keycloak.keycloak_openid
¶
Module Contents¶
Classes¶
Keycloak OpenID client. |
- class keycloak.keycloak_openid.KeycloakOpenID(server_url, realm_name, client_id, client_secret_key=None, verify=True, custom_headers=None, proxies=None)[source]¶
Keycloak OpenID client.
- Parameters
server_url – Keycloak server url
client_id – client id
realm_name – realm name
client_secret_key – client secret key
verify – True if want check connection SSL
custom_headers – dict of custom header to pass to each HTML request
proxies – dict of proxies to sent the request by.
- _token_info(self, token, method_token_info, **kwargs)[source]¶
- Parameters
token –
method_token_info –
kwargs –
- Returns
- well_known(self)[source]¶
The most important endpoint to understand is the well-known configuration endpoint. It lists endpoints and other configuration options relevant to the OpenID Connect implementation in Keycloak.
:return It lists endpoints and other configuration options relevant.
- auth_url(self, redirect_uri)[source]¶
http://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint
- Returns
- token(self, username='', password='', grant_type=['password'], code='', redirect_uri='', totp=None, **extra)[source]¶
The token endpoint is used to obtain tokens. Tokens can either be obtained by exchanging an authorization code or by supplying credentials directly depending on what flow is used. The token endpoint is also used to obtain new access tokens when they expire.
http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
- Parameters
username –
password –
grant_type –
code –
redirect_uri –
totp –
- Returns
- refresh_token(self, refresh_token, grant_type=['refresh_token'])[source]¶
The token endpoint is used to obtain tokens. Tokens can either be obtained by exchanging an authorization code or by supplying credentials directly depending on what flow is used. The token endpoint is also used to obtain new access tokens when they expire.
http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
- Parameters
refresh_token –
grant_type –
- Returns
- userinfo(self, token)[source]¶
The userinfo endpoint returns standard claims about the authenticated user, and is protected by a bearer token.
http://openid.net/specs/openid-connect-core-1_0.html#UserInfo
- Parameters
token –
- Returns
- logout(self, refresh_token)[source]¶
The logout endpoint logs out the authenticated user. :param refresh_token: :return:
- certs(self)[source]¶
The certificate endpoint returns the public keys enabled by the realm, encoded as a JSON Web Key (JWK). Depending on the realm settings there can be one or more keys enabled for verifying tokens.
https://tools.ietf.org/html/rfc7517
- Returns
- entitlement(self, token, resource_server_id)[source]¶
Client applications can use a specific endpoint to obtain a special security token called a requesting party token (RPT). This token consists of all the entitlements (or permissions) for a user as a result of the evaluation of the permissions and authorization policies associated with the resources being requested. With an RPT, client applications can gain access to protected resources at the resource server.
- Returns
- introspect(self, token, rpt=None, token_type_hint=None)[source]¶
The introspection endpoint is used to retrieve the active state of a token. It is can only be invoked by confidential clients.
https://tools.ietf.org/html/rfc7662
- Parameters
token –
rpt –
token_type_hint –
- Returns
- decode_token(self, token, key, algorithms=['RS256'], **kwargs)[source]¶
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. This specification also defines a JWK Set JSON data structure that represents a set of JWKs. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and IANA registries established by that specification.
https://tools.ietf.org/html/rfc7517
- Parameters
token –
key –
algorithms –
- Returns
- load_authorization_config(self, path)[source]¶
Load Keycloak settings (authorization)
- Parameters
path – settings file (json)
- Returns
- get_policies(self, token, method_token_info='introspect', **kwargs)[source]¶
Get policies by user token
- Parameters
token – user token
- Returns
policies list
- get_permissions(self, token, method_token_info='introspect', **kwargs)[source]¶
Get permission by user token
- Parameters
token – user token
method_token_info – Decode token method
kwargs – parameters for decode
- Returns
permissions list
- uma_permissions(self, token, permissions='')[source]¶
Get UMA permissions by user token with requested permissions
The token endpoint is used to retrieve UMA permissions from Keycloak. It can only be invoked by confidential clients.
http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
- Parameters
token – user token
permissions – list of uma permissions list(resource:scope) requested by the user
- Returns
permissions list