Keycloak Admin REST API Client
PHP client to interact with Keycloak's Admin REST API.
Inspired by keycloak/keycloak-nodejs-admin-client.
Installation
Install via Composer:
composer require fschmtt/keycloak-rest-api-client-phpUsage
Example:
$keycloak = new \Fschmtt\Keycloak\Keycloak(
baseUrl: 'http://keycloak:8080',
username: 'admin',
password: 'admin'
);
$serverInfo = $keycloak->serverInfo()->get();
echo sprintf(
'Keycloak %s is running on %s/%s (%s) with %s/%s since %s and is currently using %s of %s (%s %%) memory.',
$serverInfo->getSystemInfo()->getVersion(),
$serverInfo->getSystemInfo()->getOsName(),
$serverInfo->getSystemInfo()->getOsVersion(),
$serverInfo->getSystemInfo()->getOsArchitecture(),
$serverInfo->getSystemInfo()->getJavaVm(),
$serverInfo->getSystemInfo()->getJavaVersion(),
$serverInfo->getSystemInfo()->getUptime(),
$serverInfo->getMemoryInfo()->getUsedFormated(),
$serverInfo->getMemoryInfo()->getTotalFormated(),
100 - $serverInfo->getMemoryInfo()->getFreePercentage(),
);will print e.g.
Keycloak 23.0.0 is running on Linux/5.10.25-linuxkit (amd64) with OpenJDK 64-Bit Server VM/11.0.11 since 0 days, 2 hours, 37 minutes, 7 seconds and is currently using 139 MB of 512 MB (28 %) memory.
More examples can be found in the examples directory.
Available Resources
Attack Detection
| Endpoint | Response | API |
|---|---|---|
DELETE /admin/realms/{realm}/attack-detection/brute-force/users |
n/a |
AttackDetection::clear() |
GET /admin/realms/{realm}/attack-detection/brute-force/users/{userId} |
Map | AttackDetection::userStatus() |
DELETE /admin/realms/{realm}/attack-detection/brute-force/users/{userId} |
n/a |
AttackDetection::clearUser() |
Clients
| Endpoint | Response | API |
|---|---|---|
GET /admin/realms/{realm}/clients |
ClientCollection | Clients::all() |
GET /admin/realms/{realm}/clients/{id} |
Client | Clients::get() |
PUT /admin/realms/{realm}/clients/{id} |
Client | Clients::update() |
POST /admin/realms/{realm}/clients |
Client | Clients::import() |
Groups
| Endpoint | Response | API |
|---|---|---|
GET /admin/realms/{realm}/groups |
GroupCollection | Groups::all() |
GET /admin/realms/{realm}/groups/{id} |
Group | Groups::get() |
PUT /admin/realms/{realm}/groups/{id} |
n/a |
Groups::update() |
POST /admin/realms/{realm}/groups |
n/a |
Groups::import() |
DELETE /admin/realms/{realm}/groups |
n/a |
Groups::delete() |
Realms Admin
| Endpoint | Response | API |
|---|---|---|
POST /admin/realms |
Realm | Realms::import() |
GET /admin/realms |
RealmCollection | Realms::all() |
PUT /admin/realms/{realm} |
Realm | Realms::update() |
DELETE /admin/realms/{realm} |
n/a |
Realms::delete() |
GET /admin/realms/{realm}/admin-events |
array |
Realms::adminEvents() |
DELETE /admin/realms/{realm}/admin-events |
n/a |
Realms::deleteAdminEvents() |
POST /admin/realms/{realm}/clear-keys-cache |
n/a |
Realms::clearKeysCache() |
POST /admin/realms/{realm}/clear-realm-cache |
n/a |
Realms::clearRealmCache() |
POST /admin/realms/{realm}/clear-user-cache |
n/a |
Realms::clearUserCache() |
Users
| Endpoint | Response | API |
|---|---|---|
GET /admin/realms/{realm}/users |
UserCollection | Users::all() |
POST /admin/realms/{realm}/users |
n/a |
Users::create() |
GET /admin/realms/{realm}/users/{userId} |
User | Users::get() |
PUT /admin/realms/{realm}/users/{userId} |
n/a |
Users::update() |
DELETE /admin/realms/{realm}/users/{userId} |
n/a |
Users::delete() |
GET /admin/realms/{realm}/users |
UserCollection | Users::search() |
PUT /{realm}/users/{id}/groups/{groupId} |
n/a |
Users::joinGroup() |
DELETE /{realm}/users/{id}/groups/{groupId} |
n/a |
Users::leaveGroup() |
GET /{realm}/users/{id}/groups |
GroupCollection | Users::retrieveGroups() |
GET /{realm}/users/{id}/role-mappings/realm |
RoleCollection | Users::retrieveRealmRoles() |
GET /{realm}/users/{id}/role-mappings/realm/available |
RoleCollection | Users::retrieveAvailableRealmRoles() |
POST /{realm}/users/{id}/role-mappings/realm |
n/a |
Users::addRealmRoles() |
DELETE /{realm}/users/{id}/role-mappings/realm |
n/a |
Users::removeRealmRoles() |
PUT /{realm}/users/{id}/execute-actions-email |
n/a |
Users::executeActionsEmail() |
Roles
| Endpoint | Response | API |
|---|---|---|
GET /admin/realms/{realm}/roles |
RoleCollection | Roles::all() |
GET /admin/realms/{realm}/roles/{roleName} |
Role | Roles::get() |
POST /admin/realms/{realm}/roles |
n/a |
Roles::create() |
DELETE /admin/realms/{realm}/roles/{roleName} |
n/a |
Roles::delete() |
Root
| Endpoint | Response | API |
|---|---|---|
GET /admin/serverinfo |
ServerInfo | ServerInfo::get() |
Local development and testing
Run docker compose up -d keycloak to start a local Keycloak instance listening on http://localhost:8080.
Run your script (e.g. examples/serverinfo.php) from within the php container:
docker compose run --rm php php examples/serverinfo.phpComposer scripts
analyze: Run phpstan analysisecs: Run Easy Coding Standard (ECS)ecs:fix: Fix Easy Coding Standard (ECS) errorstest: Run unit and integration teststest:unit: Run unit teststest:integration: Run integration tests (requires a fresh and running Keycloak instance)