keycloak
Python-Keycloak library.
Subpackages
Submodules
Attributes
Exceptions
Keycloak authentication error exception. |
|
Keycloak authorization config exception. |
|
Keycloak connection error exception. |
|
Keycloak request delete error exception. |
|
Keycloak deprecation error exception. |
|
Base class for custom Keycloak errors. |
|
Keycloak request get error exception. |
|
Keycloak invalid token exception. |
|
Keycloak operation error exception. |
|
Keycloak request post error exception. |
|
Keycloak request put error exception. |
|
Keycloak RPT not found exception. |
|
Keycloak secret not found exception. |
Classes
Represents a simple server connection. |
|
Keycloak Admin client. |
|
Keycloak OpenID client. |
|
Keycloak UMA client. |
|
A class to help with OpenID connections which can auto refresh tokens. |
Package Contents
- class keycloak.ConnectionManager(base_url, headers={}, timeout=60, verify=True, proxies=None, cert=None, max_retries=1)[source]
Bases:
object
Represents a simple server connection.
- Parameters:
base_url (str) – The server URL.
headers (dict) – The header parameters of the requests to the server.
timeout (int) – Timeout to use for requests to the server.
verify (Union[bool,str]) – Boolean value to enable or disable certificate validation or a string containing a path to a CA bundle to use
proxies (dict) – The proxies servers requests is sent by.
cert (Union[str,Tuple[str,str]]) – An SSL certificate used by the requested host to authenticate the client. Either a path to an SSL certificate file, or two-tuple of (certificate file, key file).
max_retries (int) – The total number of times to retry HTTP requests.
- property base_url
- Return base url in use for requests to the server.
- Returns:
Base URL
- Return type:
str
- property headers
- Return header request to the server.
- Returns:
Request headers
- Return type:
dict
- property timeout
- Return timeout in use for request to the server.
- Returns:
Timeout
- Return type:
int
- property verify
- Return verify in use for request to the server.
- Returns:
Verify indicator
- Return type:
bool
- property cert
- Return client certificates in use for request to the server.
- Returns:
Client certificate
- Return type:
Union[str,Tuple[str,str]]
- _s
- auth
- async_s
- transport
- param_headers(key)[source]
Return a specific header parameter.
- Parameters:
key (str) – Header parameters key.
- Returns:
If the header parameters exist, return its value.
- Return type:
str
- exist_param_headers(key)[source]
Check if the parameter exists in the header.
- Parameters:
key (str) – Header parameters key.
- Returns:
If the header parameters exist, return True.
- Return type:
bool
- add_param_headers(key, value)[source]
Add a single parameter inside the header.
- Parameters:
key (str) – Header parameters key.
value (str) – Value to be added.
- del_param_headers(key)[source]
Remove a specific parameter.
- Parameters:
key (str) – Key of the header parameters.
- raw_get(path, **kwargs)[source]
Submit get request to the path.
- Parameters:
path (str) – Path for request.
kwargs (dict) – Additional arguments
- Returns:
Response the request.
- Return type:
Response
- Raises:
KeycloakConnectionError – HttpError Can’t connect to server.
- raw_post(path, data, **kwargs)[source]
Submit post request to the path.
- Parameters:
path (str) – Path for request.
data (dict) – Payload for request.
kwargs (dict) – Additional arguments
- Returns:
Response the request.
- Return type:
Response
- Raises:
KeycloakConnectionError – HttpError Can’t connect to server.
- raw_put(path, data, **kwargs)[source]
Submit put request to the path.
- Parameters:
path (str) – Path for request.
data (dict) – Payload for request.
kwargs (dict) – Additional arguments
- Returns:
Response the request.
- Return type:
Response
- Raises:
KeycloakConnectionError – HttpError Can’t connect to server.
- raw_delete(path, data=None, **kwargs)[source]
Submit delete request to the path.
- Parameters:
path (str) – Path for request.
data (dict | None) – Payload for request.
kwargs (dict) – Additional arguments
- Returns:
Response the request.
- Return type:
Response
- Raises:
KeycloakConnectionError – HttpError Can’t connect to server.
- async a_raw_get(path, **kwargs)[source]
Submit get request to the path.
- Parameters:
path (str) – Path for request.
kwargs (dict) – Additional arguments
- Returns:
Response the request.
- Return type:
Response
- Raises:
KeycloakConnectionError – HttpError Can’t connect to server.
- async a_raw_post(path, data, **kwargs)[source]
Submit post request to the path.
- Parameters:
path (str) – Path for request.
data (dict) – Payload for request.
kwargs (dict) – Additional arguments
- Returns:
Response the request.
- Return type:
Response
- Raises:
KeycloakConnectionError – HttpError Can’t connect to server.
- async a_raw_put(path, data, **kwargs)[source]
Submit put request to the path.
- Parameters:
path (str) – Path for request.
data (dict) – Payload for request.
kwargs (dict) – Additional arguments
- Returns:
Response the request.
- Return type:
Response
- Raises:
KeycloakConnectionError – HttpError Can’t connect to server.
- async a_raw_delete(path, data=None, **kwargs)[source]
Submit delete request to the path.
- Parameters:
path (str) – Path for request.
data (dict | None) – Payload for request.
kwargs (dict) – Additional arguments
- Returns:
Response the request.
- Return type:
Response
- Raises:
KeycloakConnectionError – HttpError Can’t connect to server.
- static _filter_query_params(query_params)[source]
Explicitly filter query params with None values for compatibility.
Httpx and requests differ in the way they handle query params with the value None, requests does not include params with the value None while httpx includes them as-is.
- Parameters:
query_params (dict) – the query params
- Returns:
the filtered query params
- Return type:
dict
- exception keycloak.KeycloakAuthenticationError(error_message='', response_code=None, response_body=None)[source]
Bases:
KeycloakError
Keycloak authentication error exception.
- exception keycloak.KeycloakAuthorizationConfigError(error_message='', response_code=None, response_body=None)[source]
Bases:
KeycloakOperationError
Keycloak authorization config exception.
- exception keycloak.KeycloakConnectionError(error_message='', response_code=None, response_body=None)[source]
Bases:
KeycloakError
Keycloak connection error exception.
- exception keycloak.KeycloakDeleteError(error_message='', response_code=None, response_body=None)[source]
Bases:
KeycloakOperationError
Keycloak request delete error exception.
- exception keycloak.KeycloakDeprecationError(error_message='', response_code=None, response_body=None)[source]
Bases:
KeycloakError
Keycloak deprecation error exception.
- exception keycloak.KeycloakError(error_message='', response_code=None, response_body=None)[source]
Bases:
Exception
Base class for custom Keycloak errors.
- Parameters:
error_message (str) – The error message
response_code (int) – The response status code
- response_code
- response_body
- error_message
- exception keycloak.KeycloakGetError(error_message='', response_code=None, response_body=None)[source]
Bases:
KeycloakOperationError
Keycloak request get error exception.
- exception keycloak.KeycloakInvalidTokenError(error_message='', response_code=None, response_body=None)[source]
Bases:
KeycloakOperationError
Keycloak invalid token exception.
- exception keycloak.KeycloakOperationError(error_message='', response_code=None, response_body=None)[source]
Bases:
KeycloakError
Keycloak operation error exception.
- exception keycloak.KeycloakPostError(error_message='', response_code=None, response_body=None)[source]
Bases:
KeycloakOperationError
Keycloak request post error exception.
- exception keycloak.KeycloakPutError(error_message='', response_code=None, response_body=None)[source]
Bases:
KeycloakOperationError
Keycloak request put error exception.
- exception keycloak.KeycloakRPTNotFound(error_message='', response_code=None, response_body=None)[source]
Bases:
KeycloakOperationError
Keycloak RPT not found exception.
- exception keycloak.KeycloakSecretNotFound(error_message='', response_code=None, response_body=None)[source]
Bases:
KeycloakOperationError
Keycloak secret not found exception.
- class keycloak.KeycloakAdmin(server_url=None, grant_type=None, username=None, password=None, token=None, totp=None, realm_name='master', client_id='admin-cli', verify=True, client_secret_key=None, custom_headers=None, user_realm_name=None, timeout=60, cert=None, max_retries=1, connection: keycloak.openid_connection.KeycloakOpenIDConnection | None = None)[source]
Keycloak Admin client.
- Parameters:
server_url (str) – Keycloak server url
username (str) – admin username
password (str) – admin password
token (dict) – access and refresh tokens
totp (str) – Time based OTP
realm_name (str) – realm name
client_id (str) – client id
verify (Union[bool,str]) – Boolean value to enable or disable certificate validation or a string containing a path to a CA bundle to use
client_secret_key (str) – client secret key (optional, required only for access type confidential)
custom_headers (dict) – dict of custom header to pass to each HTML request
user_realm_name (str) – The realm name of the user, if different from realm_name
timeout (int) – connection timeout in seconds
cert (Union[str,Tuple[str,str]]) – An SSL certificate used by the requested host to authenticate the client. Either a path to an SSL certificate file, or two-tuple of (certificate file, key file).
max_retries (int) – The total number of times to retry HTTP requests.
connection (KeycloakOpenIDConnection) – A KeycloakOpenIDConnection as an alternative to individual params.
- PAGE_SIZE = 100
- property connection: keycloak.openid_connection.KeycloakOpenIDConnection
Get connection.
- Returns:
Connection manager
- Return type:
- __fetch_all(url, query=None)[source]
Paginate over get requests.
Wrapper function to paginate GET requests.
- Parameters:
url (str) – The url on which the query is executed
query (dict) – Existing query parameters (optional)
- Returns:
Combined results of paginated queries
- Return type:
list
- __fetch_paginated(url, query=None)[source]
Make a specific paginated request.
- Parameters:
url (str) – The url on which the query is executed
query (dict) – Pagination settings
- Returns:
Response
- Return type:
dict
- get_current_realm() str [source]
Return the currently configured realm.
- Returns:
Currently configured realm name
- Return type:
str
- change_current_realm(realm_name: str) None [source]
Change the current realm.
- Parameters:
realm_name (str) – The name of the realm to be configured as current
- import_realm(payload)[source]
Import a new realm from a RealmRepresentation.
Realm name must be unique.
RealmRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmrepresentation
- Parameters:
payload (dict) – RealmRepresentation
- Returns:
RealmRepresentation
- Return type:
dict
- partial_import_realm(realm_name, payload)[source]
Partial import realm configuration from PartialImportRepresentation.
Realm partialImport is used for modifying configuration of existing realm.
PartialImportRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_partialimportrepresentation
- Parameters:
realm_name (str) – Realm name (not the realm id)
payload (dict) – PartialImportRepresentation
- Returns:
PartialImportResponse
- Return type:
dict
- export_realm(export_clients=False, export_groups_and_role=False)[source]
Export the realm configurations in the json format.
RealmRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_partialexport
- Parameters:
export_clients (bool) – Skip if not want to export realm clients
export_groups_and_role (bool) – Skip if not want to export realm groups and roles
- Returns:
realm configurations JSON
- Return type:
dict
- get_realms()[source]
List all realms in Keycloak deployment.
- Returns:
realms list
- Return type:
list
- get_realm(realm_name)[source]
Get a specific realm.
RealmRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmrepresentation
- Parameters:
realm_name (str) – Realm name (not the realm id)
- Returns:
RealmRepresentation
- Return type:
dict
- create_realm(payload, skip_exists=False)[source]
Create a realm.
RealmRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmrepresentation
- Parameters:
payload (dict) – RealmRepresentation
skip_exists (bool) – Skip if Realm already exist.
- Returns:
Keycloak server response (RealmRepresentation)
- Return type:
dict
- update_realm(realm_name, payload)[source]
Update a realm.
This will only update top level attributes and will ignore any user, role, or client information in the payload.
RealmRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmrepresentation
- Parameters:
realm_name (str) – Realm name (not the realm id)
payload (dict) – RealmRepresentation
- Returns:
Http response
- Return type:
dict
- delete_realm(realm_name)[source]
Delete a realm.
- Parameters:
realm_name (str) – Realm name (not the realm id)
- Returns:
Http response
- Return type:
dict
- get_users(query=None)[source]
Get all users.
Return a list of users, filtered according to query parameters
UserRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userrepresentation
- Parameters:
query (dict) – Query parameters (optional)
- Returns:
users list
- Return type:
list
- create_idp(payload)[source]
Create an ID Provider.
IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identityproviderrepresentation
- Param:
payload: IdentityProviderRepresentation
- Returns:
Keycloak server response
- Return type:
dict
- update_idp(idp_alias, payload)[source]
Update an ID Provider.
IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identity_providers_resource
- Param:
idp_alias: alias for IdP to update
- Param:
payload: The IdentityProviderRepresentation
- Returns:
Keycloak server response
- Return type:
dict
- add_mapper_to_idp(idp_alias, payload)[source]
Create an ID Provider.
IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identityprovidermapperrepresentation
- Param:
idp_alias: alias for Idp to add mapper in
- Param:
payload: IdentityProviderMapperRepresentation
- Returns:
Keycloak server response
- Return type:
dict
- update_mapper_in_idp(idp_alias, mapper_id, payload)[source]
Update an IdP mapper.
IdentityProviderMapperRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_update
- Param:
idp_alias: alias for Idp to fetch mappers
- Param:
mapper_id: Mapper Id to update
- Param:
payload: IdentityProviderMapperRepresentation
- Returns:
Http response
- Return type:
dict
- get_idp_mappers(idp_alias)[source]
Get IDP mappers.
Returns a list of ID Providers mappers
IdentityProviderMapperRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getmappers
- Param:
idp_alias: alias for Idp to fetch mappers
- Returns:
array IdentityProviderMapperRepresentation
- Return type:
list
- get_idps()[source]
Get IDPs.
Returns a list of ID Providers,
IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identityproviderrepresentation
- Returns:
array IdentityProviderRepresentation
- Return type:
list
- get_idp(idp_alias)[source]
Get IDP provider.
Get the representation of a specific IDP Provider.
IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identityproviderrepresentation
- Param:
idp_alias: alias for IdP to get
- Returns:
IdentityProviderRepresentation
- Return type:
dict
- delete_idp(idp_alias)[source]
Delete an ID Provider.
- Param:
idp_alias: idp alias name
- Returns:
Keycloak server response
- Return type:
dict
- create_user(payload, exist_ok=False)[source]
Create a new user.
Username must be unique
UserRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userrepresentation
- Parameters:
payload (dict) – UserRepresentation
exist_ok (bool) – If False, raise KeycloakGetError if username already exists. Otherwise, return existing user ID.
- Returns:
user_id
- Return type:
str
- users_count(query=None)[source]
Count users.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_users_resource
- Parameters:
query (dict) – (dict) Query parameters for users count
- Returns:
counter
- Return type:
int
- get_user_id(username)[source]
Get internal keycloak user id from username.
This is required for further actions against this user.
UserRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userrepresentation
- Parameters:
username (str) – id in UserRepresentation
- Returns:
user_id
- Return type:
str
- get_user(user_id)[source]
Get representation of the user.
UserRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userrepresentation
- Parameters:
user_id (str) – User id
- Returns:
UserRepresentation
- get_user_groups(user_id, query=None, brief_representation=True)[source]
Get user groups.
Returns a list of groups of which the user is a member
- Parameters:
user_id (str) – User id
query (dict) – Additional query options
brief_representation (bool) – whether to omit attributes in the response
- Returns:
user groups list
- Return type:
list
- update_user(user_id, payload)[source]
Update the user.
- Parameters:
user_id (str) – User id
payload (dict) – UserRepresentation
- Returns:
Http response
- Return type:
bytes
- disable_user(user_id)[source]
Disable the user from the realm. Disabled users can not log in.
- Parameters:
user_id (str) – User id
- Returns:
Http response
- Return type:
bytes
- enable_user(user_id)[source]
Enable the user from the realm.
- Parameters:
user_id (str) – User id
- Returns:
Http response
- Return type:
bytes
- delete_user(user_id)[source]
Delete the user.
- Parameters:
user_id (str) – User id
- Returns:
Http response
- Return type:
bytes
- set_user_password(user_id, password, temporary=True)[source]
Set up a password for the user.
If temporary is True, the user will have to reset the temporary password next time they log in.
https://www.keycloak.org/docs-api/24.0.2/rest-api/#_users_resource https://www.keycloak.org/docs-api/24.0.2/rest-api/#_credentialrepresentation
- Parameters:
user_id (str) – User id
password (str) – New password
temporary (bool) – True if password is temporary
- Returns:
Response
- Return type:
dict
- get_credentials(user_id)[source]
Get user credentials.
Returns a list of credential belonging to the user.
CredentialRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_credentialrepresentation
- Param:
user_id: user id
- Returns:
Keycloak server response (CredentialRepresentation)
- Return type:
dict
- delete_credential(user_id, credential_id)[source]
Delete credential of the user.
CredentialRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_credentialrepresentation
- Param:
user_id: user id
- Param:
credential_id: credential id
- Returns:
Keycloak server response (ClientRepresentation)
- Return type:
bytes
- user_logout(user_id)[source]
Log out the user.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_logout
- Parameters:
user_id (str) – User id
- Returns:
Keycloak server response
- Return type:
bytes
- user_consents(user_id)[source]
Get consents granted by the user.
UserConsentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userconsentrepresentation
- Parameters:
user_id (str) – User id
- Returns:
List of UserConsentRepresentations
- Return type:
list
- get_user_social_logins(user_id)[source]
Get user social logins.
Returns a list of federated identities/social logins of which the user has been associated with :param user_id: User id :type user_id: str :returns: Federated identities list :rtype: list
- add_user_social_login(user_id, provider_id, provider_userid, provider_username)[source]
Add a federated identity / social login provider to the user.
- Parameters:
user_id (str) – User id
provider_id (str) – Social login provider id
provider_userid (str) – userid specified by the provider
provider_username (str) – username specified by the provider
- Returns:
Keycloak server response
- Return type:
bytes
- delete_user_social_login(user_id, provider_id)[source]
Delete a federated identity / social login provider from the user.
- Parameters:
user_id (str) – User id
provider_id (str) – Social login provider id
- Returns:
Keycloak server response
- Return type:
bytes
- send_update_account(user_id, payload, client_id=None, lifespan=None, redirect_uri=None)[source]
Send an update account email to the user.
An email contains a link the user can click to perform a set of required actions.
- Parameters:
user_id (str) – User id
payload (list) – A list of actions for the user to complete
client_id (str) – Client id (optional)
lifespan (int) – Number of seconds after which the generated token expires (optional)
redirect_uri (str) – The redirect uri (optional)
- Returns:
Keycloak server response
- Return type:
bytes
- send_verify_email(user_id, client_id=None, redirect_uri=None)[source]
Send a update account email to the user.
An email contains a link the user can click to perform a set of required actions.
- Parameters:
user_id (str) – User id
client_id (str) – Client id (optional)
redirect_uri (str) – Redirect uri (optional)
- Returns:
Keycloak server response
- Return type:
bytes
- get_sessions(user_id)[source]
Get sessions associated with the user.
UserSessionRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_usersessionrepresentation
- Parameters:
user_id (str) – Id of user
- Returns:
UserSessionRepresentation
- Return type:
dict
- get_server_info()[source]
Get themes, social providers, etc. on this server.
ServerInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_serverinforepresentation
- Returns:
ServerInfoRepresentation
- Return type:
dict
- get_groups(query=None, full_hierarchy=False)[source]
Get groups.
Returns a list of groups belonging to the realm
GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation
Notice that when using full_hierarchy=True, the response will be a nested structure containing all the children groups. If used with query parameters, the full_hierarchy will be applied to the received groups only.
- Parameters:
query (dict) – Additional query options
full_hierarchy (bool) – If True, return all of the nested children groups, otherwise only the first level children are returned
- Returns:
array GroupRepresentation
- Return type:
list
- get_group(group_id, full_hierarchy=False)[source]
Get group by id.
Returns full group details
GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation
- Parameters:
group_id (str) – The group id
full_hierarchy (bool) – If True, return all of the nested children groups, otherwise only the first level children are returned
- Returns:
Keycloak server response (GroupRepresentation)
- Return type:
dict
- get_subgroups(group, path)[source]
Get subgroups.
Utility function to iterate through nested group structures
GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation
- Parameters:
group (dict) – group (GroupRepresentation)
path (str) – group path (string)
- Returns:
Keycloak server response (GroupRepresentation)
- Return type:
dict
- get_group_children(group_id, query=None, full_hierarchy=False)[source]
Get group children by parent id.
Returns full group children details
- Parameters:
group_id (str) – The parent group id
query (dict) – Additional query options
full_hierarchy (bool) – If True, return all of the nested children groups
- Returns:
Keycloak server response (GroupRepresentation)
- Return type:
dict
- Raises:
ValueError – If both query and full_hierarchy parameters are used
- get_group_members(group_id, query=None)[source]
Get members by group id.
Returns group members
GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_userrepresentation
- Parameters:
group_id (str) – The group id
query (dict) – Additional query parameters (see https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getmembers)
- Returns:
Keycloak server response (UserRepresentation)
- Return type:
list
- get_group_by_path(path)[source]
Get group id based on name or path.
Returns full group details for a group defined by path
GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation
- Parameters:
path (str) – group path
- Returns:
Keycloak server response (GroupRepresentation)
- Return type:
dict
- create_group(payload, parent=None, skip_exists=False)[source]
Create a group in the Realm.
GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation
- Parameters:
payload (dict) – GroupRepresentation
parent (str) – parent group’s id. Required to create a sub-group.
skip_exists (bool) – If true then do not raise an error if it already exists
- Returns:
Group id for newly created group or None for an existing group
- Return type:
str
- update_group(group_id, payload)[source]
Update group, ignores subgroups.
GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation
- Parameters:
group_id (str) – id of group
payload (dict) – GroupRepresentation with updated information.
- Returns:
Http response
- Return type:
bytes
- groups_count(query=None)[source]
Count groups.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_groups
- Parameters:
query (dict) – (dict) Query parameters for groups count
- Returns:
Keycloak Server Response
- Return type:
dict
- group_set_permissions(group_id, enabled=True)[source]
Enable/Disable permissions for a group.
Cannot delete group if disabled
- Parameters:
group_id (str) – id of group
enabled (bool) – Enabled flag
- Returns:
Keycloak server response
- Return type:
bytes
- group_user_add(user_id, group_id)[source]
Add user to group (user_id and group_id).
- Parameters:
user_id (str) – id of user
group_id (str) – id of group to add to
- Returns:
Keycloak server response
- Return type:
bytes
- group_user_remove(user_id, group_id)[source]
Remove user from group (user_id and group_id).
- Parameters:
user_id (str) – id of user
group_id (str) – id of group to remove from
- Returns:
Keycloak server response
- Return type:
bytes
- delete_group(group_id)[source]
Delete a group in the Realm.
- Parameters:
group_id (str) – id of group to delete
- Returns:
Keycloak server response
- Return type:
bytes
- get_clients()[source]
Get clients.
Returns a list of clients belonging to the realm
ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
Keycloak server response (ClientRepresentation)
- Return type:
list
- get_client(client_id)[source]
Get representation of the client.
ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Parameters:
client_id (str) – id of client (not client-id)
- Returns:
Keycloak server response (ClientRepresentation)
- Return type:
dict
- get_client_id(client_id)[source]
Get internal keycloak client id from client-id.
This is required for further actions against this client.
- Parameters:
client_id (str) – clientId in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
client_id (uuid as string)
- Return type:
str
- get_client_authz_settings(client_id)[source]
Get authorization json from client.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
Keycloak server response
- Return type:
dict
- create_client_authz_resource(client_id, payload, skip_exists=False)[source]
Create resources of client.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
payload (dict) – ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation
skip_exists (bool) – Skip the creation in case the resource exists
- Returns:
Keycloak server response
- Return type:
bytes
- update_client_authz_resource(client_id, resource_id, payload)[source]
Update resource of client.
Any parameter missing from the ResourceRepresentation in the payload WILL be set to default by the Keycloak server.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
payload (dict) – ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation
client_id – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
resource_id (str) – id in ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation
- Returns:
Keycloak server response
- Return type:
bytes
- delete_client_authz_resource(client_id: str, resource_id: str)[source]
Delete a client resource.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
resource_id (str) – id in ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation
- Returns:
Keycloak server response
- Return type:
bytes
- get_client_authz_resources(client_id)[source]
Get resources from client.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
Keycloak server response (ResourceRepresentation)
- Return type:
list
- get_client_authz_resource(client_id: str, resource_id: str)[source]
Get a client resource.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
resource_id (str) – id in ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation
- Returns:
Keycloak server response (ResourceRepresentation)
- Return type:
dict
- create_client_authz_role_based_policy(client_id, payload, skip_exists=False)[source]
Create role-based policy of client.
Payload example:
payload={ "type": "role", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "name": "Policy-1", "roles": [ { "id": id } ] }
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
payload (dict) – No Document
skip_exists (bool) – Skip creation in case the object exists
- Returns:
Keycloak server response
- Return type:
bytes
- create_client_authz_policy(client_id, payload, skip_exists=False)[source]
Create an authz policy of client.
Payload example:
payload={ "name": "Policy-time-based", "type": "time", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "hourEnd": "18", "hour": "9" } }
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
payload (dict) – No Document
skip_exists (bool) – Skip creation in case the object exists
- Returns:
Keycloak server response
- Return type:
bytes
- create_client_authz_resource_based_permission(client_id, payload, skip_exists=False)[source]
Create resource-based permission of client.
Payload example:
payload={ "type": "resource", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "name": "Permission-Name", "resources": [ resource_id ], "policies": [ policy_id ]
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
payload (dict) – PolicyRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation
skip_exists (bool) – Skip creation in case the object already exists
- Returns:
Keycloak server response
- Return type:
bytes
- get_client_authz_scopes(client_id)[source]
Get scopes from client.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
Keycloak server response
- Return type:
list
- create_client_authz_scopes(client_id, payload)[source]
Create scopes for client.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
payload (dict) – ScopeRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_ScopeRepresentation
- Returns:
Keycloak server response
- Return type:
bytes
- get_client_authz_permissions(client_id)[source]
Get permissions from client.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
Keycloak server response
- Return type:
list
- get_client_authz_policies(client_id)[source]
Get policies from client.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
Keycloak server response
- Return type:
list
- delete_client_authz_policy(client_id, policy_id)[source]
Delete a policy from client.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
policy_id (str) – id in PolicyRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation
- Returns:
Keycloak server response
- Return type:
dict
- get_client_authz_policy(client_id, policy_id)[source]
Get a policy from client.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
policy_id (str) – id in PolicyRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation
- Returns:
Keycloak server response
- Return type:
dict
- get_client_service_account_user(client_id)[source]
Get service account user from client.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
UserRepresentation
- Return type:
dict
- get_client_default_client_scopes(client_id)[source]
Get all default client scopes from client.
- Parameters:
client_id (str) – id of the client in which the new default client scope should be added
- Returns:
list of client scopes with id and name
- Return type:
list
- add_client_default_client_scope(client_id, client_scope_id, payload)[source]
Add a client scope to the default client scopes from client.
Payload example:
payload={ "realm":"testrealm", "client":"aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "clientScopeId":"bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb" }
- Parameters:
client_id (str) – id of the client in which the new default client scope should be added
client_scope_id (str) – id of the new client scope that should be added
payload (dict) – dictionary with realm, client and clientScopeId
- Returns:
Http response
- Return type:
bytes
- delete_client_default_client_scope(client_id, client_scope_id)[source]
Delete a client scope from the default client scopes of the client.
- Parameters:
client_id (str) – id of the client in which the default client scope should be deleted
client_scope_id (str) – id of the client scope that should be deleted
- Returns:
list of client scopes with id and name
- Return type:
list
- get_client_optional_client_scopes(client_id)[source]
Get all optional client scopes from client.
- Parameters:
client_id (str) – id of the client in which the new optional client scope should be added
- Returns:
list of client scopes with id and name
- Return type:
list
- add_client_optional_client_scope(client_id, client_scope_id, payload)[source]
Add a client scope to the optional client scopes from client.
Payload example:
payload={ "realm":"testrealm", "client":"aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "clientScopeId":"bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb" }
- Parameters:
client_id (str) – id of the client in which the new optional client scope should be added
client_scope_id (str) – id of the new client scope that should be added
payload (dict) – dictionary with realm, client and clientScopeId
- Returns:
Http response
- Return type:
bytes
- delete_client_optional_client_scope(client_id, client_scope_id)[source]
Delete a client scope from the optional client scopes of the client.
- Parameters:
client_id (str) – id of the client in which the optional client scope should be deleted
client_scope_id (str) – id of the client scope that should be deleted
- Returns:
list of client scopes with id and name
- Return type:
list
- create_initial_access_token(count: int = 1, expiration: int = 1)[source]
Create an initial access token.
- Parameters:
count (int) – Number of clients that can be registered
expiration (int) – Days until expireation
- Returns:
initial access token
- Return type:
str
- create_client(payload, skip_exists=False)[source]
Create a client.
ClientRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Parameters:
skip_exists (bool) – If true then do not raise an error if client already exists
payload (dict) – ClientRepresentation
- Returns:
Client ID
- Return type:
str
- update_client(client_id, payload)[source]
Update a client.
- Parameters:
client_id (str) – Client id
payload (dict) – ClientRepresentation
- Returns:
Http response
- Return type:
bytes
- delete_client(client_id)[source]
Get representation of the client.
ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Parameters:
client_id (str) – keycloak client id (not oauth client-id)
- Returns:
Keycloak server response (ClientRepresentation)
- Return type:
bytes
- get_client_installation_provider(client_id, provider_id)[source]
Get content for given installation provider.
Related documentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clients_resource
Possible provider_id list available in the ServerInfoRepresentation#clientInstallations https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_serverinforepresentation
- Parameters:
client_id (str) – Client id
provider_id (str) – provider id to specify response format
- Returns:
Installation providers
- Return type:
list
- get_realm_roles(brief_representation=True, search_text='')[source]
Get all roles for the realm or client.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
brief_representation (bool) – whether to omit role attributes in the response
search_text (str) – optional search text to limit the returned result.
- Returns:
Keycloak server response (RoleRepresentation)
- Return type:
list
- get_realm_role_groups(role_name, query=None, brief_representation=True)[source]
Get role groups of realm by role name.
- Parameters:
role_name (str) – Name of the role.
query (dict) – Additional Query parameters (see https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_parameters_226)
brief_representation (bool) – whether to omit role attributes in the response
- Returns:
Keycloak Server Response (GroupRepresentation)
- Return type:
list
- get_realm_role_members(role_name, query=None)[source]
Get role members of realm by role name.
- Parameters:
role_name (str) – Name of the role.
query (dict) – Additional Query parameters (see https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_roles_resource)
- Returns:
Keycloak Server Response (UserRepresentation)
- Return type:
list
- get_default_realm_role_id()[source]
Get the ID of the default realm role.
- Returns:
Realm role ID
- Return type:
str
- get_realm_default_roles()[source]
Get all the default realm roles.
- Returns:
Keycloak Server Response (UserRepresentation)
- Return type:
list
- remove_realm_default_roles(payload)[source]
Remove a set of default realm roles.
- Parameters:
payload (list) – List of RoleRepresentations
- Returns:
Keycloak Server Response
- Return type:
dict
- add_realm_default_roles(payload)[source]
Add a set of default realm roles.
- Parameters:
payload (list) – List of RoleRepresentations
- Returns:
Keycloak Server Response
- Return type:
dict
- get_client_roles(client_id, brief_representation=True)[source]
Get all roles for the client.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
client_id (str) – id of client (not client-id)
brief_representation (bool) – whether to omit role attributes in the response
- Returns:
Keycloak server response (RoleRepresentation)
- Return type:
list
- get_client_role(client_id, role_name)[source]
Get client role id by name.
This is required for further actions with this role.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
client_id (str) – id of client (not client-id)
role_name (str) – role’s name (not id!)
- Returns:
role_id
- Return type:
str
- get_client_role_id(client_id, role_name)[source]
Get client role id by name.
This is required for further actions with this role.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
client_id (str) – id of client (not client-id)
role_name (str) – role’s name (not id!)
- Returns:
role_id
- Return type:
str
- create_client_role(client_role_id, payload, skip_exists=False)[source]
Create a client role.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
client_role_id (str) – id of client (not client-id)
payload (dict) – RoleRepresentation
skip_exists (bool) – If true then do not raise an error if client role already exists
- Returns:
Client role name
- Return type:
str
- add_composite_client_roles_to_role(client_role_id, role_name, roles)[source]
Add composite roles to client role.
- Parameters:
client_role_id (str) – id of client (not client-id)
role_name (str) – The name of the role
roles (list) – roles list or role (use RoleRepresentation) to be updated
- Returns:
Keycloak server response
- Return type:
bytes
- remove_composite_client_roles_from_role(client_role_id, role_name, roles)[source]
Remove composite roles from a client role.
- Parameters:
client_role_id (str) – id of client (not client-id)
role_name (str) – The name of the role
roles (list) – roles list or role (use RoleRepresentation) to be removed
- Returns:
Keycloak server response
- Return type:
bytes
- update_client_role(client_id, role_name, payload)[source]
Update a client role.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
client_id (str) – id of client (not client-id)
role_name (str) – role’s name (not id!)
payload (dict) – RoleRepresentation
- Returns:
Keycloak server response
- Return type:
bytes
- delete_client_role(client_role_id, role_name)[source]
Delete a client role.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
client_role_id (str) – id of client (not client-id)
role_name (str) – role’s name (not id!)
- Returns:
Keycloak server response
- Return type:
bytes
- assign_client_role(user_id, client_id, roles)[source]
Assign a client role to a user.
- Parameters:
user_id (str) – id of user
client_id (str) – id of client (not client-id)
roles (list) – roles list or role (use RoleRepresentation)
- Returns:
Keycloak server response
- Return type:
bytes
- get_client_role_members(client_id, role_name, **query)[source]
Get members by client role.
- Parameters:
client_id (str) – The client id
role_name (str) – the name of role to be queried.
query (dict) – Additional query parameters (see https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clients_resource)
- Returns:
Keycloak server response (UserRepresentation)
- Return type:
list
- get_client_role_groups(client_id, role_name, **query)[source]
Get group members by client role.
- Parameters:
client_id (str) – The client id
role_name (str) – the name of role to be queried.
query (dict) – Additional query parameters (see https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clients_resource)
- Returns:
Keycloak server response
- Return type:
list
- get_role_by_id(role_id)[source]
Get a specific role’s representation.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
role_id (str) – id of role
- Returns:
Keycloak server response (RoleRepresentation)
- Return type:
bytes
- update_role_by_id(role_id, payload)[source]
Update the role.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
payload (dict) – RoleRepresentation
role_id (str) – id of role
- Returns:
Keycloak server response
- Return type:
bytes
- delete_role_by_id(role_id)[source]
Delete a role by its id.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
role_id (str) – id of role
- Returns:
Keycloak server response
- Return type:
bytes
- create_realm_role(payload, skip_exists=False)[source]
Create a new role for the realm or client.
- Parameters:
payload (dict) – The role (use RoleRepresentation)
skip_exists (bool) – If true then do not raise an error if realm role already exists
- Returns:
Realm role name
- Return type:
str
- get_realm_role(role_name)[source]
Get realm role by role name.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
role_name (str) – role’s name, not id!
- Returns:
role
- Return type:
dict
- get_realm_role_by_id(role_id: str)[source]
Get realm role by role id.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
role_id (str) – role’s id, not name!
- Returns:
role
- Return type:
dict
- update_realm_role(role_name, payload)[source]
Update a role for the realm by name.
- Parameters:
role_name (str) – The name of the role to be updated
payload (dict) – The role (use RoleRepresentation)
- Returns:
Keycloak server response
- Return type:
bytes
- delete_realm_role(role_name)[source]
Delete a role for the realm by name.
- Parameters:
role_name (str) – The role name
- Returns:
Keycloak server response
- Return type:
bytes
- add_composite_realm_roles_to_role(role_name, roles)[source]
Add composite roles to the role.
- Parameters:
role_name (str) – The name of the role
roles (list) – roles list or role (use RoleRepresentation) to be updated
- Returns:
Keycloak server response
- Return type:
bytes
- remove_composite_realm_roles_to_role(role_name, roles)[source]
Remove composite roles from the role.
- Parameters:
role_name (str) – The name of the role
roles (list) – roles list or role (use RoleRepresentation) to be removed
- Returns:
Keycloak server response
- Return type:
bytes
- get_composite_realm_roles_of_role(role_name)[source]
Get composite roles of the role.
- Parameters:
role_name (str) – The name of the role
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
list
- assign_realm_roles_to_client_scope(client_id, roles)[source]
Assign realm roles to a client’s scope.
- Parameters:
client_id (str) – id of client (not client-id)
roles (list) – roles list or role (use RoleRepresentation)
- Returns:
Keycloak server response
- Return type:
dict
- delete_realm_roles_of_client_scope(client_id, roles)[source]
Delete realm roles of a client’s scope.
- Parameters:
client_id (str) – id of client (not client-id)
roles (list) – roles list or role (use RoleRepresentation)
- Returns:
Keycloak server response
- Return type:
dict
- get_realm_roles_of_client_scope(client_id)[source]
Get all realm roles for a client’s scope.
- Parameters:
client_id (str) – id of client (not client-id)
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
dict
- assign_client_roles_to_client_scope(client_id, client_roles_owner_id, roles)[source]
Assign client roles to a client’s dedicated scope.
To assign roles to a client scope, use add_client_specific_roles_to_client_scope.
- Parameters:
client_id (str) – id of client (not client-id) who is assigned the roles
client_roles_owner_id (str) – id of client (not client-id) who has the roles
roles (list) – roles list or role (use RoleRepresentation)
- Returns:
Keycloak server response
- Return type:
dict
- delete_client_roles_of_client_scope(client_id, client_roles_owner_id, roles)[source]
Delete client roles of a client’s dedicated scope.
To delete roles from a client scope, use remove_client_specific_roles_of_client_scope.
- Parameters:
client_id (str) – id of client (not client-id) who is assigned the roles
client_roles_owner_id (str) – id of client (not client-id) who has the roles
roles (list) – roles list or role (use RoleRepresentation)
- Returns:
Keycloak server response
- Return type:
dict
- get_client_roles_of_client_scope(client_id, client_roles_owner_id)[source]
Get all client roles for a client’s dedicated scope.
To get roles for a client scope, use get_client_specific_roles_of_client_scope.
- Parameters:
client_id (str) – id of client (not client-id)
client_roles_owner_id (str) – id of client (not client-id) who has the roles
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
dict
- assign_realm_roles(user_id, roles)[source]
Assign realm roles to a user.
- Parameters:
user_id (str) – id of user
roles (list) – roles list or role (use RoleRepresentation)
- Returns:
Keycloak server response
- Return type:
bytes
- delete_realm_roles_of_user(user_id, roles)[source]
Delete realm roles of a user.
- Parameters:
user_id (str) – id of user
roles (list) – roles list or role (use RoleRepresentation)
- Returns:
Keycloak server response
- Return type:
bytes
- get_realm_roles_of_user(user_id)[source]
Get all realm roles for a user.
- Parameters:
user_id (str) – id of user
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
list
- get_available_realm_roles_of_user(user_id)[source]
Get all available (i.e. unassigned) realm roles for a user.
- Parameters:
user_id (str) – id of user
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
list
- get_composite_realm_roles_of_user(user_id, brief_representation=True)[source]
Get all composite (i.e. implicit) realm roles for a user.
- Parameters:
user_id (str) – id of user
brief_representation (bool) – whether to omit role attributes in the response
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
list
- assign_group_realm_roles(group_id, roles)[source]
Assign realm roles to a group.
- Parameters:
group_id (str) – id of group
roles (list) – roles list or role (use GroupRoleRepresentation)
- Returns:
Keycloak server response
- Return type:
bytes
- delete_group_realm_roles(group_id, roles)[source]
Delete realm roles of a group.
- Parameters:
group_id (str) – id of group
roles (list) – roles list or role (use GroupRoleRepresentation)
- Returns:
Keycloak server response
- Return type:
bytes
- get_group_realm_roles(group_id, brief_representation=True)[source]
Get all realm roles for a group.
- Parameters:
group_id (str) – id of the group
brief_representation (bool) – whether to omit role attributes in the response
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
list
- assign_group_client_roles(group_id, client_id, roles)[source]
Assign client roles to a group.
- Parameters:
group_id (str) – id of group
client_id (str) – id of client (not client-id)
roles (list) – roles list or role (use GroupRoleRepresentation)
- Returns:
Keycloak server response
- Return type:
bytes
- get_group_client_roles(group_id, client_id)[source]
Get client roles of a group.
- Parameters:
group_id (str) – id of group
client_id (str) – id of client (not client-id)
- Returns:
Keycloak server response
- Return type:
list
- delete_group_client_roles(group_id, client_id, roles)[source]
Delete client roles of a group.
- Parameters:
group_id (str) – id of group
client_id (str) – id of client (not client-id)
roles (list) – roles list or role (use GroupRoleRepresentation)
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
bytes
- get_all_roles_of_user(user_id)[source]
Get all level roles for a user.
- Parameters:
user_id (str) – id of user
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
list
- get_client_roles_of_user(user_id, client_id)[source]
Get all client roles for a user.
- Parameters:
user_id (str) – id of user
client_id (str) – id of client (not client-id)
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
list
- get_available_client_roles_of_user(user_id, client_id)[source]
Get available client role-mappings for a user.
- Parameters:
user_id (str) – id of user
client_id (str) – id of client (not client-id)
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
list
- get_composite_client_roles_of_user(user_id, client_id, brief_representation=False)[source]
Get composite client role-mappings for a user.
- Parameters:
user_id (str) – id of user
client_id (str) – id of client (not client-id)
brief_representation (bool) – whether to omit attributes in the response
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
list
- _get_client_roles_of_user(client_level_role_mapping_url, user_id, client_id, **params)[source]
Get client roles of a single user helper.
- Parameters:
client_level_role_mapping_url (str) – Url for the client role mapping
user_id (str) – User id
client_id (str) – Client id
params (dict) – Additional parameters
- Returns:
Client roles of a user
- Return type:
list
- delete_client_roles_of_user(user_id, client_id, roles)[source]
Delete client roles from a user.
- Parameters:
user_id (str) – id of user
client_id (str) – id of client containing role (not client-id)
roles (list) – roles list or role to delete (use RoleRepresentation)
- Returns:
Keycloak server response
- Return type:
bytes
- get_authentication_flows()[source]
Get authentication flows.
Returns all flow details
AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationflowrepresentation
- Returns:
Keycloak server response (AuthenticationFlowRepresentation)
- Return type:
list
- get_authentication_flow_for_id(flow_id)[source]
Get one authentication flow by it’s id.
Returns all flow details
AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationflowrepresentation
- Parameters:
flow_id (str) – the id of a flow NOT it’s alias
- Returns:
Keycloak server response (AuthenticationFlowRepresentation)
- Return type:
dict
- create_authentication_flow(payload, skip_exists=False)[source]
Create a new authentication flow.
AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationflowrepresentation
- Parameters:
payload (dict) – AuthenticationFlowRepresentation
skip_exists (bool) – Do not raise an error if authentication flow already exists
- Returns:
Keycloak server response (RoleRepresentation)
- Return type:
bytes
- copy_authentication_flow(payload, flow_alias)[source]
Copy existing authentication flow under a new name.
The new name is given as ‘newName’ attribute of the passed payload.
- Parameters:
payload (dict) – JSON containing ‘newName’ attribute
flow_alias (str) – the flow alias
- Returns:
Keycloak server response (RoleRepresentation)
- Return type:
bytes
- delete_authentication_flow(flow_id)[source]
Delete authentication flow.
AuthenticationInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationinforepresentation
- Parameters:
flow_id (str) – authentication flow id
- Returns:
Keycloak server response
- Return type:
bytes
- get_authentication_flow_executions(flow_alias)[source]
Get authentication flow executions.
Returns all execution steps
- Parameters:
flow_alias (str) – the flow alias
- Returns:
Response(json)
- Return type:
list
- update_authentication_flow_executions(payload, flow_alias)[source]
Update an authentication flow execution.
AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationexecutioninforepresentation
- Parameters:
payload (dict) – AuthenticationExecutionInfoRepresentation
flow_alias (str) – The flow alias
- Returns:
Keycloak server response
- Return type:
bytes
- get_authentication_flow_execution(execution_id)[source]
Get authentication flow execution.
AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationexecutioninforepresentation
- Parameters:
execution_id (str) – the execution ID
- Returns:
Response(json)
- Return type:
dict
- create_authentication_flow_execution(payload, flow_alias)[source]
Create an authentication flow execution.
AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationexecutioninforepresentation
- Parameters:
payload (dict) – AuthenticationExecutionInfoRepresentation
flow_alias (str) – The flow alias
- Returns:
Keycloak server response
- Return type:
bytes
- delete_authentication_flow_execution(execution_id)[source]
Delete authentication flow execution.
AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationexecutioninforepresentation
- Parameters:
execution_id (str) – keycloak client id (not oauth client-id)
- Returns:
Keycloak server response (json)
- Return type:
bytes
- create_authentication_flow_subflow(payload, flow_alias, skip_exists=False)[source]
Create a new sub authentication flow for a given authentication flow.
AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationflowrepresentation
- Parameters:
payload (dict) – AuthenticationFlowRepresentation
flow_alias (str) – The flow alias
skip_exists (bool) – Do not raise an error if authentication flow already exists
- Returns:
Keycloak server response (RoleRepresentation)
- Return type:
bytes
- get_authenticator_providers()[source]
Get authenticator providers list.
- Returns:
Authenticator providers
- Return type:
list
- get_authenticator_provider_config_description(provider_id)[source]
Get authenticator’s provider configuration description.
AuthenticatorConfigInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticatorconfiginforepresentation
- Parameters:
provider_id (str) – Provider Id
- Returns:
AuthenticatorConfigInfoRepresentation
- Return type:
dict
- get_authenticator_config(config_id)[source]
Get authenticator configuration.
Returns all configuration details.
- Parameters:
config_id (str) – Authenticator config id
- Returns:
Response(json)
- Return type:
dict
- update_authenticator_config(payload, config_id)[source]
Update an authenticator configuration.
AuthenticatorConfigRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticatorconfigrepresentation
- Parameters:
payload (dict) – AuthenticatorConfigRepresentation
config_id (str) – Authenticator config id
- Returns:
Response(json)
- Return type:
bytes
- delete_authenticator_config(config_id)[source]
Delete a authenticator configuration.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authentication_management_resource
- Parameters:
config_id (str) – Authenticator config id
- Returns:
Keycloak server Response
- Return type:
bytes
- sync_users(storage_id, action)[source]
Trigger user sync from provider.
- Parameters:
storage_id (str) – The id of the user storage provider
action (str) – Action can be “triggerFullSync” or “triggerChangedUsersSync”
- Returns:
Keycloak server response
- Return type:
bytes
- get_client_scopes()[source]
Get client scopes.
Get representation of the client scopes for the realm where we are connected to https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientscopes
- Returns:
Keycloak server response Array of (ClientScopeRepresentation)
- Return type:
list
- get_client_scope(client_scope_id)[source]
Get client scope.
Get representation of the client scopes for the realm where we are connected to https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientscopes
- Parameters:
client_scope_id (str) – The id of the client scope
- Returns:
Keycloak server response (ClientScopeRepresentation)
- Return type:
dict
- get_client_scope_by_name(client_scope_name)[source]
Get client scope by name.
Get representation of the client scope identified by the client scope name.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientscopes :param client_scope_name: (str) Name of the client scope :type client_scope_name: str :returns: ClientScopeRepresentation or None :rtype: dict
- create_client_scope(payload, skip_exists=False)[source]
Create a client scope.
ClientScopeRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientscopes
- Parameters:
payload (dict) – ClientScopeRepresentation
skip_exists (bool) – If true then do not raise an error if client scope already exists
- Returns:
Client scope id
- Return type:
str
- update_client_scope(client_scope_id, payload)[source]
Update a client scope.
ClientScopeRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_client_scopes_resource
- Parameters:
client_scope_id (str) – The id of the client scope
payload (dict) – ClientScopeRepresentation
- Returns:
Keycloak server response (ClientScopeRepresentation)
- Return type:
bytes
- delete_client_scope(client_scope_id)[source]
Delete existing client scope.
ClientScopeRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_client_scopes_resource
- Parameters:
client_scope_id (str) – The id of the client scope
- Returns:
Keycloak server response
- Return type:
bytes
- get_mappers_from_client_scope(client_scope_id)[source]
Get a list of all mappers connected to the client scope.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_protocol_mappers_resource :param client_scope_id: Client scope id :type client_scope_id: str :returns: Keycloak server response (ProtocolMapperRepresentation) :rtype: list
- add_mapper_to_client_scope(client_scope_id, payload)[source]
Add a mapper to a client scope.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_create_mapper
- Parameters:
client_scope_id (str) – The id of the client scope
payload (dict) – ProtocolMapperRepresentation
- Returns:
Keycloak server Response
- Return type:
bytes
- delete_mapper_from_client_scope(client_scope_id, protocol_mapper_id)[source]
Delete a mapper from a client scope.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_delete_mapper
- Parameters:
client_scope_id (str) – The id of the client scope
protocol_mapper_id (str) – Protocol mapper id
- Returns:
Keycloak server Response
- Return type:
bytes
- update_mapper_in_client_scope(client_scope_id, protocol_mapper_id, payload)[source]
Update an existing protocol mapper in a client scope.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_protocol_mappers_resource
- Parameters:
client_scope_id (str) – The id of the client scope
protocol_mapper_id (str) – The id of the protocol mapper which exists in the client scope and should to be updated
payload (dict) – ProtocolMapperRepresentation
- Returns:
Keycloak server Response
- Return type:
bytes
- get_default_default_client_scopes()[source]
Get default default client scopes.
Return list of default default client scopes
- Returns:
Keycloak server response
- Return type:
list
- delete_default_default_client_scope(scope_id)[source]
Delete default default client scope.
- Parameters:
scope_id (str) – default default client scope id
- Returns:
Keycloak server response
- Return type:
list
- add_default_default_client_scope(scope_id)[source]
Add default default client scope.
- Parameters:
scope_id (str) – default default client scope id
- Returns:
Keycloak server response
- Return type:
bytes
- get_default_optional_client_scopes()[source]
Get default optional client scopes.
Return list of default optional client scopes
- Returns:
Keycloak server response
- Return type:
list
- delete_default_optional_client_scope(scope_id)[source]
Delete default optional client scope.
- Parameters:
scope_id (str) – default optional client scope id
- Returns:
Keycloak server response
- Return type:
bytes
- add_default_optional_client_scope(scope_id)[source]
Add default optional client scope.
- Parameters:
scope_id (str) – default optional client scope id
- Returns:
Keycloak server response
- Return type:
bytes
- add_client_specific_roles_to_client_scope(client_scope_id, client_roles_owner_id, roles)[source]
Assign client roles to a client scope.
To assign roles to a client’s dedicated scope, use assign_client_roles_to_client_scope.
- Parameters:
client_scope_id (str) – client scope id
client_roles_owner_id (str) – id of client (not client-id) who has the roles
roles (list) – roles list or role (use RoleRepresentation, must include id and name)
- Returns:
Keycloak server response
- Return type:
dict
- remove_client_specific_roles_of_client_scope(client_scope_id, client_roles_owner_id, roles)[source]
Delete client roles of a client scope.
To delete roles from a client’s dedicated scope, use delete_client_roles_of_client_scope.
- Parameters:
client_scope_id (str) – client scope id
client_roles_owner_id (str) – id of client (not client-id) who has the roles
roles (list) – roles list or role (use RoleRepresentation, must include id and name)
- Returns:
Keycloak server response
- Return type:
dict
- get_client_specific_roles_of_client_scope(client_scope_id, client_roles_owner_id)[source]
Get client roles for a client scope, for a specific client.
To get roles for a client’s dedicated scope, use get_client_roles_of_client_scope.
- Parameters:
client_scope_id (str) – client scope id
client_roles_owner_id (str) – id of client (not client-id) who has the roles
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
dict
- get_all_roles_of_client_scope(client_scope_id)[source]
Get all client roles for a client scope.
To get roles for a client’s dedicated scope, use get_client_roles_of_client_scope.
- Parameters:
client_scope_id (str) – client scope id
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
dict
- get_mappers_from_client(client_id)[source]
List of all client mappers.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_protocolmapperrepresentation
- Parameters:
client_id (str) – Client id
- Returns:
KeycloakServerResponse (list of ProtocolMapperRepresentation)
- Return type:
list
- add_mapper_to_client(client_id, payload)[source]
Add a mapper to a client.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_create_mapper
- Parameters:
client_id (str) – The id of the client
payload (dict) – ProtocolMapperRepresentation
- Returns:
Keycloak server Response
- Return type:
bytes
- update_client_mapper(client_id, mapper_id, payload)[source]
Update client mapper.
- Parameters:
client_id (str) – The id of the client
mapper_id (str) – The id of the mapper to be deleted
payload (dict) – ProtocolMapperRepresentation
- Returns:
Keycloak server response
- Return type:
bytes
- remove_client_mapper(client_id, client_mapper_id)[source]
Remove a mapper from the client.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_protocol_mappers_resource
- Parameters:
client_id (str) – The id of the client
client_mapper_id (str) – The id of the mapper to be deleted
- Returns:
Keycloak server response
- Return type:
bytes
- generate_client_secrets(client_id)[source]
Generate a new secret for the client.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_regeneratesecret
- Parameters:
client_id (str) – id of client (not client-id)
- Returns:
Keycloak server response (ClientRepresentation)
- Return type:
bytes
- get_client_secrets(client_id)[source]
Get representation of the client secrets.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientsecret
- Parameters:
client_id (str) – id of client (not client-id)
- Returns:
Keycloak server response (ClientRepresentation)
- Return type:
list
- get_components(query=None)[source]
Get components.
Return a list of components, filtered according to query parameters
ComponentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_componentrepresentation
- Parameters:
query (dict) – Query parameters (optional)
- Returns:
components list
- Return type:
list
- create_component(payload)[source]
Create a new component.
ComponentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_componentrepresentation
- Parameters:
payload (dict) – ComponentRepresentation
- Returns:
Component id
- Return type:
str
- get_component(component_id)[source]
Get representation of the component.
- Parameters:
component_id – Component id
ComponentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_componentrepresentation
- Parameters:
component_id (str) – Id of the component
- Returns:
ComponentRepresentation
- Return type:
dict
- update_component(component_id, payload)[source]
Update the component.
- Parameters:
component_id (str) – Component id
payload (dict) – ComponentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_componentrepresentation
- Returns:
Http response
- Return type:
bytes
- delete_component(component_id)[source]
Delete the component.
- Parameters:
component_id (str) – Component id
- Returns:
Http response
- Return type:
bytes
- get_keys()[source]
Get keys.
Return a list of keys, filtered according to query parameters
KeysMetadataRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_key_resource
- Returns:
keys list
- Return type:
list
- get_admin_events(query=None)[source]
Get Administrative events.
Return a list of events, filtered according to query parameters
AdminEvents Representation array https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getevents https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_get_adminrealmsrealmadmin_events
- Parameters:
query (dict) – Additional query parameters
- Returns:
events list
- Return type:
list
- get_events(query=None)[source]
Get events.
Return a list of events, filtered according to query parameters
EventRepresentation array https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_eventrepresentation
- Parameters:
query (dict) – Additional query parameters
- Returns:
events list
- Return type:
list
- set_events(payload)[source]
Set realm events configuration.
RealmEventsConfigRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmeventsconfigrepresentation
- Parameters:
payload (dict) – Payload object for the events configuration
- Returns:
Http response
- Return type:
bytes
- get_client_all_sessions(client_id)[source]
Get sessions associated with the client.
UserSessionRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_usersessionrepresentation
- Parameters:
client_id (str) – id of client
- Returns:
UserSessionRepresentation
- Return type:
list
- get_client_sessions_stats()[source]
Get current session count for all clients with active sessions.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientsessionstats
- Returns:
Dict of clients and session count
- Return type:
dict
- get_client_management_permissions(client_id)[source]
Get management permissions for a client.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
Keycloak server response
- Return type:
list
- update_client_management_permissions(payload, client_id)[source]
Update management permissions for a client.
ManagementPermissionReference https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_managementpermissionreference
Payload example:
payload={ "enabled": true }
- Parameters:
payload (dict) – ManagementPermissionReference
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
Keycloak server response
- Return type:
bytes
- get_client_authz_policy_scopes(client_id, policy_id)[source]
Get scopes for a given policy.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
policy_id (str) – No Document
- Returns:
Keycloak server response
- Return type:
list
- get_client_authz_policy_resources(client_id, policy_id)[source]
Get resources for a given policy.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
policy_id (str) – No Document
- Returns:
Keycloak server response
- Return type:
list
- get_client_authz_scope_permission(client_id, scope_id)[source]
Get permissions for a given scope.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
scope_id (str) – No Document
- Returns:
Keycloak server response
- Return type:
list
- create_client_authz_scope_permission(payload, client_id)[source]
Create permissions for a authz scope.
Payload example:
payload={ "name": "My Permission Name", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "resources": [some_resource_id], "scopes": [some_scope_id], "policies": [some_policy_id], }
- Parameters:
payload (dict) – No Document
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
Keycloak server response
- Return type:
bytes
- update_client_authz_scope_permission(payload, client_id, scope_id)[source]
Update permissions for a given scope.
Payload example:
payload={ "id": scope_id, "name": "My Permission Name", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "resources": [some_resource_id], "scopes": [some_scope_id], "policies": [some_policy_id], }
- Parameters:
payload (dict) – No Document
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
scope_id (str) – No Document
- Returns:
Keycloak server response
- Return type:
bytes
- update_client_authz_resource_permission(payload, client_id, resource_id)[source]
Update permissions for a given resource.
Payload example:
payload={ "id": resource_id, "name": "My Permission Name", "type": "resource", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "resources": [some_resource_id], "scopes": [], "policies": [some_policy_id], }
- Parameters:
payload (dict) – No Document
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
resource_id (str) – No Document
- Returns:
Keycloak server response
- Return type:
bytes
- get_client_authz_client_policies(client_id)[source]
Get policies for a given client.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
Keycloak server response (RoleRepresentation)
- Return type:
list
- get_client_authz_permission_associated_policies(client_id, policy_id)[source]
Get associated policies for a given client permission.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
policy_id (str) – id in PolicyRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation
- Returns:
Keycloak server response (RoleRepresentation)
- Return type:
list
- create_client_authz_client_policy(payload, client_id)[source]
Create a new policy for a given client.
Payload example:
payload={ "type": "client", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "name": "My Policy", "clients": [other_client_id], }
- Parameters:
payload (dict) – No Document
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
Keycloak server response (RoleRepresentation)
- Return type:
bytes
- get_composite_client_roles_of_group(client_id, group_id, brief_representation=True)[source]
Get the composite client roles of the given group for the given client.
- Parameters:
client_id (str) – id of the client.
group_id (str) – id of the group.
brief_representation (bool) – whether to omit attributes in the response
- Returns:
the composite client roles of the group (list of RoleRepresentation).
- Return type:
list
- get_role_client_level_children(client_id, role_id)[source]
Get the child roles of which the given composite client role is composed of.
- Parameters:
client_id (str) – id of the client.
role_id (str) – id of the role.
- Returns:
the child roles (list of RoleRepresentation).
- Return type:
list
- upload_certificate(client_id, certcont)[source]
Upload a new certificate for the client.
- Parameters:
client_id (str) – id of the client.
certcont (str) – the content of the certificate.
- Returns:
dictionary {“certificate”: “<certcont>”}, where <certcont> is the content of the uploaded certificate.
- Return type:
dict
- get_required_action_by_alias(action_alias)[source]
Get a required action by its alias.
- Parameters:
action_alias (str) – the alias of the required action.
- Returns:
the required action (RequiredActionProviderRepresentation).
- Return type:
dict
- get_required_actions()[source]
Get the required actions for the realms.
- Returns:
the required actions (list of RequiredActionProviderRepresentation).
- Return type:
list
- update_required_action(action_alias, payload)[source]
Update a required action.
- Parameters:
action_alias (str) – the action alias.
payload (dict) – the new required action (RequiredActionProviderRepresentation).
- Returns:
empty dictionary.
- Return type:
dict
- get_bruteforce_detection_status(user_id)[source]
Get bruteforce detection status for user.
- Parameters:
user_id (str) – User id
- Returns:
Bruteforce status.
- Return type:
dict
- clear_bruteforce_attempts_for_user(user_id)[source]
Clear bruteforce attempts for user.
- Parameters:
user_id (str) – User id
- Returns:
empty dictionary.
- Return type:
dict
- clear_all_bruteforce_attempts()[source]
Clear bruteforce attempts for all users in realm.
- Returns:
empty dictionary.
- Return type:
dict
- async a___fetch_all(url, query=None)[source]
Paginate asynchronously over get requests .
Wrapper function to paginate GET requests.
- Parameters:
url (str) – The url on which the query is executed
query (dict) – Existing query parameters (optional)
- Returns:
Combined results of paginated queries
- Return type:
list
- async a___fetch_paginated(url, query=None)[source]
Make a specific paginated request asynchronously.
- Parameters:
url (str) – The url on which the query is executed
query (dict) – Pagination settings
- Returns:
Response
- Return type:
dict
- async a_get_current_realm() str [source]
Return the currently configured realm asynchronously.
- Returns:
Currently configured realm name
- Return type:
str
- async a_change_current_realm(realm_name: str) None [source]
Change the current realm asynchronously.
- Parameters:
realm_name (str) – The name of the realm to be configured as current
- async a_import_realm(payload)[source]
Import a new realm asynchronously from a RealmRepresentation.
Realm name must be unique.
RealmRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmrepresentation
- Parameters:
payload (dict) – RealmRepresentation
- Returns:
RealmRepresentation
- Return type:
dict
- async a_partial_import_realm(realm_name, payload)[source]
Partial import realm configuration asynchronously from PartialImportRepresentation.
Realm partialImport is used for modifying configuration of existing realm.
PartialImportRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_partialimportrepresentation
- Parameters:
realm_name (str) – Realm name (not the realm id)
payload (dict) – PartialImportRepresentation
- Returns:
PartialImportResponse
- Return type:
dict
- async a_export_realm(export_clients=False, export_groups_and_role=False)[source]
Export the realm configurations asynchronously in the json format.
RealmRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_partialexport
- Parameters:
export_clients (bool) – Skip if not want to export realm clients
export_groups_and_role (bool) – Skip if not want to export realm groups and roles
- Returns:
realm configurations JSON
- Return type:
dict
- async a_get_realms()[source]
List all realms in asynchronouslyKeycloak deployment.
- Returns:
realms list
- Return type:
list
- async a_get_realm(realm_name)[source]
Get a specific realm asynchronously.
RealmRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmrepresentation
- Parameters:
realm_name (str) – Realm name (not the realm id)
- Returns:
RealmRepresentation
- Return type:
dict
- async a_create_realm(payload, skip_exists=False)[source]
Create a realm asynchronously.
RealmRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmrepresentation
- Parameters:
payload (dict) – RealmRepresentation
skip_exists (bool) – Skip if Realm already exist.
- Returns:
Keycloak server response (RealmRepresentation)
- Return type:
dict
- async a_update_realm(realm_name, payload)[source]
Update a realm asynchronously.
This will only update top level attributes and will ignore any user, role, or client information in the payload.
RealmRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmrepresentation
- Parameters:
realm_name (str) – Realm name (not the realm id)
payload (dict) – RealmRepresentation
- Returns:
Http response
- Return type:
dict
- async a_delete_realm(realm_name)[source]
Delete a realm asynchronously.
- Parameters:
realm_name (str) – Realm name (not the realm id)
- Returns:
Http response
- Return type:
dict
- async a_get_users(query=None)[source]
Get all users asynchronously.
Return a list of users, filtered according to query parameters
UserRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userrepresentation
- Parameters:
query (dict) – Query parameters (optional)
- Returns:
users list
- Return type:
list
- async a_create_idp(payload)[source]
Create an ID Provider asynchronously.
IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identityproviderrepresentation
- Param:
payload: IdentityProviderRepresentation
- Returns:
Keycloak server response
- Return type:
dict
- async a_update_idp(idp_alias, payload)[source]
Update an ID Provider asynchronously.
IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identity_providers_resource
- Param:
idp_alias: alias for IdP to update
- Param:
payload: The IdentityProviderRepresentation
- Returns:
Keycloak server response
- Return type:
dict
- async a_add_mapper_to_idp(idp_alias, payload)[source]
Create an ID Provider asynchronously.
IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identityprovidermapperrepresentation
- Param:
idp_alias: alias for Idp to add mapper in
- Param:
payload: IdentityProviderMapperRepresentation
- Returns:
Keycloak server response
- Return type:
dict
- async a_update_mapper_in_idp(idp_alias, mapper_id, payload)[source]
Update an IdP mapper asynchronously.
IdentityProviderMapperRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_update
- Param:
idp_alias: alias for Idp to fetch mappers
- Param:
mapper_id: Mapper Id to update
- Param:
payload: IdentityProviderMapperRepresentation
- Returns:
Http response
- Return type:
dict
- async a_get_idp_mappers(idp_alias)[source]
Get IDP mappers asynchronously.
Returns a list of ID Providers mappers
IdentityProviderMapperRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getmappers
- Param:
idp_alias: alias for Idp to fetch mappers
- Returns:
array IdentityProviderMapperRepresentation
- Return type:
list
- async a_get_idps()[source]
Get IDPs asynchronously.
Returns a list of ID Providers,
IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identityproviderrepresentation
- Returns:
array IdentityProviderRepresentation
- Return type:
list
- async a_get_idp(idp_alias)[source]
Get IDP provider asynchronously.
Get the representation of a specific IDP Provider.
IdentityProviderRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_identityproviderrepresentation
- Param:
idp_alias: alias for IdP to get
- Returns:
IdentityProviderRepresentation
- Return type:
dict
- async a_delete_idp(idp_alias)[source]
Delete an ID Provider asynchronously.
- Param:
idp_alias: idp alias name
- Returns:
Keycloak server response
- Return type:
dict
- async a_create_user(payload, exist_ok=False)[source]
Create a new user asynchronously.
Username must be unique
UserRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userrepresentation
- Parameters:
payload (dict) – UserRepresentation
exist_ok (bool) – If False, raise KeycloakGetError if username already exists. Otherwise, return existing user ID.
- Returns:
user_id
- Return type:
str
- async a_users_count(query=None)[source]
Count users asynchronously.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_users_resource
- Parameters:
query (dict) – (dict) Query parameters for users count
- Returns:
counter
- Return type:
int
- async a_get_user_id(username)[source]
Get internal keycloak user id from username asynchronously.
This is required for further actions against this user.
UserRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userrepresentation
- Parameters:
username (str) – id in UserRepresentation
- Returns:
user_id
- Return type:
str
- async a_get_user(user_id)[source]
Get representation of the user asynchronously.
UserRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userrepresentation
- Parameters:
user_id (str) – User id
- Returns:
UserRepresentation
- async a_get_user_groups(user_id, query=None, brief_representation=True)[source]
Get user groups asynchronously.
Returns a list of groups of which the user is a member
- Parameters:
user_id (str) – User id
query (dict) – Additional query options
brief_representation (bool) – whether to omit attributes in the response
- Returns:
user groups list
- Return type:
list
- async a_update_user(user_id, payload)[source]
Update the user asynchronously.
- Parameters:
user_id (str) – User id
payload (dict) – UserRepresentation
- Returns:
Http response
- Return type:
bytes
- async a_disable_user(user_id)[source]
Disable the user asynchronously from the realm. Disabled users can not log in.
- Parameters:
user_id (str) – User id
- Returns:
Http response
- Return type:
bytes
- async a_enable_user(user_id)[source]
Enable the user from the realm asynchronously.
- Parameters:
user_id (str) – User id
- Returns:
Http response
- Return type:
bytes
- async a_delete_user(user_id)[source]
Delete the user asynchronously.
- Parameters:
user_id (str) – User id
- Returns:
Http response
- Return type:
bytes
- async a_set_user_password(user_id, password, temporary=True)[source]
Set up a password for the user asynchronously.
If temporary is True, the user will have to reset the temporary password next time they log in.
https://www.keycloak.org/docs-api/24.0.2/rest-api/#_users_resource https://www.keycloak.org/docs-api/24.0.2/rest-api/#_credentialrepresentation
- Parameters:
user_id (str) – User id
password (str) – New password
temporary (bool) – True if password is temporary
- Returns:
Response
- Return type:
dict
- async a_get_credentials(user_id)[source]
Get user credentials asynchronously.
Returns a list of credential belonging to the user.
CredentialRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_credentialrepresentation
- Param:
user_id: user id
- Returns:
Keycloak server response (CredentialRepresentation)
- Return type:
dict
- async a_delete_credential(user_id, credential_id)[source]
Delete credential of the user asynchronously.
CredentialRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_credentialrepresentation
- Param:
user_id: user id
- Param:
credential_id: credential id
- Returns:
Keycloak server response (ClientRepresentation)
- Return type:
bytes
- async a_user_logout(user_id)[source]
Log out the user.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_logout
- Parameters:
user_id (str) – User id
- Returns:
Keycloak server response
- Return type:
bytes
- async a_user_consents(user_id)[source]
Get consents granted asynchronously by the user.
UserConsentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_userconsentrepresentation
- Parameters:
user_id (str) – User id
- Returns:
List of UserConsentRepresentations
- Return type:
list
- async a_get_user_social_logins(user_id)[source]
Get user social logins asynchronously.
Returns a list of federated identities/social logins of which the user has been associated with :param user_id: User id :type user_id: str :returns: Federated identities list :rtype: list
- async a_add_user_social_login(user_id, provider_id, provider_userid, provider_username)[source]
Add a federated identity / social login provider asynchronously to the user.
- Parameters:
user_id (str) – User id
provider_id (str) – Social login provider id
provider_userid (str) – userid specified by the provider
provider_username (str) – username specified by the provider
- Returns:
Keycloak server response
- Return type:
bytes
- async a_delete_user_social_login(user_id, provider_id)[source]
Delete a federated identity / social login provider asynchronously from the user.
- Parameters:
user_id (str) – User id
provider_id (str) – Social login provider id
- Returns:
Keycloak server response
- Return type:
bytes
- async a_send_update_account(user_id, payload, client_id=None, lifespan=None, redirect_uri=None)[source]
Send an update account email to the user asynchronously.
An email contains a link the user can click to perform a set of required actions.
- Parameters:
user_id (str) – User id
payload (list) – A list of actions for the user to complete
client_id (str) – Client id (optional)
lifespan (int) – Number of seconds after which the generated token expires (optional)
redirect_uri (str) – The redirect uri (optional)
- Returns:
Keycloak server response
- Return type:
bytes
- async a_send_verify_email(user_id, client_id=None, redirect_uri=None)[source]
Send a update account email to the user asynchronously.
An email contains a link the user can click to perform a set of required actions.
- Parameters:
user_id (str) – User id
client_id (str) – Client id (optional)
redirect_uri (str) – Redirect uri (optional)
- Returns:
Keycloak server response
- Return type:
bytes
- async a_get_sessions(user_id)[source]
Get sessions associated with the user asynchronously.
UserSessionRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_usersessionrepresentation
- Parameters:
user_id (str) – Id of user
- Returns:
UserSessionRepresentation
- Return type:
dict
- async a_get_server_info()[source]
Get themes, social providers, etc. on this server asynchronously.
ServerInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_serverinforepresentation
- Returns:
ServerInfoRepresentation
- Return type:
dict
- async a_get_groups(query=None, full_hierarchy=False)[source]
Get groups asynchronously.
Returns a list of groups belonging to the realm
GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation
Notice that when using full_hierarchy=True, the response will be a nested structure containing all the children groups. If used with query parameters, the full_hierarchy will be applied to the received groups only.
- Parameters:
query (dict) – Additional query options
full_hierarchy (bool) – If True, return all of the nested children groups, otherwise only the first level children are returned
- Returns:
array GroupRepresentation
- Return type:
list
- async a_get_group(group_id, full_hierarchy=False)[source]
Get group by id asynchronously.
Returns full group details
GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation
- Parameters:
group_id (str) – The group id
full_hierarchy (bool) – If True, return all of the nested children groups, otherwise only the first level children are returned
- Returns:
Keycloak server response (GroupRepresentation)
- Return type:
dict
- async a_get_subgroups(group, path)[source]
Get subgroups asynchronously.
Utility function to iterate through nested group structures
GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation
- Parameters:
group (dict) – group (GroupRepresentation)
path (str) – group path (string)
- Returns:
Keycloak server response (GroupRepresentation)
- Return type:
dict
- async a_get_group_children(group_id, query=None, full_hierarchy=False)[source]
Get group children by parent id asynchronously.
Returns full group children details
- Parameters:
group_id (str) – The parent group id
query (dict) – Additional query options
full_hierarchy (bool) – If True, return all of the nested children groups
- Returns:
Keycloak server response (GroupRepresentation)
- Return type:
dict
- Raises:
ValueError – If both query and full_hierarchy parameters are used
- async a_get_group_members(group_id, query=None)[source]
Get members by group id asynchronously.
Returns group members
GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_userrepresentation
- Parameters:
group_id (str) – The group id
query (dict) – Additional query parameters (see https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getmembers)
- Returns:
Keycloak server response (UserRepresentation)
- Return type:
list
- async a_get_group_by_path(path)[source]
Get group id based on name or path asynchronously .
Returns full group details for a group defined by path
GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation
- Parameters:
path (str) – group path
- Returns:
Keycloak server response (GroupRepresentation)
- Return type:
dict
- async a_create_group(payload, parent=None, skip_exists=False)[source]
Create a group in the Realm asynchronously.
GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation
- Parameters:
payload (dict) – GroupRepresentation
parent (str) – parent group’s id. Required to create a sub-group.
skip_exists (bool) – If true then do not raise an error if it already exists
- Returns:
Group id for newly created group or None for an existing group
- Return type:
str
- async a_update_group(group_id, payload)[source]
Update group, ignores subgroups asynchronously.
GroupRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/#_grouprepresentation
- Parameters:
group_id (str) – id of group
payload (dict) – GroupRepresentation with updated information.
- Returns:
Http response
- Return type:
bytes
- async a_groups_count(query=None)[source]
Count groups asynchronously.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_groups
- Parameters:
query (dict) – (dict) Query parameters for groups count
- Returns:
Keycloak Server Response
- Return type:
dict
- async a_group_set_permissions(group_id, enabled=True)[source]
Enable/Disable permissions for a group asynchronously.
Cannot delete group if disabled
- Parameters:
group_id (str) – id of group
enabled (bool) – Enabled flag
- Returns:
Keycloak server response
- Return type:
bytes
- async a_group_user_add(user_id, group_id)[source]
Add user to group (user_id and group_id) asynchronously.
- Parameters:
user_id (str) – id of user
group_id (str) – id of group to add to
- Returns:
Keycloak server response
- Return type:
bytes
- async a_group_user_remove(user_id, group_id)[source]
Remove user from group (user_id and group_id) asynchronously.
- Parameters:
user_id (str) – id of user
group_id (str) – id of group to remove from
- Returns:
Keycloak server response
- Return type:
bytes
- async a_delete_group(group_id)[source]
Delete a group in the Realm asynchronously.
- Parameters:
group_id (str) – id of group to delete
- Returns:
Keycloak server response
- Return type:
bytes
- async a_get_clients()[source]
Get clients asynchronously.
Returns a list of clients belonging to the realm
ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
Keycloak server response (ClientRepresentation)
- Return type:
list
- async a_get_client(client_id)[source]
Get representation of the client asynchronously.
ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Parameters:
client_id (str) – id of client (not client-id)
- Returns:
Keycloak server response (ClientRepresentation)
- Return type:
dict
- async a_get_client_id(client_id)[source]
Get internal keycloak client id from client-id asynchronously.
This is required for further actions against this client.
- Parameters:
client_id (str) – clientId in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
client_id (uuid as string)
- Return type:
str
- async a_get_client_authz_settings(client_id)[source]
Get authorization json from client asynchronously.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
Keycloak server response
- Return type:
dict
- async a_create_client_authz_resource(client_id, payload, skip_exists=False)[source]
Create resources of client asynchronously.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
payload (dict) – ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation
skip_exists (bool) – Skip the creation in case the resource exists
- Returns:
Keycloak server response
- Return type:
bytes
- async a_update_client_authz_resource(client_id, resource_id, payload)[source]
Update resource of client asynchronously.
Any parameter missing from the ResourceRepresentation in the payload WILL be set to default by the Keycloak server.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
payload (dict) – ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation
client_id – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
resource_id (str) – id in ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation
- Returns:
Keycloak server response
- Return type:
bytes
- async a_delete_client_authz_resource(client_id: str, resource_id: str)[source]
Delete a client resource asynchronously.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
resource_id (str) – id in ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation
- Returns:
Keycloak server response
- Return type:
bytes
- async a_get_client_authz_resources(client_id)[source]
Get resources from client asynchronously.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
Keycloak server response (ResourceRepresentation)
- Return type:
list
- async a_get_client_authz_resource(client_id: str, resource_id: str)[source]
Get a client resource asynchronously.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
resource_id (str) – id in ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation
- Returns:
Keycloak server response (ResourceRepresentation)
- Return type:
dict
- async a_create_client_authz_role_based_policy(client_id, payload, skip_exists=False)[source]
Create role-based policy of client asynchronously.
Payload example:
payload={ "type": "role", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "name": "Policy-1", "roles": [ { "id": id } ] }
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
payload (dict) – No Document
skip_exists (bool) – Skip creation in case the object exists
- Returns:
Keycloak server response
- Return type:
bytes
- async a_create_client_authz_policy(client_id, payload, skip_exists=False)[source]
Create an authz policy of client asynchronously.
Payload example:
payload={ "name": "Policy-time-based", "type": "time", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "config": { "hourEnd": "18", "hour": "9" } }
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
payload (dict) – No Document
skip_exists (bool) – Skip creation in case the object exists
- Returns:
Keycloak server response
- Return type:
bytes
- async a_create_client_authz_resource_based_permission(client_id, payload, skip_exists=False)[source]
Create resource-based permission of client asynchronously.
Payload example:
payload={ "type": "resource", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "name": "Permission-Name", "resources": [ resource_id ], "policies": [ policy_id ]
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
payload (dict) – PolicyRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation
skip_exists (bool) – Skip creation in case the object already exists
- Returns:
Keycloak server response
- Return type:
bytes
- async a_get_client_authz_scopes(client_id)[source]
Get scopes from client asynchronously.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
Keycloak server response
- Return type:
list
- async a_create_client_authz_scopes(client_id, payload)[source]
Create scopes for client asynchronously.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
payload (dict) – ScopeRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_ScopeRepresentation
- Returns:
Keycloak server response
- Return type:
bytes
- async a_get_client_authz_permissions(client_id)[source]
Get permissions from client asynchronously.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
Keycloak server response
- Return type:
list
- async a_get_client_authz_policies(client_id)[source]
Get policies from client asynchronously.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
Keycloak server response
- Return type:
list
- async a_delete_client_authz_policy(client_id, policy_id)[source]
Delete a policy from client asynchronously.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
policy_id (str) – id in PolicyRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation
- Returns:
Keycloak server response
- Return type:
dict
- async a_get_client_authz_policy(client_id, policy_id)[source]
Get a policy from client asynchronously.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
policy_id (str) – id in PolicyRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation
- Returns:
Keycloak server response
- Return type:
dict
- async a_get_client_service_account_user(client_id)[source]
Get service account user from client asynchronously.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
UserRepresentation
- Return type:
dict
- async a_get_client_default_client_scopes(client_id)[source]
Get all default client scopes from client asynchronously.
- Parameters:
client_id (str) – id of the client in which the new default client scope should be added
- Returns:
list of client scopes with id and name
- Return type:
list
- async a_add_client_default_client_scope(client_id, client_scope_id, payload)[source]
Add a client scope to the default client scopes from client asynchronously.
Payload example:
payload={ "realm":"testrealm", "client":"aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "clientScopeId":"bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb" }
- Parameters:
client_id (str) – id of the client in which the new default client scope should be added
client_scope_id (str) – id of the new client scope that should be added
payload (dict) – dictionary with realm, client and clientScopeId
- Returns:
Http response
- Return type:
bytes
- async a_delete_client_default_client_scope(client_id, client_scope_id)[source]
Delete a client scope from the default client scopes of the client asynchronously.
- Parameters:
client_id (str) – id of the client in which the default client scope should be deleted
client_scope_id (str) – id of the client scope that should be deleted
- Returns:
list of client scopes with id and name
- Return type:
list
- async a_get_client_optional_client_scopes(client_id)[source]
Get all optional client scopes from client asynchronously.
- Parameters:
client_id (str) – id of the client in which the new optional client scope should be added
- Returns:
list of client scopes with id and name
- Return type:
list
- async a_add_client_optional_client_scope(client_id, client_scope_id, payload)[source]
Add a client scope to the optional client scopes from client asynchronously.
Payload example:
payload={ "realm":"testrealm", "client":"aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "clientScopeId":"bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb" }
- Parameters:
client_id (str) – id of the client in which the new optional client scope should be added
client_scope_id (str) – id of the new client scope that should be added
payload (dict) – dictionary with realm, client and clientScopeId
- Returns:
Http response
- Return type:
bytes
- async a_delete_client_optional_client_scope(client_id, client_scope_id)[source]
Delete a client scope from the optional client scopes of the client asynchronously.
- Parameters:
client_id (str) – id of the client in which the optional client scope should be deleted
client_scope_id (str) – id of the client scope that should be deleted
- Returns:
list of client scopes with id and name
- Return type:
list
- async a_create_initial_access_token(count: int = 1, expiration: int = 1)[source]
Create an initial access token asynchronously.
- Parameters:
count (int) – Number of clients that can be registered
expiration (int) – Days until expireation
- Returns:
initial access token
- Return type:
str
- async a_create_client(payload, skip_exists=False)[source]
Create a client asynchronously.
ClientRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Parameters:
skip_exists (bool) – If true then do not raise an error if client already exists
payload (dict) – ClientRepresentation
- Returns:
Client ID
- Return type:
str
- async a_update_client(client_id, payload)[source]
Update a client asynchronously.
- Parameters:
client_id (str) – Client id
payload (dict) – ClientRepresentation
- Returns:
Http response
- Return type:
bytes
- async a_delete_client(client_id)[source]
Get representation of the client asynchronously.
ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Parameters:
client_id (str) – keycloak client id (not oauth client-id)
- Returns:
Keycloak server response (ClientRepresentation)
- Return type:
bytes
- async a_get_client_installation_provider(client_id, provider_id)[source]
Get content for given installation provider asynchronously.
Related documentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clients_resource
Possible provider_id list available in the ServerInfoRepresentation#clientInstallations https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_serverinforepresentation
- Parameters:
client_id (str) – Client id
provider_id (str) – provider id to specify response format
- Returns:
Installation providers
- Return type:
list
- async a_get_realm_roles(brief_representation=True, search_text='')[source]
Get all roles for the realm or client asynchronously.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
brief_representation (bool) – whether to omit role attributes in the response
search_text (str) – optional search text to limit the returned result.
- Returns:
Keycloak server response (RoleRepresentation)
- Return type:
list
- async a_get_realm_role_groups(role_name, query=None, brief_representation=True)[source]
Get role groups of realm by role name asynchronously.
- Parameters:
role_name (str) – Name of the role.
query (dict) – Additional Query parameters (see https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_parameters_226)
brief_representation (bool) – whether to omit role attributes in the response
- Returns:
Keycloak Server Response (GroupRepresentation)
- Return type:
list
- async a_get_realm_role_members(role_name, query=None)[source]
Get role members of realm by role name asynchronously.
- Parameters:
role_name (str) – Name of the role.
query (dict) – Additional Query parameters (see https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_roles_resource)
- Returns:
Keycloak Server Response (UserRepresentation)
- Return type:
list
- async a_get_default_realm_role_id()[source]
Get the ID of the default realm role asynchronously.
- Returns:
Realm role ID
- Return type:
str
- async a_get_realm_default_roles()[source]
Get all the default realm roles asyncho asynchronously.
- Returns:
Keycloak Server Response (UserRepresentation)
- Return type:
list
- async a_remove_realm_default_roles(payload)[source]
Remove a set of default realm roles asynchronously.
- Parameters:
payload (list) – List of RoleRepresentations
- Returns:
Keycloak Server Response
- Return type:
dict
- async a_add_realm_default_roles(payload)[source]
Add a set of default realm roles asynchronously.
- Parameters:
payload (list) – List of RoleRepresentations
- Returns:
Keycloak Server Response
- Return type:
dict
- async a_get_client_roles(client_id, brief_representation=True)[source]
Get all roles for the client asynchronously.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
client_id (str) – id of client (not client-id)
brief_representation (bool) – whether to omit role attributes in the response
- Returns:
Keycloak server response (RoleRepresentation)
- Return type:
list
- async a_get_client_role(client_id, role_name)[source]
Get client role id by name asynchronously.
This is required for further actions with this role.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
client_id (str) – id of client (not client-id)
role_name (str) – role’s name (not id!)
- Returns:
role_id
- Return type:
str
- async a_get_client_role_id(client_id, role_name)[source]
Get client role id by name asynchronously.
This is required for further actions with this role.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
client_id (str) – id of client (not client-id)
role_name (str) – role’s name (not id!)
- Returns:
role_id
- Return type:
str
- async a_create_client_role(client_role_id, payload, skip_exists=False)[source]
Create a client role asynchronously.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
client_role_id (str) – id of client (not client-id)
payload (dict) – RoleRepresentation
skip_exists (bool) – If true then do not raise an error if client role already exists
- Returns:
Client role name
- Return type:
str
- async a_add_composite_client_roles_to_role(client_role_id, role_name, roles)[source]
Add composite roles to client role asynchronously.
- Parameters:
client_role_id (str) – id of client (not client-id)
role_name (str) – The name of the role
roles (list) – roles list or role (use RoleRepresentation) to be updated
- Returns:
Keycloak server response
- Return type:
bytes
- async a_remove_composite_client_roles_from_role(client_role_id, role_name, roles)[source]
Remove composite roles from a client role asynchronously.
- Parameters:
client_role_id (str) – id of client (not client-id)
role_name (str) – The name of the role
roles (list) – roles list or role (use RoleRepresentation) to be removed
- Returns:
Keycloak server response
- Return type:
bytes
- async a_update_client_role(client_id, role_name, payload)[source]
Update a client role asynchronously.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
client_id (str) – id of client (not client-id)
role_name (str) – role’s name (not id!)
payload (dict) – RoleRepresentation
- Returns:
Keycloak server response
- Return type:
bytes
- async a_delete_client_role(client_role_id, role_name)[source]
Delete a client role asynchronously.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
client_role_id (str) – id of client (not client-id)
role_name (str) – role’s name (not id!)
- Returns:
Keycloak server response
- Return type:
bytes
- async a_assign_client_role(user_id, client_id, roles)[source]
Assign a client role to a user asynchronously.
- Parameters:
user_id (str) – id of user
client_id (str) – id of client (not client-id)
roles (list) – roles list or role (use RoleRepresentation)
- Returns:
Keycloak server response
- Return type:
bytes
- async a_get_client_role_members(client_id, role_name, **query)[source]
Get members by client role asynchronously.
- Parameters:
client_id (str) – The client id
role_name (str) – the name of role to be queried.
query (dict) – Additional query parameters (see https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clients_resource)
- Returns:
Keycloak server response (UserRepresentation)
- Return type:
list
- async a_get_client_role_groups(client_id, role_name, **query)[source]
Get group members by client role asynchronously.
- Parameters:
client_id (str) – The client id
role_name (str) – the name of role to be queried.
query (dict) – Additional query parameters (see https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clients_resource)
- Returns:
Keycloak server response
- Return type:
list
- async a_get_role_by_id(role_id)[source]
Get a specific role’s representation asynchronously.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
role_id (str) – id of role
- Returns:
Keycloak server response (RoleRepresentation)
- Return type:
bytes
- async a_update_role_by_id(role_id, payload)[source]
Update the role asynchronously.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
payload (dict) – RoleRepresentation
role_id (str) – id of role
- Returns:
Keycloak server response
- Return type:
bytes
- async a_delete_role_by_id(role_id)[source]
Delete a role by its id asynchronously.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
role_id (str) – id of role
- Returns:
Keycloak server response
- Return type:
bytes
- async a_create_realm_role(payload, skip_exists=False)[source]
Create a new role for the realm or client asynchronously.
- Parameters:
payload (dict) – The role (use RoleRepresentation)
skip_exists (bool) – If true then do not raise an error if realm role already exists
- Returns:
Realm role name
- Return type:
str
- async a_get_realm_role(role_name)[source]
Get realm role by role name asynchronously.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
role_name (str) – role’s name, not id!
- Returns:
role
- Return type:
dict
- async a_get_realm_role_by_id(role_id: str)[source]
Get realm role by role id.
RoleRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_rolerepresentation
- Parameters:
role_id (str) – role’s id, not name!
- Returns:
role
- Return type:
dict
- async a_update_realm_role(role_name, payload)[source]
Update a role for the realm by name asynchronously.
- Parameters:
role_name (str) – The name of the role to be updated
payload (dict) – The role (use RoleRepresentation)
- Returns:
Keycloak server response
- Return type:
bytes
- async a_delete_realm_role(role_name)[source]
Delete a role for the realm by name asynchronously.
- Parameters:
role_name (str) – The role name
- Returns:
Keycloak server response
- Return type:
bytes
- async a_add_composite_realm_roles_to_role(role_name, roles)[source]
Add composite roles to the role asynchronously.
- Parameters:
role_name (str) – The name of the role
roles (list) – roles list or role (use RoleRepresentation) to be updated
- Returns:
Keycloak server response
- Return type:
bytes
- async a_remove_composite_realm_roles_to_role(role_name, roles)[source]
Remove composite roles from the role asynchronously.
- Parameters:
role_name (str) – The name of the role
roles (list) – roles list or role (use RoleRepresentation) to be removed
- Returns:
Keycloak server response
- Return type:
bytes
- async a_get_composite_realm_roles_of_role(role_name)[source]
Get composite roles of the role asynchronously.
- Parameters:
role_name (str) – The name of the role
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
list
- async a_assign_realm_roles_to_client_scope(client_id, roles)[source]
Assign realm roles to a client’s scope asynchronously.
- Parameters:
client_id (str) – id of client (not client-id)
roles (list) – roles list or role (use RoleRepresentation)
- Returns:
Keycloak server response
- Return type:
dict
- async a_delete_realm_roles_of_client_scope(client_id, roles)[source]
Delete realm roles of a client’s scope asynchronously.
- Parameters:
client_id (str) – id of client (not client-id)
roles (list) – roles list or role (use RoleRepresentation)
- Returns:
Keycloak server response
- Return type:
dict
- async a_get_realm_roles_of_client_scope(client_id)[source]
Get all realm roles for a client’s scope.
- Parameters:
client_id (str) – id of client (not client-id)
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
dict
- async a_assign_client_roles_to_client_scope(client_id, client_roles_owner_id, roles)[source]
Assign client roles to a client’s dedicated scope asynchronously.
To assign roles to a client scope, use a_add_client_specific_roles_to_client_scope.
- Parameters:
client_id (str) – id of client (not client-id) who is assigned the roles
client_roles_owner_id (str) – id of client (not client-id) who has the roles
roles (list) – roles list or role (use RoleRepresentation)
- Returns:
Keycloak server response
- Return type:
dict
- async a_delete_client_roles_of_client_scope(client_id, client_roles_owner_id, roles)[source]
Delete client roles of a client’s dedicated scope asynchronously.
To remove roles from a client scope, use a_remove_client_specific_roles_of_client_scope.
- Parameters:
client_id (str) – id of client (not client-id) who is assigned the roles
client_roles_owner_id (str) – id of client (not client-id) who has the roles
roles (list) – roles list or role (use RoleRepresentation)
- Returns:
Keycloak server response
- Return type:
dict
- async a_get_client_roles_of_client_scope(client_id, client_roles_owner_id)[source]
Get all client roles for a client’s scope asynchronously.
To get roles from a client scope, use a_get_client_roles_of_client_scope.
- Parameters:
client_id (str) – id of client (not client-id)
client_roles_owner_id (str) – id of client (not client-id) who has the roles
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
dict
- async a_assign_realm_roles(user_id, roles)[source]
Assign realm roles to a user asynchronously.
- Parameters:
user_id (str) – id of user
roles (list) – roles list or role (use RoleRepresentation)
- Returns:
Keycloak server response
- Return type:
bytes
- async a_delete_realm_roles_of_user(user_id, roles)[source]
Delete realm roles of a user asynchronously.
- Parameters:
user_id (str) – id of user
roles (list) – roles list or role (use RoleRepresentation)
- Returns:
Keycloak server response
- Return type:
bytes
- async a_get_realm_roles_of_user(user_id)[source]
Get all realm roles for a user asynchronously.
- Parameters:
user_id (str) – id of user
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
list
- async a_get_available_realm_roles_of_user(user_id)[source]
Get all available (i.e. unassigned) realm roles for a user asynchronously.
- Parameters:
user_id (str) – id of user
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
list
- async a_get_composite_realm_roles_of_user(user_id, brief_representation=True)[source]
Get all composite (i.e. implicit) realm roles for a user asynchronously.
- Parameters:
user_id (str) – id of user
brief_representation (bool) – whether to omit role attributes in the response
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
list
- async a_assign_group_realm_roles(group_id, roles)[source]
Assign realm roles to a group asynchronously.
- Parameters:
group_id (str) – id of group
roles (list) – roles list or role (use GroupRoleRepresentation)
- Returns:
Keycloak server response
- Return type:
bytes
- async a_delete_group_realm_roles(group_id, roles)[source]
Delete realm roles of a group asynchronously.
- Parameters:
group_id (str) – id of group
roles (list) – roles list or role (use GroupRoleRepresentation)
- Returns:
Keycloak server response
- Return type:
bytes
- async a_get_group_realm_roles(group_id, brief_representation=True)[source]
Get all realm roles for a group asynchronously.
- Parameters:
group_id (str) – id of the group
brief_representation (bool) – whether to omit role attributes in the response
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
list
- async a_assign_group_client_roles(group_id, client_id, roles)[source]
Assign client roles to a group asynchronously.
- Parameters:
group_id (str) – id of group
client_id (str) – id of client (not client-id)
roles (list) – roles list or role (use GroupRoleRepresentation)
- Returns:
Keycloak server response
- Return type:
bytes
- async a_get_group_client_roles(group_id, client_id)[source]
Get client roles of a group asynchronously.
- Parameters:
group_id (str) – id of group
client_id (str) – id of client (not client-id)
- Returns:
Keycloak server response
- Return type:
list
- async a_delete_group_client_roles(group_id, client_id, roles)[source]
Delete client roles of a group asynchronously.
- Parameters:
group_id (str) – id of group
client_id (str) – id of client (not client-id)
roles (list) – roles list or role (use GroupRoleRepresentation)
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
bytes
- async a_get_all_roles_of_user(user_id)[source]
Get all level roles for a user asynchronously.
- Parameters:
user_id (str) – id of user
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
list
- async a_get_client_roles_of_user(user_id, client_id)[source]
Get all client roles for a user asynchronously.
- Parameters:
user_id (str) – id of user
client_id (str) – id of client (not client-id)
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
list
- async a_get_available_client_roles_of_user(user_id, client_id)[source]
Get available client role-mappings for a user asynchronously.
- Parameters:
user_id (str) – id of user
client_id (str) – id of client (not client-id)
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
list
- async a_get_composite_client_roles_of_user(user_id, client_id, brief_representation=False)[source]
Get composite client role-mappings for a user asynchronously.
- Parameters:
user_id (str) – id of user
client_id (str) – id of client (not client-id)
brief_representation (bool) – whether to omit attributes in the response
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
list
- async a__get_client_roles_of_user(client_level_role_mapping_url, user_id, client_id, **params)[source]
Get client roles of a single user helper asynchronously.
- Parameters:
client_level_role_mapping_url (str) – Url for the client role mapping
user_id (str) – User id
client_id (str) – Client id
params (dict) – Additional parameters
- Returns:
Client roles of a user
- Return type:
list
- async a_delete_client_roles_of_user(user_id, client_id, roles)[source]
Delete client roles from a user asynchronously.
- Parameters:
user_id (str) – id of user
client_id (str) – id of client containing role (not client-id)
roles (list) – roles list or role to delete (use RoleRepresentation)
- Returns:
Keycloak server response
- Return type:
bytes
- async a_get_authentication_flows()[source]
Get authentication flows asynchronously.
Returns all flow details
AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationflowrepresentation
- Returns:
Keycloak server response (AuthenticationFlowRepresentation)
- Return type:
list
- async a_get_authentication_flow_for_id(flow_id)[source]
Get one authentication flow by it’s id asynchronously.
Returns all flow details
AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationflowrepresentation
- Parameters:
flow_id (str) – the id of a flow NOT it’s alias
- Returns:
Keycloak server response (AuthenticationFlowRepresentation)
- Return type:
dict
- async a_create_authentication_flow(payload, skip_exists=False)[source]
Create a new authentication flow asynchronously.
AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationflowrepresentation
- Parameters:
payload (dict) – AuthenticationFlowRepresentation
skip_exists (bool) – Do not raise an error if authentication flow already exists
- Returns:
Keycloak server response (RoleRepresentation)
- Return type:
bytes
- async a_copy_authentication_flow(payload, flow_alias)[source]
Copy existing authentication flow under a new name asynchronously.
The new name is given as ‘newName’ attribute of the passed payload.
- Parameters:
payload (dict) – JSON containing ‘newName’ attribute
flow_alias (str) – the flow alias
- Returns:
Keycloak server response (RoleRepresentation)
- Return type:
bytes
- async a_delete_authentication_flow(flow_id)[source]
Delete authentication flow asynchronously.
AuthenticationInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationinforepresentation
- Parameters:
flow_id (str) – authentication flow id
- Returns:
Keycloak server response
- Return type:
bytes
- async a_get_authentication_flow_executions(flow_alias)[source]
Get authentication flow executions asynchronously.
Returns all execution steps
- Parameters:
flow_alias (str) – the flow alias
- Returns:
Response(json)
- Return type:
list
- async a_update_authentication_flow_executions(payload, flow_alias)[source]
Update an authentication flow execution asynchronously.
AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationexecutioninforepresentation
- Parameters:
payload (dict) – AuthenticationExecutionInfoRepresentation
flow_alias (str) – The flow alias
- Returns:
Keycloak server response
- Return type:
bytes
- async a_get_authentication_flow_execution(execution_id)[source]
Get authentication flow execution asynchronously.
AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationexecutioninforepresentation
- Parameters:
execution_id (str) – the execution ID
- Returns:
Response(json)
- Return type:
dict
- async a_create_authentication_flow_execution(payload, flow_alias)[source]
Create an authentication flow execution asynchronously.
AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationexecutioninforepresentation
- Parameters:
payload (dict) – AuthenticationExecutionInfoRepresentation
flow_alias (str) – The flow alias
- Returns:
Keycloak server response
- Return type:
bytes
- async a_delete_authentication_flow_execution(execution_id)[source]
Delete authentication flow execution asynchronously.
AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationexecutioninforepresentation
- Parameters:
execution_id (str) – keycloak client id (not oauth client-id)
- Returns:
Keycloak server response (json)
- Return type:
bytes
- async a_create_authentication_flow_subflow(payload, flow_alias, skip_exists=False)[source]
Create a new sub authentication flow for a given authentication flow asynchronously.
AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticationflowrepresentation
- Parameters:
payload (dict) – AuthenticationFlowRepresentation
flow_alias (str) – The flow alias
skip_exists (bool) – Do not raise an error if authentication flow already exists
- Returns:
Keycloak server response (RoleRepresentation)
- Return type:
bytes
- async a_get_authenticator_providers()[source]
Get authenticator providers list asynchronously.
- Returns:
Authenticator providers
- Return type:
list
- async a_get_authenticator_provider_config_description(provider_id)[source]
Get authenticator’s provider configuration description asynchronously.
AuthenticatorConfigInfoRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticatorconfiginforepresentation
- Parameters:
provider_id (str) – Provider Id
- Returns:
AuthenticatorConfigInfoRepresentation
- Return type:
dict
- async a_get_authenticator_config(config_id)[source]
Get authenticator configuration asynchronously.
Returns all configuration details.
- Parameters:
config_id (str) – Authenticator config id
- Returns:
Response(json)
- Return type:
dict
- async a_update_authenticator_config(payload, config_id)[source]
Update an authenticator configuration asynchronously.
AuthenticatorConfigRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authenticatorconfigrepresentation
- Parameters:
payload (dict) – AuthenticatorConfigRepresentation
config_id (str) – Authenticator config id
- Returns:
Response(json)
- Return type:
bytes
- async a_delete_authenticator_config(config_id)[source]
Delete a authenticator configuration asynchronously.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_authentication_management_resource
- Parameters:
config_id (str) – Authenticator config id
- Returns:
Keycloak server Response
- Return type:
bytes
- async a_sync_users(storage_id, action)[source]
Trigger user sync from provider asynchronously.
- Parameters:
storage_id (str) – The id of the user storage provider
action (str) – Action can be “triggerFullSync” or “triggerChangedUsersSync”
- Returns:
Keycloak server response
- Return type:
bytes
- async a_get_client_scopes()[source]
Get client scopes asynchronously.
Get representation of the client scopes for the realm where we are connected to https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientscopes
- Returns:
Keycloak server response Array of (ClientScopeRepresentation)
- Return type:
list
- async a_get_client_scope(client_scope_id)[source]
Get client scope asynchronously.
Get representation of the client scopes for the realm where we are connected to https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientscopes
- Parameters:
client_scope_id (str) – The id of the client scope
- Returns:
Keycloak server response (ClientScopeRepresentation)
- Return type:
dict
- async a_get_client_scope_by_name(client_scope_name)[source]
Get client scope by name asynchronously.
Get representation of the client scope identified by the client scope name.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientscopes :param client_scope_name: (str) Name of the client scope :type client_scope_name: str :returns: ClientScopeRepresentation or None :rtype: dict
- async a_create_client_scope(payload, skip_exists=False)[source]
Create a client scope asynchronously.
ClientScopeRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientscopes
- Parameters:
payload (dict) – ClientScopeRepresentation
skip_exists (bool) – If true then do not raise an error if client scope already exists
- Returns:
Client scope id
- Return type:
str
- async a_update_client_scope(client_scope_id, payload)[source]
Update a client scope asynchronously.
ClientScopeRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_client_scopes_resource
- Parameters:
client_scope_id (str) – The id of the client scope
payload (dict) – ClientScopeRepresentation
- Returns:
Keycloak server response (ClientScopeRepresentation)
- Return type:
bytes
- async a_delete_client_scope(client_scope_id)[source]
Delete existing client scope asynchronously.
ClientScopeRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_client_scopes_resource
- Parameters:
client_scope_id (str) – The id of the client scope
- Returns:
Keycloak server response
- Return type:
bytes
- async a_get_mappers_from_client_scope(client_scope_id)[source]
Get a list of all mappers connected to the client scope asynchronously.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_protocol_mappers_resource :param client_scope_id: Client scope id :type client_scope_id: str :returns: Keycloak server response (ProtocolMapperRepresentation) :rtype: list
- async a_add_mapper_to_client_scope(client_scope_id, payload)[source]
Add a mapper to a client scope asynchronously.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_create_mapper
- Parameters:
client_scope_id (str) – The id of the client scope
payload (dict) – ProtocolMapperRepresentation
- Returns:
Keycloak server Response
- Return type:
bytes
- async a_delete_mapper_from_client_scope(client_scope_id, protocol_mapper_id)[source]
Delete a mapper from a client scope asynchronously.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_delete_mapper
- Parameters:
client_scope_id (str) – The id of the client scope
protocol_mapper_id (str) – Protocol mapper id
- Returns:
Keycloak server Response
- Return type:
bytes
- async a_update_mapper_in_client_scope(client_scope_id, protocol_mapper_id, payload)[source]
Update an existing protocol mapper in a client scope asynchronously.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_protocol_mappers_resource
- Parameters:
client_scope_id (str) – The id of the client scope
protocol_mapper_id (str) – The id of the protocol mapper which exists in the client scope and should to be updated
payload (dict) – ProtocolMapperRepresentation
- Returns:
Keycloak server Response
- Return type:
bytes
- async a_get_default_default_client_scopes()[source]
Get default default client scopes asynchronously.
Return list of default default client scopes
- Returns:
Keycloak server response
- Return type:
list
- async a_delete_default_default_client_scope(scope_id)[source]
Delete default default client scope asynchronously.
- Parameters:
scope_id (str) – default default client scope id
- Returns:
Keycloak server response
- Return type:
list
- async a_add_default_default_client_scope(scope_id)[source]
Add default default client scope asynchronously.
- Parameters:
scope_id (str) – default default client scope id
- Returns:
Keycloak server response
- Return type:
bytes
- async a_get_default_optional_client_scopes()[source]
Get default optional client scopes asynchronously.
Return list of default optional client scopes
- Returns:
Keycloak server response
- Return type:
list
- async a_delete_default_optional_client_scope(scope_id)[source]
Delete default optional client scope asynchronously.
- Parameters:
scope_id (str) – default optional client scope id
- Returns:
Keycloak server response
- Return type:
bytes
- async a_add_default_optional_client_scope(scope_id)[source]
Add default optional client scope asynchronously.
- Parameters:
scope_id (str) – default optional client scope id
- Returns:
Keycloak server response
- Return type:
bytes
- async a_add_client_specific_roles_to_client_scope(client_scope_id, client_roles_owner_id, roles)[source]
Assign client roles to a client scope asynchronously.
To assign roles to a client’s dedicated scope, use a_assign_client_roles_to_client_scope.
- Parameters:
client_scope_id (str) – client scope id
client_roles_owner_id (str) – id of client (not client-id) who has the roles
roles (list) – roles list or role (use RoleRepresentation, must include id and name)
- Returns:
Keycloak server response
- Return type:
dict
- async a_remove_client_specific_roles_of_client_scope(client_scope_id, client_roles_owner_id, roles)[source]
Delete client roles of a client scope asynchronously.
To delete roles from a client’s dedicated scope, use a_delete_client_roles_of_client_scope.
- Parameters:
client_scope_id (str) – client scope id
client_roles_owner_id (str) – id of client (not client-id) who has the roles
roles (list) – roles list or role (use RoleRepresentation, must include id and name)
- Returns:
Keycloak server response
- Return type:
dict
- async a_get_client_specific_roles_of_client_scope(client_scope_id, client_roles_owner_id)[source]
Get all client roles for a client scope asynchronously.
To get roles for a client’s dedicated scope, use a_get_client_roles_of_client_scope.
- Parameters:
client_scope_id (str) – client scope id
client_roles_owner_id (str) – id of client (not client-id) who has the roles
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
dict
- async a_get_all_roles_of_client_scope(client_scope_id)[source]
Get all client roles for a client scope.
To get roles for a client’s dedicated scope, use a_get_client_roles_of_client_scope.
- Parameters:
client_scope_id (str) – client scope id
- Returns:
Keycloak server response (array RoleRepresentation)
- Return type:
dict
- async a_get_mappers_from_client(client_id)[source]
List of all client mappers asynchronously.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_protocolmapperrepresentation
- Parameters:
client_id (str) – Client id
- Returns:
KeycloakServerResponse (list of ProtocolMapperRepresentation)
- Return type:
list
- async a_add_mapper_to_client(client_id, payload)[source]
Add a mapper to a client asynchronously.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_create_mapper
- Parameters:
client_id (str) – The id of the client
payload (dict) – ProtocolMapperRepresentation
- Returns:
Keycloak server Response
- Return type:
bytes
- async a_update_client_mapper(client_id, mapper_id, payload)[source]
Update client mapper asynchronously.
- Parameters:
client_id (str) – The id of the client
mapper_id (str) – The id of the mapper to be deleted
payload (dict) – ProtocolMapperRepresentation
- Returns:
Keycloak server response
- Return type:
bytes
- async a_remove_client_mapper(client_id, client_mapper_id)[source]
Remove a mapper from the client asynchronously.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_protocol_mappers_resource
- Parameters:
client_id (str) – The id of the client
client_mapper_id (str) – The id of the mapper to be deleted
- Returns:
Keycloak server response
- Return type:
bytes
- async a_generate_client_secrets(client_id)[source]
Generate a new secret for the client asynchronously.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_regeneratesecret
- Parameters:
client_id (str) – id of client (not client-id)
- Returns:
Keycloak server response (ClientRepresentation)
- Return type:
bytes
- async a_get_client_secrets(client_id)[source]
Get representation of the client secrets asynchronously.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientsecret
- Parameters:
client_id (str) – id of client (not client-id)
- Returns:
Keycloak server response (ClientRepresentation)
- Return type:
list
- async a_get_components(query=None)[source]
Get components asynchronously.
Return a list of components, filtered according to query parameters
ComponentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_componentrepresentation
- Parameters:
query (dict) – Query parameters (optional)
- Returns:
components list
- Return type:
list
- async a_create_component(payload)[source]
Create a new component asynchronously.
ComponentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_componentrepresentation
- Parameters:
payload (dict) – ComponentRepresentation
- Returns:
Component id
- Return type:
str
- async a_get_component(component_id)[source]
Get representation of the component asynchronously.
- Parameters:
component_id – Component id
ComponentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_componentrepresentation
- Parameters:
component_id (str) – Id of the component
- Returns:
ComponentRepresentation
- Return type:
dict
- async a_update_component(component_id, payload)[source]
Update the component asynchronously.
- Parameters:
component_id (str) – Component id
payload (dict) – ComponentRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_componentrepresentation
- Returns:
Http response
- Return type:
bytes
- async a_delete_component(component_id)[source]
Delete the component asynchronously.
- Parameters:
component_id (str) – Component id
- Returns:
Http response
- Return type:
bytes
- async a_get_keys()[source]
Get keys asynchronously.
Return a list of keys, filtered according to query parameters
KeysMetadataRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_key_resource
- Returns:
keys list
- Return type:
list
- async a_get_admin_events(query=None)[source]
Get Administrative events asynchronously.
Return a list of events, filtered according to query parameters
AdminEvents Representation array https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getevents https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_get_adminrealmsrealmadmin_events
- Parameters:
query (dict) – Additional query parameters
- Returns:
events list
- Return type:
list
- async a_get_events(query=None)[source]
Get events asynchronously.
Return a list of events, filtered according to query parameters
EventRepresentation array https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_eventrepresentation
- Parameters:
query (dict) – Additional query parameters
- Returns:
events list
- Return type:
list
- async a_set_events(payload)[source]
Set realm events configuration asynchronously.
RealmEventsConfigRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_realmeventsconfigrepresentation
- Parameters:
payload (dict) – Payload object for the events configuration
- Returns:
Http response
- Return type:
bytes
- async a_get_client_all_sessions(client_id)[source]
Get sessions associated with the client asynchronously.
UserSessionRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_usersessionrepresentation
- Parameters:
client_id (str) – id of client
- Returns:
UserSessionRepresentation
- Return type:
list
- async a_get_client_sessions_stats()[source]
Get current session count for all clients with active sessions asynchronously.
https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_getclientsessionstats
- Returns:
Dict of clients and session count
- Return type:
dict
- async a_get_client_management_permissions(client_id)[source]
Get management permissions for a client asynchronously.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
Keycloak server response
- Return type:
list
- async a_update_client_management_permissions(payload, client_id)[source]
Update management permissions for a client asynchronously.
ManagementPermissionReference https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_managementpermissionreference
Payload example:
payload={ "enabled": true }
- Parameters:
payload (dict) – ManagementPermissionReference
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
Keycloak server response
- Return type:
bytes
- async a_get_client_authz_policy_scopes(client_id, policy_id)[source]
Get scopes for a given policy asynchronously.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
policy_id (str) – No Document
- Returns:
Keycloak server response
- Return type:
list
- async a_get_client_authz_policy_resources(client_id, policy_id)[source]
Get resources for a given policy asynchronously.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
policy_id (str) – No Document
- Returns:
Keycloak server response
- Return type:
list
- async a_get_client_authz_scope_permission(client_id, scope_id)[source]
Get permissions for a given scope asynchronously.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
scope_id (str) – No Document
- Returns:
Keycloak server response
- Return type:
list
- async a_create_client_authz_scope_permission(payload, client_id)[source]
Create permissions for a authz scope asynchronously.
Payload example:
payload={ "name": "My Permission Name", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "resources": [some_resource_id], "scopes": [some_scope_id], "policies": [some_policy_id], }
- Parameters:
payload (dict) – No Document
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
Keycloak server response
- Return type:
bytes
- async a_update_client_authz_scope_permission(payload, client_id, scope_id)[source]
Update permissions for a given scope asynchronously.
Payload example:
payload={ "id": scope_id, "name": "My Permission Name", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "resources": [some_resource_id], "scopes": [some_scope_id], "policies": [some_policy_id], }
- Parameters:
payload (dict) – No Document
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
scope_id (str) – No Document
- Returns:
Keycloak server response
- Return type:
bytes
- async a_update_client_authz_resource_permission(payload, client_id, resource_id)[source]
Update permissions for a given resource asynchronously.
Payload example:
payload={ "id": resource_id, "name": "My Permission Name", "type": "resource", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "resources": [some_resource_id], "scopes": [], "policies": [some_policy_id], }
- Parameters:
payload (dict) – No Document
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
resource_id (str) – No Document
- Returns:
Keycloak server response
- Return type:
bytes
- async a_get_client_authz_client_policies(client_id)[source]
Get policies for a given client asynchronously.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
Keycloak server response (RoleRepresentation)
- Return type:
list
- async a_get_client_authz_permission_associated_policies(client_id, policy_id)[source]
Get associated policies for a given client permission asynchronously.
- Parameters:
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
policy_id (str) – id in PolicyRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation
- Returns:
Keycloak server response (RoleRepresentation)
- Return type:
list
- async a_create_client_authz_client_policy(payload, client_id)[source]
Create a new policy for a given client asynchronously.
Payload example:
payload={ "type": "client", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "name": "My Policy", "clients": [other_client_id], }
- Parameters:
payload (dict) – No Document
client_id (str) – id in ClientRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Returns:
Keycloak server response (RoleRepresentation)
- Return type:
bytes
- async a_get_composite_client_roles_of_group(client_id, group_id, brief_representation=True)[source]
Get the composite client roles of the given group for the given client asynchronously.
- Parameters:
client_id (str) – id of the client.
group_id (str) – id of the group.
brief_representation (bool) – whether to omit attributes in the response
- Returns:
the composite client roles of the group (list of RoleRepresentation).
- Return type:
list
- async a_get_role_client_level_children(client_id, role_id)[source]
Get the child roles async of which the given composite client role is composed of.
- Parameters:
client_id (str) – id of the client.
role_id (str) – id of the role.
- Returns:
the child roles (list of RoleRepresentation).
- Return type:
list
- async a_upload_certificate(client_id, certcont)[source]
Upload a new certificate for the client asynchronously.
- Parameters:
client_id (str) – id of the client.
certcont (str) – the content of the certificate.
- Returns:
dictionary {“certificate”: “<certcont>”}, where <certcont> is the content of the uploaded certificate.
- Return type:
dict
- async a_get_required_action_by_alias(action_alias)[source]
Get a required action by its alias asynchronously.
- Parameters:
action_alias (str) – the alias of the required action.
- Returns:
the required action (RequiredActionProviderRepresentation).
- Return type:
dict
- async a_get_required_actions()[source]
Get the required actions for the realms asynchronously.
- Returns:
the required actions (list of RequiredActionProviderRepresentation).
- Return type:
list
- async a_update_required_action(action_alias, payload)[source]
Update a required action asynchronously.
- Parameters:
action_alias (str) – the action alias.
payload (dict) – the new required action (RequiredActionProviderRepresentation).
- Returns:
empty dictionary.
- Return type:
dict
- async a_get_bruteforce_detection_status(user_id)[source]
Get bruteforce detection status for user asynchronously.
- Parameters:
user_id (str) – User id
- Returns:
Bruteforce status.
- Return type:
dict
- async a_clear_bruteforce_attempts_for_user(user_id)[source]
Clear bruteforce attempts for user asynchronously.
- Parameters:
user_id (str) – User id
- Returns:
empty dictionary.
- Return type:
dict
- async a_clear_all_bruteforce_attempts()[source]
Clear bruteforce attempts for all users in realm asynchronously.
- Returns:
empty dictionary.
- Return type:
dict
- async a_clear_keys_cache()[source]
Clear keys cache asynchronously.
- Returns:
empty dictionary.
- Return type:
dict
- class keycloak.KeycloakOpenID(server_url, realm_name, client_id, client_secret_key=None, verify=True, custom_headers=None, proxies=None, timeout=60, cert=None, max_retries=1)[source]
Keycloak OpenID client.
- Parameters:
server_url – Keycloak server url
client_id – client id
realm_name – realm name
client_secret_key – client secret key
verify – Boolean value to enable or disable certificate validation or a string containing a path to a CA bundle to use
custom_headers – dict of custom header to pass to each HTML request
proxies – dict of proxies to sent the request by.
timeout – connection timeout in seconds
cert – An SSL certificate used by the requested host to authenticate the client. Either a path to an SSL certificate file, or two-tuple of (certificate file, key file).
max_retries (int) – The total number of times to retry HTTP requests.
- property client_id
- Get client id.
- Returns:
Client id
- Return type:
str
- property client_secret_key
- Get the client secret key.
- Returns:
Client secret key
- Return type:
str
- property realm_name
- Get the realm name.
- Returns:
Realm name
- Return type:
str
- headers
- property connection
- Get connection.
- Returns:
Connection manager object
- Return type:
- property authorization
- Get authorization.
- Returns:
The authorization manager
- Return type:
- _add_secret_key(payload)[source]
Add secret key if exists.
- Parameters:
payload (dict) – Payload
- Returns:
Payload with the secret key
- Return type:
dict
- _build_name_role(role)[source]
Build name of a role.
- Parameters:
role (str) – Role name
- Returns:
Role path
- Return type:
str
- _token_info(token, method_token_info, **kwargs)[source]
Getter for the token data.
- Parameters:
token (str) – Token
method_token_info (str) – Token info method to use
kwargs (dict) – Additional keyword arguments passed to the decode_token method
- Returns:
Token info
- Return type:
dict
- well_known()[source]
Get the well_known object.
The most important endpoint to understand is the well-known configuration endpoint. It lists endpoints and other configuration options relevant to the OpenID Connect implementation in Keycloak.
- Returns:
It lists endpoints and other configuration options relevant
- Return type:
dict
- auth_url(redirect_uri, scope='email', state='', nonce='')[source]
Get authorization URL endpoint.
- Parameters:
redirect_uri (str) – Redirect url to receive oauth code
scope (str) – Scope of authorization request, split with the blank space
state (str) – State will be returned to the redirect_uri
nonce (str) – Associates a Client session with an ID Token to mitigate replay attacks
- Returns:
Authorization URL Full Build
- Return type:
str
- token(username='', password='', grant_type='password', code='', redirect_uri='', totp=None, scope='openid', **extra)[source]
Retrieve user token.
The token endpoint is used to obtain tokens. Tokens can either be obtained by exchanging an authorization code or by supplying credentials directly depending on what flow is used. The token endpoint is also used to obtain new access tokens when they expire.
http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
- Parameters:
username (str) – Username
password (str) – Password
grant_type (str) – Grant type
code (str) – Code
redirect_uri (str) – Redirect URI
totp (int) – Time-based one-time password
scope (str) – Scope, defaults to openid
extra (dict) – Additional extra arguments
- Returns:
Keycloak token
- Return type:
dict
- refresh_token(refresh_token, grant_type='refresh_token')[source]
Refresh the user token.
The token endpoint is used to obtain tokens. Tokens can either be obtained by exchanging an authorization code or by supplying credentials directly depending on what flow is used. The token endpoint is also used to obtain new access tokens when they expire.
http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
- Parameters:
refresh_token (str) – Refresh token from Keycloak
grant_type (str) – Grant type
- Returns:
New token
- Return type:
dict
- exchange_token(token: str, audience: str | None = None, subject: str | None = None, subject_token_type: str | None = None, subject_issuer: str | None = None, requested_issuer: str | None = None, requested_token_type: str = 'urn:ietf:params:oauth:token-type:refresh_token', scope: str = 'openid') dict [source]
Exchange user token.
Use a token to obtain an entirely different token. See https://www.keycloak.org/docs/latest/securing_apps/index.html#_token-exchange
- Parameters:
token (str) – Access token
audience (str) – Audience
subject (str) – Subject
subject_token_type (Optional[str]) – Token Type specification
subject_issuer (Optional[str]) – Issuer
requested_issuer (Optional[str]) – Issuer
requested_token_type (str) – Token type specification
scope (str) – Scope, defaults to openid
- Returns:
Exchanged token
- Return type:
dict
- userinfo(token)[source]
Get the user info object.
The userinfo endpoint returns standard claims about the authenticated user, and is protected by a bearer token.
http://openid.net/specs/openid-connect-core-1_0.html#UserInfo
- Parameters:
token (str) – Access token
- Returns:
Userinfo object
- Return type:
dict
- logout(refresh_token)[source]
Log out the authenticated user.
- Parameters:
refresh_token (str) – Refresh token from Keycloak
- Returns:
Keycloak server response
- Return type:
dict
- certs()[source]
Get certificates.
The certificate endpoint returns the public keys enabled by the realm, encoded as a JSON Web Key (JWK). Depending on the realm settings there can be one or more keys enabled for verifying tokens.
https://tools.ietf.org/html/rfc7517
- Returns:
Certificates
- Return type:
dict
- public_key()[source]
Retrieve the public key.
The public key is exposed by the realm page directly.
- Returns:
The public key
- Return type:
str
- entitlement(token, resource_server_id)[source]
Get entitlements from the token.
Client applications can use a specific endpoint to obtain a special security token called a requesting party token (RPT). This token consists of all the entitlements (or permissions) for a user as a result of the evaluation of the permissions and authorization policies associated with the resources being requested. With an RPT, client applications can gain access to protected resources at the resource server.
- Parameters:
token (str) – Access token
resource_server_id (str) – Resource server ID
- Returns:
Entitlements
- Return type:
dict
- introspect(token, rpt=None, token_type_hint=None)[source]
Introspect the user token.
The introspection endpoint is used to retrieve the active state of a token. It is can only be invoked by confidential clients.
https://tools.ietf.org/html/rfc7662
- Parameters:
token (str) – Access token
rpt (str) – Requesting party token
token_type_hint (str) – Token type hint
- Returns:
Token info
- Return type:
dict
- Raises:
KeycloakRPTNotFound – In case of RPT not specified
- decode_token(token, validate: bool = True, **kwargs)[source]
Decode user token.
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. This specification also defines a JWK Set JSON data structure that represents a set of JWKs. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and IANA registries established by that specification.
https://tools.ietf.org/html/rfc7517
- Parameters:
token (str) – Keycloak token
validate (bool) – Determines whether the token should be validated with the public key. Defaults to True.
kwargs (dict) – Additional keyword arguments for jwcrypto’s JWT object
- Returns:
Decoded token
- Return type:
dict
- load_authorization_config(path)[source]
Load Keycloak settings (authorization).
- Parameters:
path (str) – settings file (json)
- get_policies(token, method_token_info='introspect', **kwargs)[source]
Get policies by user token.
- Parameters:
token (str) – User token
method_token_info (str) – Method for token info decoding
kwargs (dict) – Additional keyword arguments
- Returns:
Policies
- Return type:
dict
- Raises:
KeycloakAuthorizationConfigError – In case of bad authorization configuration
KeycloakInvalidTokenError – In case of bad token
- get_permissions(token, method_token_info='introspect', **kwargs)[source]
Get permission by user token .
- Parameters:
token (str) – user token
method_token_info (str) – Decode token method
kwargs (dict) – parameters for decode
- Returns:
permissions list
- Return type:
list
- Raises:
KeycloakAuthorizationConfigError – In case of bad authorization configuration
KeycloakInvalidTokenError – In case of bad token
- uma_permissions(token, permissions='')[source]
Get UMA permissions by user token with requested permissions.
The token endpoint is used to retrieve UMA permissions from Keycloak. It can only be invoked by confidential clients.
http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
- Parameters:
token (str) – user token
permissions (str) – list of uma permissions list(resource:scope) requested by the user
- Returns:
Keycloak server response
- Return type:
dict
- has_uma_access(token, permissions)[source]
Determine whether user has uma permissions with specified user token.
- Parameters:
token (str) – user token
permissions (str) – list of uma permissions (resource:scope)
- Returns:
Authentication status
- Return type:
- Raises:
KeycloakAuthenticationError – In case of failed authentication
KeycloakPostError – In case of failed request to Keycloak
- register_client(token: str, payload: dict)[source]
Create a client.
ClientRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Parameters:
token (str) – Initial access token
payload (dict) – ClientRepresentation
- Returns:
Client Representation
- Return type:
dict
- device(scope: str = '')[source]
Get device authorization grant.
The device endpoint is used to obtain a user code verification and user authentication. The response contains a device_code, user_code, verification_uri, verification_uri_complete, expires_in (lifetime in seconds for device_code and user_code), and polling interval. Users can either follow the verification_uri and enter the user_code or follow the verification_uri_complete. After authenticating with valid credentials, users can obtain tokens using the “urn:ietf:params:oauth:grant-type:device_code” grant_type and the device_code.
https://auth0.com/docs/get-started/authentication-and-authorization-flow/device-authorization-flow https://github.com/keycloak/keycloak-community/blob/main/design/oauth2-device-authorization-grant.md#how-to-try-it
- Parameters:
scope (str) – Scope of authorization request, split with the blank space
- Returns:
Device Authorization Response
- Return type:
dict
- update_client(token: str, client_id: str, payload: dict)[source]
Update a client.
ClientRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Parameters:
token (str) – registration access token
client_id (str) – Keycloak client id
payload (dict) – ClientRepresentation
- Returns:
Client Representation
- Return type:
dict
- async a_well_known()[source]
Get the well_known object asynchronously.
The most important endpoint to understand is the well-known configuration endpoint. It lists endpoints and other configuration options relevant to the OpenID Connect implementation in Keycloak.
- Returns:
It lists endpoints and other configuration options relevant
- Return type:
dict
- async a_auth_url(redirect_uri, scope='email', state='', nonce='')[source]
Get authorization URL endpoint asynchronously.
- Parameters:
redirect_uri (str) – Redirect url to receive oauth code
scope (str) – Scope of authorization request, split with the blank space
state (str) – State will be returned to the redirect_uri
nonce (str) – Associates a Client session with an ID Token to mitigate replay attacks
- Returns:
Authorization URL Full Build
- Return type:
str
- async a_token(username='', password='', grant_type='password', code='', redirect_uri='', totp=None, scope='openid', **extra)[source]
Retrieve user token asynchronously.
The token endpoint is used to obtain tokens. Tokens can either be obtained by exchanging an authorization code or by supplying credentials directly depending on what flow is used. The token endpoint is also used to obtain new access tokens when they expire.
http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
- Parameters:
username (str) – Username
password (str) – Password
grant_type (str) – Grant type
code (str) – Code
redirect_uri (str) – Redirect URI
totp (int) – Time-based one-time password
scope (str) – Scope, defaults to openid
extra (dict) – Additional extra arguments
- Returns:
Keycloak token
- Return type:
dict
- async a_refresh_token(refresh_token, grant_type='refresh_token')[source]
Refresh the user token asynchronously.
The token endpoint is used to obtain tokens. Tokens can either be obtained by exchanging an authorization code or by supplying credentials directly depending on what flow is used. The token endpoint is also used to obtain new access tokens when they expire.
http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
- Parameters:
refresh_token (str) – Refresh token from Keycloak
grant_type (str) – Grant type
- Returns:
New token
- Return type:
dict
- async a_exchange_token(token: str, audience: str | None = None, subject: str | None = None, subject_token_type: str | None = None, subject_issuer: str | None = None, requested_issuer: str | None = None, requested_token_type: str = 'urn:ietf:params:oauth:token-type:refresh_token', scope: str = 'openid') dict [source]
Exchange user token asynchronously.
Use a token to obtain an entirely different token. See https://www.keycloak.org/docs/latest/securing_apps/index.html#_token-exchange
- Parameters:
token (str) – Access token
audience (str) – Audience
subject (str) – Subject
subject_token_type (Optional[str]) – Token Type specification
subject_issuer (Optional[str]) – Issuer
requested_issuer (Optional[str]) – Issuer
requested_token_type (str) – Token type specification
scope (str) – Scope, defaults to openid
- Returns:
Exchanged token
- Return type:
dict
- async a_userinfo(token)[source]
Get the user info object asynchronously.
The userinfo endpoint returns standard claims about the authenticated user, and is protected by a bearer token.
http://openid.net/specs/openid-connect-core-1_0.html#UserInfo
- Parameters:
token (str) – Access token
- Returns:
Userinfo object
- Return type:
dict
- async a_logout(refresh_token)[source]
Log out the authenticated user asynchronously.
- Parameters:
refresh_token (str) – Refresh token from Keycloak
- Returns:
Keycloak server response
- Return type:
dict
- async a_certs()[source]
Get certificates asynchronously.
The certificate endpoint returns the public keys enabled by the realm, encoded as a JSON Web Key (JWK). Depending on the realm settings there can be one or more keys enabled for verifying tokens.
https://tools.ietf.org/html/rfc7517
- Returns:
Certificates
- Return type:
dict
- async a_public_key()[source]
Retrieve the public key asynchronously.
The public key is exposed by the realm page directly.
- Returns:
The public key
- Return type:
str
- async a_entitlement(token, resource_server_id)[source]
Get entitlements from the token asynchronously.
Client applications can use a specific endpoint to obtain a special security token called a requesting party token (RPT). This token consists of all the entitlements (or permissions) for a user as a result of the evaluation of the permissions and authorization policies associated with the resources being requested. With an RPT, client applications can gain access to protected resources at the resource server.
- Parameters:
token (str) – Access token
resource_server_id (str) – Resource server ID
- Returns:
Entitlements
- Return type:
dict
- async a_introspect(token, rpt=None, token_type_hint=None)[source]
Introspect the user token asynchronously.
The introspection endpoint is used to retrieve the active state of a token. It is can only be invoked by confidential clients.
https://tools.ietf.org/html/rfc7662
- Parameters:
token (str) – Access token
rpt (str) – Requesting party token
token_type_hint (str) – Token type hint
- Returns:
Token info
- Return type:
dict
- Raises:
KeycloakRPTNotFound – In case of RPT not specified
- async a_decode_token(token, validate: bool = True, **kwargs)[source]
Decode user token asynchronously.
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. This specification also defines a JWK Set JSON data structure that represents a set of JWKs. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and IANA registries established by that specification.
https://tools.ietf.org/html/rfc7517
- Parameters:
token (str) – Keycloak token
validate (bool) – Determines whether the token should be validated with the public key. Defaults to True.
kwargs (dict) – Additional keyword arguments for jwcrypto’s JWT object
- Returns:
Decoded token
- Return type:
dict
- async a_load_authorization_config(path)[source]
Load Keycloak settings (authorization) asynchronously.
- Parameters:
path (str) – settings file (json)
- async a_get_policies(token, method_token_info='introspect', **kwargs)[source]
Get policies by user token asynchronously.
- Parameters:
token (str) – User token
method_token_info (str) – Method for token info decoding
kwargs (dict) – Additional keyword arguments
- Returns:
Policies
- Return type:
dict
- Raises:
KeycloakAuthorizationConfigError – In case of bad authorization configuration
KeycloakInvalidTokenError – In case of bad token
- async a_get_permissions(token, method_token_info='introspect', **kwargs)[source]
Get permission by user token asynchronously.
- Parameters:
token (str) – user token
method_token_info (str) – Decode token method
kwargs (dict) – parameters for decode
- Returns:
permissions list
- Return type:
list
- Raises:
KeycloakAuthorizationConfigError – In case of bad authorization configuration
KeycloakInvalidTokenError – In case of bad token
- async a_uma_permissions(token, permissions='')[source]
Get UMA permissions by user token with requested permissions asynchronously.
The token endpoint is used to retrieve UMA permissions from Keycloak. It can only be invoked by confidential clients.
http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
- Parameters:
token (str) – user token
permissions (str) – list of uma permissions list(resource:scope) requested by the user
- Returns:
Keycloak server response
- Return type:
dict
- async a_has_uma_access(token, permissions)[source]
Determine whether user has uma permissions with specified user token asynchronously.
- Parameters:
token (str) – user token
permissions (str) – list of uma permissions (resource:scope)
- Returns:
Authentication status
- Return type:
- Raises:
KeycloakAuthenticationError – In case of failed authentication
KeycloakPostError – In case of failed request to Keycloak
- async a_register_client(token: str, payload: dict)[source]
Create a client asynchronously.
ClientRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Parameters:
token (str) – Initial access token
payload (dict) – ClientRepresentation
- Returns:
Client Representation
- Return type:
dict
- async a_device(scope: str = '')[source]
Get device authorization grant asynchronously.
The device endpoint is used to obtain a user code verification and user authentication. The response contains a device_code, user_code, verification_uri, verification_uri_complete, expires_in (lifetime in seconds for device_code and user_code), and polling interval. Users can either follow the verification_uri and enter the user_code or follow the verification_uri_complete. After authenticating with valid credentials, users can obtain tokens using the “urn:ietf:params:oauth:grant-type:device_code” grant_type and the device_code.
https://auth0.com/docs/get-started/authentication-and-authorization-flow/device-authorization-flow https://github.com/keycloak/keycloak-community/blob/main/design/oauth2-device-authorization-grant.md#how-to-try-it
- Parameters:
scope (str) – Scope of authorization request, split with the blank space
- Returns:
Device Authorization Response
- Return type:
dict
- async a_update_client(token: str, client_id: str, payload: dict)[source]
Update a client asynchronously.
ClientRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation
- Parameters:
token (str) – registration access token
client_id (str) – Keycloak client id
payload (dict) – ClientRepresentation
- Returns:
Client Representation
- Return type:
dict
- class keycloak.KeycloakUMA(connection: keycloak.openid_connection.KeycloakOpenIDConnection)[source]
Keycloak UMA client.
- Parameters:
connection – OpenID connection manager
- connection
- _well_known = None
- static format_url(url, **kwargs)[source]
Substitute url path parameters.
Given a parameterized url string, returns the string after url encoding and substituting the given params. For example, format_url(“https://myserver/{my_resource}/{id}”, my_resource=”hello world”, id=”myid”) would produce https://myserver/hello+world/myid.
- Parameters:
url (str) – url string to format
kwargs (dict) – dict containing kwargs to substitute
- Returns:
formatted string
- Return type:
str
- static a_format_url(url, **kwargs)[source]
- Async:
Substitute url path parameters.
Given a parameterized url string, returns the string after url encoding and substituting the given params. For example, format_url(“https://myserver/{my_resource}/{id}”, my_resource=”hello world”, id=”myid”) would produce https://myserver/hello+world/myid.
- Parameters:
url (str) – url string to format
kwargs (dict) – dict containing kwargs to substitute
- Returns:
formatted string
- Return type:
str
- property uma_well_known
- Get the well_known UMA2 config.
- Returns:
It lists endpoints and other configuration options relevant
- Return type:
dict
- async a_uma_well_known()[source]
Get the well_known UMA2 config async.
- Returns:
It lists endpoints and other configuration options relevant
- Return type:
dict
- resource_set_create(payload)[source]
Create a resource set.
Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#rfc.section.2.2.1
ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation
- Parameters:
payload (dict) – ResourceRepresentation
- Returns:
ResourceRepresentation with the _id property assigned
- Return type:
dict
- resource_set_update(resource_id, payload)[source]
Update a resource set.
Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#update-resource-set
ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation
- Parameters:
resource_id (str) – id of the resource
payload (dict) – ResourceRepresentation
- Returns:
Response dict (empty)
- Return type:
dict
- resource_set_read(resource_id)[source]
Read a resource set.
Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#read-resource-set
ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation
- Parameters:
resource_id (str) – id of the resource
- Returns:
ResourceRepresentation
- Return type:
dict
- resource_set_delete(resource_id)[source]
Delete a resource set.
Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#delete-resource-set
- Parameters:
resource_id (str) – id of the resource
- Returns:
Response dict (empty)
- Return type:
dict
- resource_set_list_ids(name: str = '', exact_name: bool = False, uri: str = '', owner: str = '', resource_type: str = '', scope: str = '', matchingUri: bool = False, first: int = 0, maximum: int = -1)[source]
Query for list of resource set ids.
Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#list-resource-sets
- Parameters:
name (str) – query resource name
exact_name (bool) – query exact match for resource name
uri (str) – query resource uri
owner (str) – query resource owner
resource_type (str) – query resource type
scope (str) – query resource scope
matchingUri (bool) – enable URI matching
first (int) – index of first matching resource to return
maximum (int) – maximum number of resources to return (-1 for all)
- Returns:
List of ids
- Return type:
List[str]
- resource_set_list()[source]
List all resource sets.
Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#list-resource-sets
ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation
- Yields:
Iterator over a list of ResourceRepresentations
- Return type:
Iterator[dict]
- permission_ticket_create(permissions: Iterable[keycloak.uma_permissions.UMAPermission])[source]
Create a permission ticket.
- Parameters:
permissions (Iterable[UMAPermission]) – Iterable of uma permissions to validate the token against
- Returns:
Keycloak decision
- Return type:
boolean
- Raises:
KeycloakPostError – In case permission resource not found
- permissions_check(token, permissions: Iterable[keycloak.uma_permissions.UMAPermission])[source]
Check UMA permissions by user token with requested permissions.
The token endpoint is used to check UMA permissions from Keycloak. It can only be invoked by confidential clients.
https://www.keycloak.org/docs/latest/authorization_services/#_service_authorization_api
- Parameters:
token (str) – user token
permissions (Iterable[UMAPermission]) – Iterable of uma permissions to validate the token against
- Returns:
Keycloak decision
- Return type:
boolean
- policy_resource_create(resource_id, payload)[source]
Create permission policy for resource.
Supports name, description, scopes, roles, groups, clients
- Parameters:
resource_id (str) – _id of resource
payload (dict) – permission configuration
- Returns:
PermissionRepresentation
- Return type:
dict
- policy_update(policy_id, payload)[source]
Update permission policy.
https://www.keycloak.org/docs/latest/authorization_services/#associating-a-permission-with-a-resource https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation
- Parameters:
policy_id (str) – id of policy permission
payload (dict) – policy permission configuration
- Returns:
PermissionRepresentation
- Return type:
dict
- policy_delete(policy_id)[source]
Delete permission policy.
https://www.keycloak.org/docs/latest/authorization_services/#removing-a-permission https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation
- Parameters:
policy_id (str) – id of permission policy
- Returns:
PermissionRepresentation
- Return type:
dict
- policy_query(resource: str = '', name: str = '', scope: str = '', first: int = 0, maximum: int = -1)[source]
Query permission policies.
https://www.keycloak.org/docs/latest/authorization_services/#querying-permission
- Parameters:
resource (str) – query resource id
name (str) – query resource name
scope (str) – query resource scope
first (int) – index of first matching resource to return
maximum (int) – maximum number of resources to return (-1 for all)
- Returns:
List of ids
- Returns:
List of ids
- Return type:
List[str]
- async a__fetch_well_known()[source]
Get the well_known UMA2 config async.
- Returns:
It lists endpoints and other configuration options relevant
- Return type:
dict
- async a_resource_set_create(payload)[source]
Create a resource set asynchronously.
Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#rfc.section.2.2.1
ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation
- Parameters:
payload (dict) – ResourceRepresentation
- Returns:
ResourceRepresentation with the _id property assigned
- Return type:
dict
- async a_resource_set_update(resource_id, payload)[source]
Update a resource set asynchronously.
Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#update-resource-set
ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation
- Parameters:
resource_id (str) – id of the resource
payload (dict) – ResourceRepresentation
- Returns:
Response dict (empty)
- Return type:
dict
- async a_resource_set_read(resource_id)[source]
Read a resource set asynchronously.
Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#read-resource-set
ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation
- Parameters:
resource_id (str) – id of the resource
- Returns:
ResourceRepresentation
- Return type:
dict
- async a_resource_set_delete(resource_id)[source]
Delete a resource set asynchronously.
Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#delete-resource-set
- Parameters:
resource_id (str) – id of the resource
- Returns:
Response dict (empty)
- Return type:
dict
- async a_resource_set_list_ids(name: str = '', exact_name: bool = False, uri: str = '', owner: str = '', resource_type: str = '', scope: str = '', matchingUri: bool = False, first: int = 0, maximum: int = -1)[source]
Query for list of resource set ids asynchronously.
Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#list-resource-sets
- Parameters:
name (str) – query resource name
exact_name (bool) – query exact match for resource name
uri (str) – query resource uri
owner (str) – query resource owner
resource_type (str) – query resource type
scope (str) – query resource scope
first (int) – index of first matching resource to return
matchingUri (bool) – enable URI matching
maximum (int) – maximum number of resources to return (-1 for all)
- Returns:
List of ids
- Return type:
List[str]
- async a_resource_set_list()[source]
List all resource sets asynchronously.
Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#list-resource-sets
ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation
- Yields:
Iterator over a list of ResourceRepresentations
- Return type:
Iterator[dict]
- async a_permission_ticket_create(permissions: Iterable[keycloak.uma_permissions.UMAPermission])[source]
Create a permission ticket asynchronously.
- Parameters:
permissions (Iterable[UMAPermission]) – Iterable of uma permissions to validate the token against
- Returns:
Keycloak decision
- Return type:
boolean
- Raises:
KeycloakPostError – In case permission resource not found
- async a_permissions_check(token, permissions: Iterable[keycloak.uma_permissions.UMAPermission])[source]
Check UMA permissions by user token with requested permissions asynchronously.
The token endpoint is used to check UMA permissions from Keycloak. It can only be invoked by confidential clients.
https://www.keycloak.org/docs/latest/authorization_services/#_service_authorization_api
- Parameters:
token (str) – user token
permissions (Iterable[UMAPermission]) – Iterable of uma permissions to validate the token against
- Returns:
Keycloak decision
- Return type:
boolean
- async a_policy_resource_create(resource_id, payload)[source]
Create permission policy for resource asynchronously.
Supports name, description, scopes, roles, groups, clients
- Parameters:
resource_id (str) – _id of resource
payload (dict) – permission configuration
- Returns:
PermissionRepresentation
- Return type:
dict
- async a_policy_update(policy_id, payload)[source]
Update permission policy asynchronously.
https://www.keycloak.org/docs/latest/authorization_services/#associating-a-permission-with-a-resource https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation
- Parameters:
policy_id (str) – id of policy permission
payload (dict) – policy permission configuration
- Returns:
PermissionRepresentation
- Return type:
dict
- async a_policy_delete(policy_id)[source]
Delete permission policy asynchronously.
https://www.keycloak.org/docs/latest/authorization_services/#removing-a-permission https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation
- Parameters:
policy_id (str) – id of permission policy
- Returns:
PermissionRepresentation
- Return type:
dict
- async a_policy_query(resource: str = '', name: str = '', scope: str = '', first: int = 0, maximum: int = -1)[source]
Query permission policies asynchronously.
https://www.keycloak.org/docs/latest/authorization_services/#querying-permission
- Parameters:
resource (str) – query resource id
name (str) – query resource name
scope (str) – query resource scope
first (int) – index of first matching resource to return
maximum (int) – maximum number of resources to return (-1 for all)
- Returns:
List of ids
- Returns:
List of ids
- Return type:
List[str]
- class keycloak.KeycloakOpenIDConnection(server_url, grant_type=None, username=None, password=None, token=None, totp=None, realm_name='master', client_id='admin-cli', verify=True, client_secret_key=None, custom_headers=None, user_realm_name=None, timeout=60, cert=None, max_retries=1)[source]
Bases:
keycloak.connection.ConnectionManager
A class to help with OpenID connections which can auto refresh tokens.
- Parameters:
object (_type_) – _description_
- _server_url = None
- _grant_type = None
- _username = None
- _password = None
- _totp = None
- _realm_name = None
- _client_id = None
- _verify = None
- _client_secret_key = None
- _connection = None
- _custom_headers = None
- _user_realm_name = None
- _expires_at = None
- _keycloak_openid = None
- token_lifetime_fraction = 0.9
- headers
Return header request to the server.
- Returns:
Request headers
- Return type:
dict
- property server_url
- Get server url.
- Returns:
Keycloak server url
- Return type:
str
- property grant_type
- Get grant type.
- Returns:
Grant type
- Return type:
str
- property username
- Get username.
- Returns:
Admin username
- Return type:
str
- property password
- Get password.
- Returns:
Admin password
- Return type:
str
- property token
- Get token.
- Returns:
Access and refresh token
- Return type:
dict
- property totp
- Get totp.
- Returns:
TOTP
- Return type:
str
- property realm_name
- Get realm name.
- Returns:
Realm name
- Return type:
str
- property client_id
- Get client id.
- Returns:
Client id
- Return type:
str
- verify
Return verify in use for request to the server.
- Returns:
Verify indicator
- Return type:
bool
- property client_secret_key
- Get client secret key.
- Returns:
Client secret key
- Return type:
str
- property user_realm_name
- Get user realm name.
- Returns:
User realm name
- Return type:
str
- timeout
Return timeout in use for request to the server.
- Returns:
Timeout
- Return type:
int
- property custom_headers
- Get custom headers.
- Returns:
Custom headers
- Return type:
dict
- cert
Return client certificates in use for request to the server.
- Returns:
Client certificate
- Return type:
Union[str,Tuple[str,str]]
- property expires_at
- Get token expiry time.
- Returns:
Datetime at which the current token will expire
- Return type:
datetime
- property keycloak_openid: keycloak.keycloak_openid.KeycloakOpenID
Get the KeycloakOpenID object.
The KeycloakOpenID is used to refresh tokens
- Returns:
KeycloakOpenID
- Return type:
- refresh_token()[source]
Refresh the token.
- Raises:
KeycloakPostError – In case the refresh token request failed.
- raw_get(*args, **kwargs)[source]
Call connection.raw_get.
If auto_refresh is set for get and access_token is expired, it will refresh the token and try get once more.
- Parameters:
args (tuple) – Additional arguments
kwargs (dict) – Additional keyword arguments
- Returns:
Response
- Return type:
Response
- raw_post(*args, **kwargs)[source]
Call connection.raw_post.
If auto_refresh is set for post and access_token is expired, it will refresh the token and try post once more.
- Parameters:
args (tuple) – Additional arguments
kwargs (dict) – Additional keyword arguments
- Returns:
Response
- Return type:
Response
- raw_put(*args, **kwargs)[source]
Call connection.raw_put.
If auto_refresh is set for put and access_token is expired, it will refresh the token and try put once more.
- Parameters:
args (tuple) – Additional arguments
kwargs (dict) – Additional keyword arguments
- Returns:
Response
- Return type:
Response
- raw_delete(*args, **kwargs)[source]
Call connection.raw_delete.
If auto_refresh is set for delete and access_token is expired, it will refresh the token and try delete once more.
- Parameters:
args (tuple) – Additional arguments
kwargs (dict) – Additional keyword arguments
- Returns:
Response
- Return type:
Response
- async a_refresh_token()[source]
Refresh the token.
- Raises:
KeycloakPostError – In case the refresh token request failed.
- async a_raw_get(*args, **kwargs)[source]
Call connection.raw_get.
If auto_refresh is set for get and access_token is expired, it will refresh the token and try get once more.
- Parameters:
args (tuple) – Additional arguments
kwargs (dict) – Additional keyword arguments
- Returns:
Response
- Return type:
Response
- async a_raw_post(*args, **kwargs)[source]
Call connection.raw_post.
If auto_refresh is set for post and access_token is expired, it will refresh the token and try post once more.
- Parameters:
args (tuple) – Additional arguments
kwargs (dict) – Additional keyword arguments
- Returns:
Response
- Return type:
Response
- async a_raw_put(*args, **kwargs)[source]
Call connection.raw_put.
If auto_refresh is set for put and access_token is expired, it will refresh the token and try put once more.
- Parameters:
args (tuple) – Additional arguments
kwargs (dict) – Additional keyword arguments
- Returns:
Response
- Return type:
Response
- async a_raw_delete(*args, **kwargs)[source]
Call connection.raw_delete.
If auto_refresh is set for delete and access_token is expired, it will refresh the token and try delete once more.
- Parameters:
args (tuple) – Additional arguments
kwargs (dict) – Additional keyword arguments
- Returns:
Response
- Return type:
Response