keycloak.uma_permissions

User-managed access permissions module.

Classes

UMAPermission

A class to conveniently assemble permissions.

Resource

A UMAPermission Resource class to conveniently assemble permissions.

Scope

A UMAPermission Scope class to conveniently assemble permissions.

AuthStatus

A class that represents the authorization/login status of a user associated with a token.

Functions

build_permission_param(permissions)

Transform permissions to a set, so they are usable for requests.

Module Contents

class keycloak.uma_permissions.UMAPermission(permission=None, resource='', scope='')[source]

A class to conveniently assemble permissions.

The class itself is callable, and will return the assembled permission.

Usage example:

>>> r = Resource("Users")
>>> s = Scope("delete")
>>> permission = r(s)
>>> print(permission)
    'Users#delete'
Parameters:
  • permission (UMAPermission) – Permission

  • resource (str) – Resource

  • scope (str) – Scope

resource = ''[source]
scope = ''[source]
__str__()[source]

Str method.

Returns:

String representation

Return type:

str

__eq__(__o: object) bool[source]

Eq method.

Parameters:

__o (object) – The other object

Returns:

Equality boolean

Return type:

bool

__repr__() str[source]

Repr method.

Returns:

The object representation

Return type:

str

__hash__() int[source]

Hash method.

Returns:

Hash of the object

Return type:

int

__call__(permission=None, resource='', scope='') UMAPermission[source]

Call method.

Parameters:
  • permission (UMAPermission) – Permission

  • resource (str) – Resource

  • scope (str) – Scope

Returns:

The combined UMA permission

Return type:

UMAPermission

Raises:

PermissionDefinitionError – In case bad permission definition

class keycloak.uma_permissions.Resource(resource)[source]

Bases: UMAPermission

A UMAPermission Resource class to conveniently assemble permissions.

The class itself is callable, and will return the assembled permission.

Parameters:

resource (str) – Resource

class keycloak.uma_permissions.Scope(scope)[source]

Bases: UMAPermission

A UMAPermission Scope class to conveniently assemble permissions.

The class itself is callable, and will return the assembled permission.

Parameters:

scope (str) – Scope

class keycloak.uma_permissions.AuthStatus(is_logged_in, is_authorized, missing_permissions)[source]

A class that represents the authorization/login status of a user associated with a token.

This has to evaluate to True if and only if the user is properly authorized for the requested resource.

Parameters:
  • is_logged_in (bool) – Is logged in indicator

  • is_authorized (bool) – Is authorized indicator

  • missing_permissions (set) – Missing permissions

is_logged_in[source]
is_authorized[source]
missing_permissions[source]
__bool__()[source]

Bool method.

Returns:

Boolean representation

Return type:

bool

__repr__()[source]

Repr method.

Returns:

The object representation

Return type:

str

keycloak.uma_permissions.build_permission_param(permissions)[source]

Transform permissions to a set, so they are usable for requests.

Parameters:

permissions (str | Iterable[str] | dict[str, str] | dict[str, Iterabble[str]]) – Permissions

Returns:

Permission parameters

Return type:

set

Raises:

KeycloakPermissionFormatError – In case of bad permission format