keycloak.authorization

Authorization module.

Submodules

Classes

Permission

Base permission class.

Policy

Base policy class.

Role

Authorization Role base class.

Authorization

Keycloak Authorization (policies, roles, scopes and resources).

Package Contents

class keycloak.authorization.Permission(name, type, logic, decision_strategy)[source]

Base permission class.

Consider this simple and very common permission:

A permission associates the object being protected with the policies that must be evaluated to determine whether access is granted.

X CAN DO Y ON RESOURCE Z

where

  • X represents one or more users, roles, or groups, or a combination of them. You can

    also use claims and context here.

  • Y represents an action to be performed, for example, write, view, and so on.

  • Z represents a protected resource, for example, “/accounts”.

https://keycloak.gitbooks.io/documentation/authorization_services/topics/permission/overview.html

Parameters:
  • name (str) – Name

  • type (str) – Type

  • logic (str) – Logic

  • decision_strategy (str) – Decision strategy

property name

Get name.

Returns:

name

Return type:

str

property type

Get type.

Returns:

type

Return type:

str

property logic

Get logic.

Returns:

Logic

Return type:

str

property decision_strategy

Get decision strategy.

Returns:

Decision strategy

Return type:

str

property resources

Get resources.

Returns:

Resources

Return type:

list

property scopes

Get scopes.

Returns:

Scopes

Return type:

list

__repr__()[source]

Repr method.

Returns:

Class representation

Return type:

str

__str__()[source]

Str method.

Returns:

Class string representation

Return type:

str

class keycloak.authorization.Policy(name, type, logic, decision_strategy)[source]

Base policy class.

A policy defines the conditions that must be satisfied to grant access to an object. Unlike permissions, you do not specify the object being protected but rather the conditions that must be satisfied for access to a given object (for example, resource, scope, or both). Policies are strongly related to the different access control mechanisms (ACMs) that you can use to protect your resources. With policies, you can implement strategies for attribute-based access control (ABAC), role-based access control (RBAC), context-based access control, or any combination of these.

https://keycloak.gitbooks.io/documentation/authorization_services/topics/policy/overview.html

Parameters:
  • name (str) – Name

  • type (str) – Type

  • logic (str) – Logic

  • decision_strategy (str) – Decision strategy

property name

Get name.

Returns:

Name

Return type:

str

property type

Get type.

Returns:

Type

Return type:

str

property logic

Get logic.

Returns:

Logic

Return type:

str

property decision_strategy

Get decision strategy.

Returns:

Decision strategy

Return type:

str

property roles

Get roles.

Returns:

Roles

Return type:

list

property permissions

Get permissions.

Returns:

Permissions

Return type:

list

__repr__()[source]

Repr method.

Returns:

Class representation

Return type:

str

__str__()[source]

Str method.

Returns:

Class string representation

Return type:

str

add_role(role)[source]

Add keycloak role in policy.

Parameters:

role (keycloak.authorization.Role) – Keycloak role

Raises:

KeycloakAuthorizationConfigError – In case of misconfigured policy type

add_permission(permission)[source]

Add keycloak permission in policy.

Parameters:

permission (keycloak.authorization.Permission) – Keycloak permission

class keycloak.authorization.Role(name, required=False)[source]

Authorization Role base class.

Roles identify a type or category of user. Admin, user, manager, and employee are all typical roles that may exist in an organization.

https://keycloak.gitbooks.io/documentation/server_admin/topics/roles.html

Parameters:
  • name (str) – Name

  • required (bool) – Required role indicator

name
required = False
get_name()[source]

Get name.

Returns:

Name

Return type:

str

__eq__(other)[source]

Eq method.

Parameters:

other (str) – The other object

Returns:

Equality bool

Return type:

bool | NotImplemented

class keycloak.authorization.Authorization[source]

Keycloak Authorization (policies, roles, scopes and resources).

https://keycloak.gitbooks.io/documentation/authorization_services/index.html

property policies[source]

Get policies.

Returns:

Policies

Return type:

dict

load_config(data)[source]

Load policies, roles and permissions (scope/resources).

Parameters:

data (dict) – keycloak authorization data (dict)