assign_client_role_to_user
Assign client-specific roles to users in Keycloak for precise access control. Specify user, client, and roles to manage permissions.
Instructions
Assign client roles to a user.
Args:
user_id: User ID
client_id: Client database ID
role_names: List of role names to assign
realm: Target realm (uses default if not specified)
Returns:
Status messageInput Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| user_id | Yes | ||
| client_id | Yes | ||
| role_names | Yes | ||
| realm | No |
Implementation Reference
- src/tools/role_tools.py:290-323 (handler)The handler function for the 'assign_client_role_to_user' tool, decorated with @mcp.tool() which serves as the registration. It fetches client role details and assigns them to the specified user via Keycloak's admin API.
@mcp.tool() async def assign_client_role_to_user( user_id: str, client_id: str, role_names: List[str], realm: Optional[str] = None ) -> Dict[str, str]: """ Assign client roles to a user. Args: user_id: User ID client_id: Client database ID role_names: List of role names to assign realm: Target realm (uses default if not specified) Returns: Status message """ # Get role representations roles = [] for role_name in role_names: role = await client._make_request( "GET", f"/clients/{client_id}/roles/{role_name}", realm=realm ) roles.append(role) await client._make_request( "POST", f"/users/{user_id}/role-mappings/clients/{client_id}", data=roles, realm=realm, ) return { "status": "assigned", "message": f"Client roles {role_names} assigned to user {user_id}", } - src/tools/role_tools.py:290-290 (registration)The @mcp.tool() decorator registers the function as an MCP tool.
@mcp.tool() - src/tools/role_tools.py:291-302 (schema)Function signature with type hints and docstring defining the input schema and output type.
async def assign_client_role_to_user( user_id: str, client_id: str, role_names: List[str], realm: Optional[str] = None ) -> Dict[str, str]: """ Assign client roles to a user. Args: user_id: User ID client_id: Client database ID role_names: List of role names to assign realm: Target realm (uses default if not specified)