Creating Authentication Flow through Admin REST API

Basically I want to automate some parts of realm setup. One of those parts is creating my custom Authentication Flows. I understand how to build them with the Admin UI, but the REST API got me stumped.
Following the documentation it should be possible to post a AuthenticationFlowRepresentation to /{realm}/authentication/flows.
But that representation only contains a flat array of AuthenticationExecutionExportRepresentation, which in turn do not contain any hierarchical structure/attributes (like level & position).
How am I supposed to actually construct a tree-like authentication flow with this?

  1. Can you provide an example of how to properly use the Admin REST API to create an Authentication Flow? I couldn’t find any.
  2. Is there a better tool to setup my Authentication Flows, if it doesn’t work well with the REST API?

I’ve had a similar problem, and the documentation didn’t help at all. You need to create an execution for a flow. The AuthenticationExecutionInfoRepresentation has a level and index that you can use to create the “tree”, but it doesn’t really have a notion of parent/child. Each execution needs to be added to the flow, and you can raise and lower their priority using the API. It honestly looks like this API was designed to make the UI easier to build, rather than it to be functional for programmatic use.

Another two tactics I used when building my flows was to always copy an existing/default flow, and figure out which methods I needed to call by watching the network inspector while using the Admin UI. Otherwise, I never would have been able to figure it out with the API docs alone.

1 Like

Ugh… I was kinda hoping I’m just a terrible dev, who doesn’t get how the API is properly used, instead of it being actually this annoyingly designed.
So, I actually got to add every execution individually…
Never has professional affirmation been this disappointing XD

Anyway, thanks for the input.

I’m not an expert/contributor, but that’s just been my experience with it.

IMO, yes, the API could be more intuitive, but this could also be solved with a better client library that encapsulates the conversion between a more intuitive, parent/child model to what the API expects. I built a few utilities on top of the Java admin client for a customer to do this.