npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

keycloak-api-manager

v6.0.4

Published

Enhanced Node.js wrapper for Keycloak Admin REST API. Professional alternative to @keycloak/keycloak-admin-client with advanced features, bug fixes, automatic token refresh, Organizations API support, fine-grained permissions, and comprehensive resource m

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

aromaninoaromanino

Keywords

keycloakkeycloak-admin-clientkeycloak-adminadmin-rest-apikeycloak-wrapperalternativerest-apiadmin-clientuser-managementrealm-managementauthenticationauthorizationfine-grained-permissionsorganizationsssooauth2oidcidentity-providerldapfederationrolesgroupsclientsscopessession-managementtoken-refreshadmin-apiexpressnodejs

Readme

Keycloak API Manager

keycloak-api-manager is a Node.js wrapper around the Keycloak Admin REST API. It provides a stable, function-oriented interface for managing Keycloak resources in code, scripts, and CI/CD pipelines.

What You Can Manage

  • Realms
  • Users
  • Roles (realm/client/composite)
  • Groups and group permissions
  • Clients and client scopes
  • Identity Providers
  • Components
  • Authentication flows and required actions
  • Attack detection (brute force endpoints)
  • Organizations (Keycloak 25+)
  • User Profile config (Keycloak 15+)
  • Client Policies and Profiles
  • Server Info

Installation

npm install keycloak-api-manager

OIDC Deprecation Notice

DEPRECATION NOTICE (v6.0.0): The OIDC authentication methods (login(), loginPKCE(), generateAuthorizationUrl(), auth()) have been deprecated and moved to keycloak-express-middleware.

This package is now exclusively for Keycloak admin resource management. For user authentication flows, use keycloak-express-middleware instead.

See OIDC_MIGRATION_PLAN.md for migration details.

Quick Start

const KeycloakManager = require('keycloak-api-manager');

await KeycloakManager.configure({
  baseUrl: 'https://your-keycloak-host:8443',
  realmName: 'master',
  clientId: 'admin-cli',
  username: 'admin',
  password: 'admin',
  grantType: 'password',
  tokenLifeSpan: 60
});

// Alternative after configure(): update runtime context (for example realm)
// without re-authenticating or calling configure() again.
KeycloakManager.setConfig({ realmName: 'my-realm' });

const users = await KeycloakManager.users.find({ max: 20 });
console.log(users.length);

KeycloakManager.stop();

Keycloak Feature Flags

Some APIs exposed by this package depend on Keycloak server features that are disabled by default. Enable these flags when you want full endpoint coverage (local dev, CI, or production environments that use these modules):

--features=admin-fine-grained-authz:v1,organization,client-policies

What each flag is for:

  • admin-fine-grained-authz:v1: enables management-permissions endpoints used by group/user fine-grained permission flows.
  • organization: enables Organizations APIs.
  • client-policies: enables Client Policies and Client Profiles APIs.

When you can skip them:

  • If you only use core admin operations (for example realms/users/clients CRUD), the package still works without these flags.
  • If you use organizations, clientPolicies, or management-permissions methods, these flags are required.

Why admin-fine-grained-authz:v1 in Keycloak 26.x

In Keycloak 26.x, the management-permissions APIs used by this package are compatible with the v1 variant, so admin-fine-grained-authz:v1 is the recommended setting.

Example (Docker)

docker run -d --name keycloak \
  -p 8080:8080 \
  -e KEYCLOAK_ADMIN=admin \
  -e KEYCLOAK_ADMIN_PASSWORD=admin \
  -e KC_FEATURES=admin-fine-grained-authz:v1,organization,client-policies \
  quay.io/keycloak/keycloak:latest start-dev

See Keycloak Setup and Feature Flags for full setup details.

Public API Entry Points

  • configure(credentials)
  • setConfig(overrides)
  • getToken()
  • stop()

Configured handler namespaces:

  • realms
  • users
  • clients
  • clientScopes
  • identityProviders
  • groups
  • roles
  • components
  • authenticationManagement
  • attackDetection
  • organizations
  • userProfile
  • clientPolicies
  • serverInfo

Documentation Map

All documentation is centralized under docs/.

Guides

API Reference

General Documentation

Testing

npm run setup-keycloak
npm test

Or test workspace only:

npm --prefix test test

npm run setup-keycloak is an interactive helper that can start Keycloak via Docker Compose (local/remote, HTTP/HTTPS) and update the test baseUrl in config.

The suite runs against a real Keycloak instance and provisions a shared test realm during setup.

Repository Structure

Handlers/           # Keycloak resource wrappers
index.js            # Package runtime and handler wiring
index.mjs           # ESM bridge
test/
  specs/            # Test suites (core, diagnostics, matrix)
  support/          # Shared setup/bootstrap/config loaders
  config/           # default/local/secrets test configs
  docker-keycloak/  # Compose files and setup scripts
docs/               # Centralized documentation

Versioning and Compatibility

  • Package version: 6.0.3
  • Keycloak Admin client dependency: @keycloak/keycloak-admin-client
  • Main compatibility target: Keycloak 25/26

Breaking Changes in v6.0.0

See OIDC Deprecation Notice.

License

MIT