account client's details and ensures realm management roles are assigned.

public async update(data: RealmAdminServiceAccountInputData)
  • Parameters:
    • data: The updated data for the realm admin service account client.
  • Throws: An error if the client does not exist or if realm management roles cannot be assigned.

ensure(data: RealmAdminServiceAccountInputData)

Ensures the realm admin service account client exists. If it does, updates it; otherwise, creates it. Also ensures realm management roles are assigned.

public async ensure(data: RealmAdminServiceAccountInputData)
  • Parameters:
    • data: The data for the realm admin service account client.

Protected Methods

addRealmManagementMappings()

Assigns realm management roles to the service account user.

protected async addRealmManagementMappings()

  • Throws: An error if the realm management client or roles cannot be found, or if the service account user does not exist.

  • Details:

    • For the master realm:
      • Assigns the manage-realm role from the master-realm client.
    • For other realms:
      • Assigns the realm-admin role from the realm-management client.

Types

RealmAdminServiceAccountInputData

The input data type for creating or updating a realm admin service account client.

export type RealmAdminServiceAccountInputData = ServiceAccountInputData;

This API provides a specialized interface for managing realm admin service account clients in Keycloak, ensuring they are configured with the appropriate roles for administrative access.