mcp-keycloak

Instructions

Implementation Reference

• src/tools/client_tools.py:83-154 (handler)

  The main handler function for the 'create_client' MCP tool. Decorated with @mcp.tool() for automatic registration. Handles creation of a new Keycloak client by constructing the client data payload and making a POST request to the Keycloak API via KeycloakClient.
  @mcp.tool() async def create_client( client_id: str, name: Optional[str] = None, description: Optional[str] = None, enabled: bool = True, always_display_in_console: bool = False, root_url: Optional[str] = None, redirect_uris: Optional[List[str]] = None, web_origins: Optional[List[str]] = None, protocol: str = "openid-connect", public_client: bool = False, bearer_only: bool = False, service_accounts_enabled: bool = False, authorization_services_enabled: bool = False, direct_access_grants_enabled: bool = False, implicit_flow_enabled: bool = False, standard_flow_enabled: bool = True, realm: Optional[str] = None, ) -> Dict[str, str]: """ Create a new client. Args: client_id: Client ID (unique identifier) name: Display name description: Client description enabled: Whether the client is enabled always_display_in_console: Always display in account console root_url: Root URL for relative URLs redirect_uris: Valid redirect URIs web_origins: Allowed CORS origins protocol: Protocol (openid-connect or saml) public_client: Public client (no secret) bearer_only: Bearer-only client service_accounts_enabled: Enable service accounts authorization_services_enabled: Enable authorization services direct_access_grants_enabled: Enable direct access grants (password flow) implicit_flow_enabled: Enable implicit flow standard_flow_enabled: Enable standard flow (authorization code) realm: Target realm (uses default if not specified) Returns: Status message """ client_data = { "clientId": client_id, "enabled": enabled, "alwaysDisplayInConsole": always_display_in_console, "protocol": protocol, "publicClient": public_client, "bearerOnly": bearer_only, "serviceAccountsEnabled": service_accounts_enabled, "authorizationServicesEnabled": authorization_services_enabled, "directAccessGrantsEnabled": direct_access_grants_enabled, "implicitFlowEnabled": implicit_flow_enabled, "standardFlowEnabled": standard_flow_enabled, } if name: client_data["name"] = name if description: client_data["description"] = description if root_url: client_data["rootUrl"] = root_url if redirect_uris: client_data["redirectUris"] = redirect_uris if web_origins: client_data["webOrigins"] = web_origins await client._make_request("POST", "/clients", data=client_data, realm=realm) return {"status": "created", "message": f"Client {client_id} created successfully"}
• src/tools/client_tools.py:83-83 (registration)

  The @mcp.tool() decorator registers the create_client function as an MCP tool with the FastMCP server.
  @mcp.tool()
• src/tools/client_tools.py:6-6 (helper)

  Instantiation of the KeycloakClient helper used by the create_client tool to interact with the Keycloak Admin API.
  client = KeycloakClient()