Skip to content

Instantly share code, notes, and snippets.

@dasniko

dasniko/account-api.yml

Created April 21, 2026 17:30
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save dasniko/86e3bd20fe13da13c6964df2cc4efd81 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save dasniko/86e3bd20fe13da13c6964df2cc4efd81 to your computer and use it in GitHub Desktop.
Download ZIP
OpenAPI Spec for Keycloak Account API
Raw
account-api.yml
openapi: 3.1.0
info:
title: Keycloak Account REST API
description: |
REST API for the Keycloak Account Management Console.
All operations require authentication via a Bearer token (OAuth 2.0 / OpenID Connect).
Derived by 🤖 Claude Code from class https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/services/resources/account/AccountRestService.java
version: '1.0'
license:
name: Apache 2.0
url: https://www.apache.org/licenses/LICENSE-2.0
servers:
- url: '{serverUrl}/realms/{realm}/account'
description: Keycloak Account REST endpoint
variables:
serverUrl:
default: 'http://localhost:8080'
realm:
default: master
security:
- bearerAuth: []
tags:
- name: Account
description: User account information
- name: Sessions
description: User session management
- name: Credentials
description: User credential management
- name: Resources
description: User-managed authorization resources (UMA)
- name: Applications
description: Client applications and consents
- name: Linked Accounts
description: Social / identity provider linked accounts
- name: Groups
description: User group memberships
- name: Organizations
description: Organization memberships (requires ORGANIZATION feature)
paths:
/:
get:
tags: [Account]
summary: Get account information
description: Returns the account information for the currently authenticated user.
operationId: getAccount
parameters:
- name: userProfileMetadata
in: query
description: Whether to include user profile metadata in the response. Defaults to true.
schema:
type: boolean
responses:
'200':
description: Account information
content:
application/json:
schema:
$ref: '#/components/schemas/UserRepresentation'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
post:
tags: [Account]
summary: Update account information
description: Updates the account information for the currently authenticated user.
operationId: updateAccount
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/UserRepresentation'
responses:
'204':
description: Account updated successfully
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
/sessions:
get:
tags: [Sessions]
summary: Get sessions
description: Returns all active sessions for the currently authenticated user.
operationId: getSessions
responses:
'200':
description: List of sessions
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/SessionRepresentation'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
delete:
tags: [Sessions]
summary: Logout from sessions
description: Logs out the user from all sessions, optionally including the current session.
operationId: logoutSessions
parameters:
- name: current
in: query
description: Whether to also remove the current session. Defaults to false.
schema:
type: boolean
default: false
responses:
'204':
description: Sessions removed
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
/sessions/devices:
get:
tags: [Sessions]
summary: Get device activity
description: Returns device activity information based on active and offline sessions.
operationId: getDevices
responses:
'200':
description: List of devices with sessions
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/DeviceRepresentation'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
/sessions/{id}:
delete:
tags: [Sessions]
summary: Logout from a specific session
description: Logs out the user from the session identified by the given ID.
operationId: logoutSession
parameters:
- name: id
in: path
required: true
description: Session ID
schema:
type: string
responses:
'204':
description: Session removed
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
/credentials:
get:
tags: [Credentials]
summary: List credential types
description: |
Returns the credential types available to the current user, limited to those
enabled in active authentication flows. Optionally includes the user's
existing credentials of each type.
operationId: getCredentials
parameters:
- name: type
in: query
description: Filter to a single credential type.
schema:
type: string
- name: user-credentials
in: query
description: Whether to include user credentials in the response. Defaults to true.
schema:
type: boolean
responses:
'200':
description: List of credential containers
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/CredentialContainer'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
/credentials/{credentialId}:
delete:
tags: [Credentials]
summary: Remove a credential
description: |
Removes a credential from the current user's account.
**Deprecated**: Use the `delete_credential` application-initiated action (AIA) instead,
e.g. by adding `kc_action=delete_credential:<credentialId>` to the login URL.
operationId: removeCredential
deprecated: true
parameters:
- name: credentialId
in: path
required: true
description: ID of the credential to remove
schema:
type: string
responses:
'204':
description: Credential removed
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
/credentials/{credentialId}/label:
put:
tags: [Credentials]
summary: Update credential label
description: Updates the user-defined label of the specified credential.
operationId: updateCredentialLabel
parameters:
- name: credentialId
in: path
required: true
description: ID of the credential to update
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
type: string
description: New user label for the credential
example: '"My Security Key"'
responses:
'204':
description: Credential label updated
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
/resources:
get:
tags: [Resources]
summary: List owned resources
description: Returns a paginated list of authorization resources owned by the current user.
operationId: getResources
parameters:
- name: name
in: query
description: Filter resources by name.
schema:
type: string
- name: first
in: query
description: Pagination offset.
schema:
type: integer
minimum: 0
- name: max
in: query
description: Maximum number of results.
schema:
type: integer
minimum: 1
responses:
'200':
description: List of owned resources
headers:
Link:
description: Pagination links (rel=next, rel=prev)
schema:
type: string
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Resource'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
/resources/shared-with-me:
get:
tags: [Resources]
summary: List resources shared with me
description: Returns a paginated list of resources that other users have shared with the current user.
operationId: getSharedWithMe
parameters:
- name: name
in: query
description: Filter resources by name.
schema:
type: string
- name: first
in: query
description: Pagination offset.
schema:
type: integer
minimum: 0
- name: max
in: query
description: Maximum number of results.
schema:
type: integer
minimum: 1
responses:
'200':
description: List of resources shared with the user
headers:
Link:
description: Pagination links (rel=next, rel=prev)
schema:
type: string
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/ResourcePermission'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
/resources/shared-with-others:
get:
tags: [Resources]
summary: List resources shared with others
description: Returns a paginated list of resources owned by the current user that have been shared with other users.
operationId: getSharedWithOthers
parameters:
- name: first
in: query
description: Pagination offset.
schema:
type: integer
minimum: 0
- name: max
in: query
description: Maximum number of results.
schema:
type: integer
minimum: 1
responses:
'200':
description: List of resources shared with others
headers:
Link:
description: Pagination links (rel=next, rel=prev)
schema:
type: string
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/ResourcePermission'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
/resources/pending-requests:
get:
tags: [Resources]
summary: List pending permission requests
description: Returns all pending permission requests made by the current user that are awaiting approval.
operationId: getPendingRequests
responses:
'200':
description: List of pending permission requests
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/ResourcePermission'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
/resources/{id}:
get:
tags: [Resources]
summary: Get resource
description: Returns a specific resource owned by the current user.
operationId: getResource
parameters:
- name: id
in: path
required: true
description: Resource ID
schema:
type: string
responses:
'200':
description: Resource
content:
application/json:
schema:
$ref: '#/components/schemas/Resource'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
/resources/{id}/permissions:
get:
tags: [Resources]
summary: Get resource permissions
description: Returns the users to whom the current user has granted access to the resource.
operationId: getResourcePermissions
parameters:
- name: id
in: path
required: true
description: Resource ID
schema:
type: string
responses:
'200':
description: List of permissions
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Permission'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
put:
tags: [Resources]
summary: Update resource permissions
description: |
Grants or revokes resource access for specific users and scopes.
Existing permissions not included in the request will be revoked.
operationId: updateResourcePermissions
parameters:
- name: id
in: path
required: true
description: Resource ID
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Permission'
responses:
'204':
description: Permissions updated
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
/resources/{id}/permissions/requests:
get:
tags: [Resources]
summary: Get permission requests for a resource
description: Returns all pending permission requests for the specified resource, awaiting the owner's approval.
operationId: getResourcePermissionRequests
parameters:
- name: id
in: path
required: true
description: Resource ID
schema:
type: string
responses:
'200':
description: List of permission requests
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Permission'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
/resources/{id}/user:
get:
tags: [Resources]
summary: Find user by username or email
description: Looks up a user by username or email address. Used to resolve users when granting resource access.
operationId: getResourceUser
parameters:
- name: id
in: path
required: true
description: Resource ID
schema:
type: string
- name: value
in: query
description: Username or email address to look up.
schema:
type: string
responses:
'200':
description: User found
content:
application/json:
schema:
$ref: '#/components/schemas/UserRepresentation'
'204':
description: No user found for the given value
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
/supportedLocales:
get:
tags: [Account]
summary: Get supported locales
description: Returns the locale codes supported by the realm.
operationId: getSupportedLocales
responses:
'200':
description: List of supported locale codes
content:
application/json:
schema:
type: array
items:
type: string
example: ["en", "de", "fr"]
'401':
$ref: '#/components/responses/Unauthorized'
/organizations:
get:
tags: [Organizations]
summary: Get organizations
description: |
Returns the organizations the current user is a member of.
Requires the `ORGANIZATION` feature to be enabled in the realm; returns 404 otherwise.
operationId: getOrganizations
responses:
'200':
description: List of organizations
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/OrganizationRepresentation'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
description: ORGANIZATION feature not enabled
/applications:
get:
tags: [Applications]
summary: List applications
description: |
Returns all client applications the current user has active sessions with,
offline sessions with, or has granted consent to, as well as clients configured
to always display in the console.
operationId: getApplications
parameters:
- name: name
in: query
description: Filter by application name (case-insensitive substring match).
schema:
type: string
responses:
'200':
description: List of client applications
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/ClientRepresentation'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
/applications/{clientId}/consent:
get:
tags: [Applications]
summary: Get consent for client
description: Returns the consent the current user has granted to the specified client application.
operationId: getConsent
parameters:
- name: clientId
in: path
required: true
description: Client ID
schema:
type: string
responses:
'200':
description: Consent
content:
application/json:
schema:
$ref: '#/components/schemas/ConsentRepresentation'
'204':
description: No consent found for this client
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
post:
tags: [Applications]
summary: Grant consent for client
description: Grants consent for the specified client with the provided scopes. Creates a new consent or updates an existing one.
operationId: grantConsent
parameters:
- name: clientId
in: path
required: true
description: Client ID
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ConsentRepresentation'
responses:
'200':
description: Consent granted or updated
content:
application/json:
schema:
$ref: '#/components/schemas/ConsentRepresentation'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
put:
tags: [Applications]
summary: Update consent for client
description: Updates the consent for the specified client. Creates a new consent or updates an existing one.
operationId: updateConsent
parameters:
- name: clientId
in: path
required: true
description: Client ID
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ConsentRepresentation'
responses:
'200':
description: Consent updated
content:
application/json:
schema:
$ref: '#/components/schemas/ConsentRepresentation'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
delete:
tags: [Applications]
summary: Revoke consent for client
description: Revokes all consents granted by the current user to the specified client.
operationId: revokeConsent
parameters:
- name: clientId
in: path
required: true
description: Client ID
schema:
type: string
responses:
'204':
description: Consent revoked
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
/linked-accounts:
get:
tags: [Linked Accounts]
summary: List linked accounts
description: |
Returns identity provider accounts.
- `linked=true`: returns all providers currently linked to the user (including organization providers).
- `linked=false`: returns realm-level providers not yet linked and available for linking.
- `linked` omitted: returns all providers (deprecated backwards-compatible behavior).
The `search` parameter supports prefix (`name*`), contains (`*name*`), and exact (`"name"`) matching.
operationId: getLinkedAccounts
parameters:
- name: linked
in: query
description: Filter by linked status.
schema:
type: boolean
- name: search
in: query
description: Filter by provider name. Supports prefix (name*), contains (*name*), or exact ("name") matching.
schema:
type: string
- name: first
in: query
description: Pagination offset.
schema:
type: integer
minimum: 0
- name: max
in: query
description: Maximum number of results.
schema:
type: integer
minimum: 1
responses:
'200':
description: List of linked or linkable identity provider accounts
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/LinkedAccountRepresentation'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
/linked-accounts/{providerAlias}:
get:
tags: [Linked Accounts]
summary: Get identity provider link URI
description: |
Returns a URI to redirect to for linking an identity provider with the current user's account.
**Deprecated**: Use the `idp_link` application-initiated action (AIA) instead.
operationId: buildLinkedAccountURI
deprecated: true
parameters:
- name: providerAlias
in: path
required: true
description: Identity provider alias
schema:
type: string
- name: redirectUri
in: query
required: true
description: URI to redirect to after the linking flow completes
schema:
type: string
format: uri
responses:
'200':
description: Account link URI
content:
application/json:
schema:
$ref: '#/components/schemas/AccountLinkUriRepresentation'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
delete:
tags: [Linked Accounts]
summary: Remove linked account
description: Unlinks an identity provider from the current user's account.
operationId: removeLinkedAccount
parameters:
- name: providerAlias
in: path
required: true
description: Identity provider alias
schema:
type: string
responses:
'204':
description: Linked account removed
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
/groups:
get:
tags: [Groups]
summary: Get group memberships
description: Returns the groups the current user is a member of.
operationId: getGroupMemberships
parameters:
- name: briefRepresentation
in: query
description: If true, returns only group name and path. If false, includes attributes, roles and subgroups. Defaults to true.
schema:
type: boolean
default: true
responses:
'200':
description: List of groups
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/GroupRepresentation'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
components:
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
description: OAuth 2.0 / OpenID Connect Bearer token obtained from the realm's token endpoint
responses:
Unauthorized:
description: Authentication required
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorRepresentation'
Forbidden:
description: Insufficient permissions
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorRepresentation'
BadRequest:
description: Invalid request
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorRepresentation'
NotFound:
description: Resource not found
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorRepresentation'
schemas:
UserRepresentation:
type: object
description: Account user representation
properties:
id:
type: string
description: User ID
username:
type: string
description: Username
firstName:
type: string
description: First name
lastName:
type: string
description: Last name
email:
type: string
format: email
description: Email address
emailVerified:
type: boolean
description: Whether the email address has been verified
enabled:
type: boolean
description: Whether the user account is enabled
attributes:
type: object
description: Custom user attributes (excluding root attributes such as username, email, firstName, lastName)
additionalProperties:
type: array
items:
type: string
userProfileMetadata:
$ref: '#/components/schemas/UserProfileMetadata'
UserProfileMetadata:
type: object
description: Metadata describing the user profile schema for the realm
properties:
attributes:
type: array
items:
$ref: '#/components/schemas/UserProfileAttributeMetadata'
groups:
type: array
items:
$ref: '#/components/schemas/UserProfileAttributeGroupMetadata'
UserProfileAttributeMetadata:
type: object
description: Metadata for a single user profile attribute
properties:
name:
type: string
description: Attribute name
displayName:
type: string
description: Display name (may be a message bundle key)
required:
type: boolean
description: Whether the attribute is required
readOnly:
type: boolean
description: Whether the attribute is read-only for the user
group:
type: string
description: Name of the attribute group this attribute belongs to
multivalued:
type: boolean
description: Whether the attribute supports multiple values
annotations:
type: object
description: Arbitrary annotations (e.g. UI hints)
additionalProperties: true
validators:
type: object
description: Validator configurations keyed by validator ID
additionalProperties:
type: object
additionalProperties: true
UserProfileAttributeGroupMetadata:
type: object
description: Metadata for a user profile attribute group
properties:
name:
type: string
description: Group name
displayHeader:
type: string
description: Display header (may be a message bundle key)
displayDescription:
type: string
description: Display description (may be a message bundle key)
annotations:
type: object
description: Arbitrary annotations
additionalProperties: true
SessionRepresentation:
type: object
description: Represents an active user session
properties:
id:
type: string
description: Session ID
ipAddress:
type: string
description: IP address associated with the session (may not be a valid address when behind a proxy)
started:
type: integer
description: Session start time (Unix timestamp in seconds)
lastAccess:
type: integer
description: Last access time (Unix timestamp in seconds)
expires:
type: integer
description: Session expiry time (Unix timestamp in seconds)
browser:
type: string
description: Browser and version (e.g. Chrome/120.0)
current:
type: boolean
description: Whether this is the currently active session
clients:
type: array
description: Client applications accessed during this session
items:
$ref: '#/components/schemas/ClientRepresentation'
DeviceRepresentation:
type: object
description: Represents a device with one or more active sessions
properties:
id:
type: string
description: Device ID
ipAddress:
type: string
description: IP address (may not be a valid address when behind a proxy)
os:
type: string
description: Operating system name (e.g. Windows, macOS, Linux)
osVersion:
type: string
description: Operating system version
browser:
type: string
description: Browser and version (e.g. Firefox/121.0)
device:
type: string
description: Device category (e.g. Desktop, Mobile)
lastAccess:
type: integer
description: Last access time (Unix timestamp in seconds)
current:
type: boolean
description: Whether this device hosts the current session
mobile:
type: boolean
description: Whether this is a mobile device
sessions:
type: array
description: Sessions associated with this device
items:
$ref: '#/components/schemas/SessionRepresentation'
CredentialContainer:
type: object
description: Describes a credential type and the user's credentials of that type
properties:
type:
type: string
description: 'Credential type identifier (e.g. password, otp, webauthn)'
category:
type: string
description: 'Credential category (e.g. basic-authentication, two-factor)'
displayName:
type: string
description: Display name for the credential type (may be a message bundle key)
helptext:
type: string
description: Help text for the credential type (may be a message bundle key)
iconCssClass:
type: string
description: CSS class for the credential type icon
createAction:
type: string
description: Required action identifier used to create a new credential of this type
updateAction:
type: string
description: Required action identifier used to update a credential of this type
removeable:
type: boolean
description: Whether user credentials of this type can be removed by the user
userCredentialMetadatas:
type: array
description: Metadata for each of the user's existing credentials of this type
items:
$ref: '#/components/schemas/CredentialMetadataRepresentation'
CredentialMetadataRepresentation:
type: object
description: Metadata for a specific user credential instance
properties:
credential:
$ref: '#/components/schemas/CredentialRepresentation'
infoMessage:
$ref: '#/components/schemas/LocalizedMessage'
infoProperties:
type: array
items:
$ref: '#/components/schemas/LocalizedMessage'
warningMessageTitle:
$ref: '#/components/schemas/LocalizedMessage'
warningMessageDescription:
$ref: '#/components/schemas/LocalizedMessage'
CredentialRepresentation:
type: object
description: Represents a stored user credential
properties:
id:
type: string
description: Credential ID
type:
type: string
description: 'Credential type (e.g. password, otp, webauthn)'
userLabel:
type: string
description: User-defined label for the credential
createdDate:
type: integer
format: int64
description: Creation timestamp (Unix milliseconds)
credentialData:
type: string
description: Credential metadata as a JSON string (algorithm, counter, etc.)
priority:
type: integer
description: Priority order among credentials of the same type
value:
type: string
description: Credential value (used when creating or updating a credential)
temporary:
type: boolean
description: Whether the credential is temporary (requires change on next login)
LocalizedMessage:
type: object
description: A localizable message with a bundle key and optional interpolation parameters
properties:
key:
type: string
description: Message bundle key
parameters:
type: array
description: Positional parameters for message interpolation
items:
type: string
ConsentRepresentation:
type: object
description: Represents a user consent for a client application
properties:
grantedScopes:
type: array
description: Scopes granted to the client
items:
$ref: '#/components/schemas/ConsentScopeRepresentation'
createdDate:
type: integer
format: int64
description: Consent creation timestamp (Unix milliseconds)
lastUpdatedDate:
type: integer
format: int64
description: Consent last-updated timestamp (Unix milliseconds)
ConsentScopeRepresentation:
type: object
description: Represents a single scope included in a consent
properties:
id:
type: string
description: Scope ID
name:
type: string
description: Scope name
displayText:
type: string
description: Localized display text shown on the consent screen
ClientRepresentation:
type: object
description: Represents a client application
properties:
clientId:
type: string
description: Client ID
clientName:
type: string
description: Client display name
description:
type: string
description: Client description
userConsentRequired:
type: boolean
description: Whether user consent is required for this client
inUse:
type: boolean
description: Whether the client currently has an active session
offlineAccess:
type: boolean
description: Whether the client has an active offline session
rootUrl:
type: string
description: Root URL configured on the client
baseUrl:
type: string
description: Base URL configured on the client
effectiveUrl:
type: string
description: Effective URL resolving rootUrl and baseUrl
consent:
$ref: '#/components/schemas/ConsentRepresentation'
logoUri:
type: string
description: URI to the client's logo image
policyUri:
type: string
description: URI to the client's privacy policy
tosUri:
type: string
description: URI to the client's terms of service
LinkedAccountRepresentation:
type: object
description: Represents a linked (or linkable) identity provider account
properties:
connected:
type: boolean
description: Whether the user's account is currently linked to this provider
social:
type: boolean
description: Whether this is a social identity provider
providerAlias:
type: string
description: Provider alias (unique identifier within the realm)
providerName:
type: string
description: Provider name
displayName:
type: string
description: Provider display name for UI rendering
linkedUsername:
type: string
description: The username at the linked provider (null when not connected)
AccountLinkUriRepresentation:
type: object
description: URI and security parameters for initiating an identity provider link flow
properties:
accountLinkUri:
type: string
format: uri
description: URI to redirect the user to for account linking
nonce:
type: string
description: One-time nonce for the link request
hash:
type: string
description: Hash for verifying the link request
OrganizationRepresentation:
type: object
description: Represents an organization the user is a member of
properties:
id:
type: string
description: Organization ID
name:
type: string
description: Organization name
alias:
type: string
description: Organization alias
enabled:
type: boolean
description: Whether the organization is enabled
default: true
description:
type: string
description: Organization description
domains:
type: array
description: Email domains associated with the organization
uniqueItems: true
items:
type: string
GroupRepresentation:
type: object
description: Represents a realm group
properties:
id:
type: string
description: Group ID
name:
type: string
description: Group name
path:
type: string
description: Full group path (e.g. /parent/child)
parentId:
type: string
description: Parent group ID
subGroupCount:
type: integer
description: Number of direct subgroups
subGroups:
type: array
description: Subgroups (populated when briefRepresentation=false)
items:
$ref: '#/components/schemas/GroupRepresentation'
attributes:
type: object
description: Group attributes
additionalProperties:
type: array
items:
type: string
realmRoles:
type: array
description: Realm roles assigned to the group
items:
type: string
clientRoles:
type: object
description: Client roles assigned to the group, keyed by client ID
additionalProperties:
type: array
items:
type: string
Resource:
type: object
description: Represents a UMA authorization resource owned by the user
properties:
id:
type: string
description: Resource ID
name:
type: string
description: Resource name
displayName:
type: string
description: Resource display name
uris:
type: array
description: URIs associated with the resource
uniqueItems: true
items:
type: string
type:
type: string
description: Resource type
iconUri:
type: string
description: URI to the resource icon
owner:
$ref: '#/components/schemas/ResourceOwnerRepresentation'
ownerManagedAccess:
type: boolean
description: Whether the owner manages access permissions for this resource
scopes:
type: array
description: Authorization scopes available on the resource
uniqueItems: true
items:
$ref: '#/components/schemas/ScopeRepresentation'
attributes:
type: object
description: Resource attributes
additionalProperties:
type: array
items:
type: string
client:
$ref: '#/components/schemas/ResourceClientRepresentation'
ResourcePermission:
allOf:
- $ref: '#/components/schemas/Resource'
- type: object
description: Resource with associated user permissions
properties:
permissions:
type: array
description: Users who have been granted access to this resource
items:
$ref: '#/components/schemas/Permission'
Permission:
type: object
description: A user with granted scopes for a resource
properties:
username:
type: string
description: Username of the user with access
firstName:
type: string
description: First name
lastName:
type: string
description: Last name
email:
type: string
format: email
description: Email address
scopes:
type: array
description: Scope names granted to this user
items:
type: string
ScopeRepresentation:
type: object
description: Represents an authorization scope
properties:
id:
type: string
description: Scope ID
name:
type: string
description: Scope name
displayName:
type: string
description: Scope display name
iconUri:
type: string
description: URI to the scope icon
ResourceOwnerRepresentation:
type: object
description: Represents the owner of a resource
properties:
id:
type: string
description: Owner user ID
name:
type: string
description: Owner display name
ResourceClientRepresentation:
type: object
description: The resource server client associated with a resource
properties:
clientId:
type: string
description: Client ID
name:
type: string
description: Client display name
baseUrl:
type: string
description: Client base URL
ErrorRepresentation:
type: object
description: Error response body
properties:
errorMessage:
type: string
description: Human-readable error message (may be a message bundle key)
field:
type: string
description: Attribute name that caused a validation error
params:
type: array
description: Additional parameters for error message interpolation
items: {}
errors:
type: array
description: List of field-level validation errors
items:
$ref: '#/components/schemas/ErrorRepresentation'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment