keycloak.keycloak_admin
¶
The keycloak admin module.
Module Contents¶
Classes¶
Keycloak Admin client. |
- class keycloak.keycloak_admin.KeycloakAdmin(server_url, username=None, password=None, totp=None, realm_name='master', client_id='admin-cli', verify=True, client_secret_key=None, custom_headers=None, user_realm_name=None, auto_refresh_token=None, timeout=60)[source]¶
Keycloak Admin client.
- Parameters
server_url – Keycloak server url
username – admin username
password – admin password
totp – Time based OTP
realm_name – realm name
client_id – client id
verify – True if want check connection SSL
client_secret_key – client secret key (optional, required only for access type confidential)
custom_headers – dict of custom header to pass to each HTML request
user_realm_name – The realm name of the user, if different from realm_name
auto_refresh_token – list of methods that allows automatic token refresh. Ex: [‘get’, ‘put’, ‘post’, ‘delete’]
timeout – connection timeout in seconds
- __fetch_all(self, url, query=None)[source]¶
Paginate over get requests.
Wrapper function to paginate GET requests.
- Parameters
url – The url on which the query is executed
query – Existing query parameters (optional)
- Returns
Combined results of paginated queries
- import_realm(self, payload)[source]¶
Import a new realm from a RealmRepresentation.
Realm name must be unique.
RealmRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_realmrepresentation
- Parameters
payload – RealmRepresentation
- Returns
RealmRepresentation
- export_realm(self, export_clients=False, export_groups_and_role=False)[source]¶
Export the realm configurations in the json format.
RealmRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_partialexport
- Parameters
export-clients – Skip if not want to export realm clients
export-groups-and-roles – Skip if not want to export realm groups and roles
- Returns
realm configurations JSON
- get_realm(self, realm_name)[source]¶
Get a specific realm.
RealmRepresentation: https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_realmrepresentation
- Parameters
realm_name – Realm name (not the realm id)
- Returns
RealmRepresentation
- create_realm(self, payload, skip_exists=False)[source]¶
Create a realm.
RealmRepresentation: https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_realmrepresentation
- Parameters
payload – RealmRepresentation
skip_exists – Skip if Realm already exist.
- Returns
Keycloak server response (RealmRepresentation)
- update_realm(self, realm_name, payload)[source]¶
Update a realm.
This wil only update top level attributes and will ignore any user, role, or client information in the payload.
RealmRepresentation: https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_realmrepresentation
- Parameters
realm_name – Realm name (not the realm id)
payload – RealmRepresentation
- Returns
Http response
- delete_realm(self, realm_name)[source]¶
Delete a realm.
- Parameters
realm_name – Realm name (not the realm id)
- Returns
Http response
- get_users(self, query=None)[source]¶
Get all users.
Return a list of users, filtered according to query parameters
UserRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_userrepresentation
- Parameters
query – Query parameters (optional)
- Returns
users list
- create_idp(self, payload)[source]¶
Create an ID Provider.
IdentityProviderRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_identityproviderrepresentation
- Param
payload: IdentityProviderRepresentation
- update_idp(self, idp_alias, payload)[source]¶
Update an ID Provider.
IdentityProviderRepresentation https://www.keycloak.org/docs-api/15.0/rest-api/index.html#_identity_providers_resource
- Param
alias: alias for IdP to update
- Param
payload: The IdentityProviderRepresentation
- add_mapper_to_idp(self, idp_alias, payload)[source]¶
Create an ID Provider.
IdentityProviderRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_identityprovidermapperrepresentation
- Param
idp_alias: alias for Idp to add mapper in
- Param
payload: IdentityProviderMapperRepresentation
- update_mapper_in_idp(self, idp_alias, mapper_id, payload)[source]¶
Update an IdP mapper.
IdentityProviderMapperRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_update
- Param
idp_alias: alias for Idp to fetch mappers
- Param
mapper_id: Mapper Id to update
- Param
payload: IdentityProviderMapperRepresentation
- Returns
Http response
- get_idp_mappers(self, idp_alias)[source]¶
Get IDP mappers.
Returns a list of ID Providers mappers
IdentityProviderMapperRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_getmappers
- Param
idp_alias: alias for Idp to fetch mappers
- Returns
array IdentityProviderMapperRepresentation
- get_idps(self)[source]¶
Get IDPs.
Returns a list of ID Providers,
IdentityProviderRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_identityproviderrepresentation
- Returns
array IdentityProviderRepresentation
- create_user(self, payload, exist_ok=False)[source]¶
Create a new user.
Username must be unique
UserRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_userrepresentation
- Parameters
payload – UserRepresentation
exist_ok – If False, raise KeycloakGetError if username already exists. Otherwise, return existing user ID.
- Returns
UserRepresentation
- users_count(self, query=None)[source]¶
Count users.
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_users_resource
- Parameters
query – (dict) Query parameters for users count
- Returns
counter
- get_user_id(self, username)[source]¶
Get internal keycloak user id from username.
This is required for further actions against this user.
UserRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_userrepresentation
- Parameters
username – id in UserRepresentation
- Returns
user_id
- get_user(self, user_id)[source]¶
Get representation of the user.
- Parameters
user_id – User id
UserRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_userrepresentation
- Returns
UserRepresentation
- get_user_groups(self, user_id)[source]¶
Get user groups.
Returns a list of groups of which the user is a member
- Parameters
user_id – User id
- Returns
user groups list
- update_user(self, user_id, payload)[source]¶
Update the user.
- Parameters
user_id – User id
payload – UserRepresentation
- Returns
Http response
- delete_user(self, user_id)[source]¶
Delete the user.
- Parameters
user_id – User id
- Returns
Http response
- set_user_password(self, user_id, password, temporary=True)[source]¶
Set up a password for the user.
If temporary is True, the user will have to reset the temporary password next time they log in.
https://www.keycloak.org/docs-api/18.0/rest-api/#_users_resource https://www.keycloak.org/docs-api/18.0/rest-api/#_credentialrepresentation
- Parameters
user_id – User id
password – New password
temporary – True if password is temporary
- Returns
- get_credentials(self, user_id)[source]¶
Get user credentials.
Returns a list of credential belonging to the user.
CredentialRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_credentialrepresentation
- Param
user_id: user id
- Returns
Keycloak server response (CredentialRepresentation)
- delete_credential(self, user_id, credential_id)[source]¶
Delete credential of the user.
CredentialRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_credentialrepresentation
- Param
user_id: user id
- Param
credential_id: credential id
- Returns
Keycloak server response (ClientRepresentation)
- user_logout(self, user_id)[source]¶
Log out the user.
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_logout
- Parameters
user_id – User id
- Returns
- user_consents(self, user_id)[source]¶
Get consents granted by the user.
UserConsentRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_userconsentrepresentation
- Parameters
user_id – User id
- Returns
List of UserConsentRepresentations
- get_user_social_logins(self, user_id)[source]¶
Get user social logins.
Returns a list of federated identities/social logins of which the user has been associated with :param user_id: User id :return: federated identities list
- add_user_social_login(self, user_id, provider_id, provider_userid, provider_username)[source]¶
Add a federated identity / social login provider to the user.
- Parameters
user_id – User id
provider_id – Social login provider id
provider_userid – userid specified by the provider
provider_username – username specified by the provider
- Returns
- delete_user_social_login(self, user_id, provider_id)[source]¶
Delete a federated identity / social login provider from the user.
- Parameters
user_id – User id
provider_id – Social login provider id
- Returns
- send_update_account(self, user_id, payload, client_id=None, lifespan=None, redirect_uri=None)[source]¶
Send an update account email to the user.
An email contains a link the user can click to perform a set of required actions.
- Parameters
user_id – User id
payload – A list of actions for the user to complete
client_id – Client id (optional)
lifespan – Number of seconds after which the generated token expires (optional)
redirect_uri – The redirect uri (optional)
- Returns
- send_verify_email(self, user_id, client_id=None, redirect_uri=None)[source]¶
Send a update account email to the user.
An email contains a link the user can click to perform a set of required actions.
- Parameters
user_id – User id
client_id – Client id (optional)
redirect_uri – Redirect uri (optional)
- Returns
- get_sessions(self, user_id)[source]¶
Get sessions associated with the user.
- Parameters
user_id – id of user
UserSessionRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_usersessionrepresentation
- Returns
UserSessionRepresentation
- get_server_info(self)[source]¶
Get themes, social providers, auth providers, and event listeners available on this server.
ServerInfoRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_serverinforepresentation
- Returns
ServerInfoRepresentation
- get_groups(self, query=None)[source]¶
Get groups.
Returns a list of groups belonging to the realm
GroupRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/#_grouprepresentation
- Returns
array GroupRepresentation
- get_group(self, group_id)[source]¶
Get group by id.
Returns full group details
GroupRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/#_grouprepresentation
- Parameters
group_id – The group id
- Returns
Keycloak server response (GroupRepresentation)
- get_subgroups(self, group, path)[source]¶
Get subgroups.
Utility function to iterate through nested group structures
GroupRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/#_grouprepresentation
- Parameters
name – group (GroupRepresentation)
path – group path (string)
- Returns
Keycloak server response (GroupRepresentation)
- get_group_members(self, group_id, query=None)[source]¶
Get members by group id.
Returns group members
GroupRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/#_userrepresentation
- Parameters
group_id – The group id
query – Additional query parameters (see https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_getmembers)
- Returns
Keycloak server response (UserRepresentation)
- get_group_by_path(self, path, search_in_subgroups=False)[source]¶
Get group id based on name or path.
A straight name or path match with a top-level group will return first. Subgroups are traversed, the first to match path (or name with path) is returned.
GroupRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/#_grouprepresentation
- Parameters
path – group path
search_in_subgroups – True if want search in the subgroups
- Returns
Keycloak server response (GroupRepresentation)
- create_group(self, payload, parent=None, skip_exists=False)[source]¶
Create a group in the Realm.
- Parameters
payload – GroupRepresentation
parent – parent group’s id. Required to create a sub-group.
skip_exists – If true then do not raise an error if it already exists
GroupRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/#_grouprepresentation
- Returns
Group id for newly created group or None for an existing group
- update_group(self, group_id, payload)[source]¶
Update group, ignores subgroups.
- Parameters
group_id – id of group
payload – GroupRepresentation with updated information.
GroupRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/#_grouprepresentation
- Returns
Http response
- group_set_permissions(self, group_id, enabled=True)[source]¶
Enable/Disable permissions for a group.
Cannot delete group if disabled
- Parameters
group_id – id of group
enabled – boolean
- Returns
Keycloak server response
- group_user_add(self, user_id, group_id)[source]¶
Add user to group (user_id and group_id).
- Parameters
user_id – id of user
group_id – id of group to add to
- Returns
Keycloak server response
- group_user_remove(self, user_id, group_id)[source]¶
Remove user from group (user_id and group_id).
- Parameters
user_id – id of user
group_id – id of group to remove from
- Returns
Keycloak server response
- delete_group(self, group_id)[source]¶
Delete a group in the Realm.
- Parameters
group_id – id of group to delete
- Returns
Keycloak server response
- get_clients(self)[source]¶
Get clients.
Returns a list of clients belonging to the realm
ClientRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
- Returns
Keycloak server response (ClientRepresentation)
- get_client(self, client_id)[source]¶
Get representation of the client.
ClientRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
- Parameters
client_id – id of client (not client-id)
- Returns
Keycloak server response (ClientRepresentation)
- get_client_id(self, client_id)[source]¶
Get internal keycloak client id from client-id.
This is required for further actions against this client.
- Parameters
client_id – clientId in ClientRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
- Returns
client_id (uuid as string)
- get_client_authz_settings(self, client_id)[source]¶
Get authorization json from client.
- Parameters
client_id – id in ClientRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
- Returns
Keycloak server response
- create_client_authz_resource(self, client_id, payload, skip_exists=False)[source]¶
Create resources of client.
- Parameters
client_id – id in ClientRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
payload – ResourceRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_resourcerepresentation
- Returns
Keycloak server response
- get_client_authz_resources(self, client_id)[source]¶
Get resources from client.
- Parameters
client_id – id in ClientRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
- Returns
Keycloak server response
- create_client_authz_role_based_policy(self, client_id, payload, skip_exists=False)[source]¶
Create role-based policy of client.
- Parameters
client_id – id in ClientRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
payload – No Document
- Returns
Keycloak server response
Payload example:
payload={ "type": "role", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "name": "Policy-1", "roles": [ { "id": id } ] }
- create_client_authz_resource_based_permission(self, client_id, payload, skip_exists=False)[source]¶
Create resource-based permission of client.
- Parameters
client_id – id in ClientRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
payload – PolicyRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_policyrepresentation
- Returns
Keycloak server response
Payload example:
payload={ "type": "resource", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "name": "Permission-Name", "resources": [ resource_id ], "policies": [ policy_id ]
- get_client_authz_scopes(self, client_id)[source]¶
Get scopes from client.
- Parameters
client_id – id in ClientRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
- Returns
Keycloak server response
- get_client_authz_permissions(self, client_id)[source]¶
Get permissions from client.
- Parameters
client_id – id in ClientRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
- Returns
Keycloak server response
- get_client_authz_policies(self, client_id)[source]¶
Get policies from client.
- Parameters
client_id – id in ClientRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
- Returns
Keycloak server response
- get_client_service_account_user(self, client_id)[source]¶
Get service account user from client.
- Parameters
client_id – id in ClientRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
- Returns
UserRepresentation
- create_client(self, payload, skip_exists=False)[source]¶
Create a client.
ClientRepresentation: https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
- Parameters
skip_exists – If true then do not raise an error if client already exists
payload – ClientRepresentation
- Returns
Client ID
- update_client(self, client_id, payload)[source]¶
Update a client.
- Parameters
client_id – Client id
payload – ClientRepresentation
- Returns
Http response
- delete_client(self, client_id)[source]¶
Get representation of the client.
ClientRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
- Parameters
client_id – keycloak client id (not oauth client-id)
- Returns
Keycloak server response (ClientRepresentation)
- get_client_installation_provider(self, client_id, provider_id)[source]¶
Get content for given installation provider.
Related documentation: https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clients_resource
Possible provider_id list available in the ServerInfoRepresentation#clientInstallations https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_serverinforepresentation
- Parameters
client_id – Client id
provider_id – provider id to specify response format
- get_realm_roles(self)[source]¶
Get all roles for the realm or client.
RoleRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_rolerepresentation
- Returns
Keycloak server response (RoleRepresentation)
- get_realm_role_members(self, role_name, query=None)[source]¶
Get role members of realm by role name.
- Parameters
role_name – Name of the role.
query – Additional Query parameters (see https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_roles_resource)
- Returns
Keycloak Server Response (UserRepresentation)
- get_client_roles(self, client_id)[source]¶
Get all roles for the client.
- Parameters
client_id – id of client (not client-id)
RoleRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_rolerepresentation
- Returns
Keycloak server response (RoleRepresentation)
- get_client_role(self, client_id, role_name)[source]¶
Get client role id by name.
This is required for further actions with this role.
- Parameters
client_id – id of client (not client-id)
role_name – role’s name (not id!)
RoleRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_rolerepresentation
- Returns
role_id
- get_client_role_id(self, client_id, role_name)[source]¶
Get client role id by name.
This is required for further actions with this role.
- Parameters
client_id – id of client (not client-id)
role_name – role’s name (not id!)
RoleRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_rolerepresentation
- Returns
role_id
- create_client_role(self, client_role_id, payload, skip_exists=False)[source]¶
Create a client role.
RoleRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_rolerepresentation
- Parameters
client_role_id – id of client (not client-id)
payload – RoleRepresentation
skip_exists – If true then do not raise an error if client role already exists
- Returns
Client role name
- add_composite_client_roles_to_role(self, client_role_id, role_name, roles)[source]¶
Add composite roles to client role.
- Parameters
client_role_id – id of client (not client-id)
role_name – The name of the role
roles – roles list or role (use RoleRepresentation) to be updated
- Returns
Keycloak server response
- update_client_role(self, client_role_id, role_name, payload)[source]¶
Update a client role.
RoleRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_rolerepresentation
- Parameters
client_role_id – id of client (not client-id)
role_name – role’s name (not id!)
payload – RoleRepresentation
- delete_client_role(self, client_role_id, role_name)[source]¶
Delete a client role.
RoleRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_rolerepresentation
- Parameters
client_role_id – id of client (not client-id)
role_name – role’s name (not id!)
- assign_client_role(self, user_id, client_id, roles)[source]¶
Assign a client role to a user.
- Parameters
user_id – id of user
client_id – id of client (not client-id)
roles – roles list or role (use RoleRepresentation)
- Returns
Keycloak server response
- get_client_role_members(self, client_id, role_name, **query)[source]¶
Get members by client role.
- Parameters
client_id – The client id
role_name – the name of role to be queried.
query – Additional query parameters (see https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clients_resource)
- Returns
Keycloak server response (UserRepresentation)
- get_client_role_groups(self, client_id, role_name, **query)[source]¶
Get group members by client role.
- Parameters
client_id – The client id
role_name – the name of role to be queried.
query – Additional query parameters (see https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clients_resource)
- Returns
Keycloak server response
- create_realm_role(self, payload, skip_exists=False)[source]¶
Create a new role for the realm or client.
- Parameters
payload – The role (use RoleRepresentation)
skip_exists – If true then do not raise an error if realm role already exists
- Returns
Realm role name
- get_realm_role(self, role_name)[source]¶
Get realm role by role name.
- Parameters
role_name – role’s name, not id!
RoleRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_rolerepresentation :return: role_id
- update_realm_role(self, role_name, payload)[source]¶
Update a role for the realm by name.
- Parameters
role_name – The name of the role to be updated
payload – The role (use RoleRepresentation)
- Returns
Keycloak server response
- delete_realm_role(self, role_name)[source]¶
Delete a role for the realm by name.
- Parameters
payload – The role name {‘role-name’:’name-of-the-role’}
- Returns
Keycloak server response
- add_composite_realm_roles_to_role(self, role_name, roles)[source]¶
Add composite roles to the role.
- Parameters
role_name – The name of the role
roles – roles list or role (use RoleRepresentation) to be updated
- Returns
Keycloak server response
- remove_composite_realm_roles_to_role(self, role_name, roles)[source]¶
Remove composite roles from the role.
- Parameters
role_name – The name of the role
roles – roles list or role (use RoleRepresentation) to be removed
- Returns
Keycloak server response
- get_composite_realm_roles_of_role(self, role_name)[source]¶
Get composite roles of the role.
- Parameters
role_name – The name of the role
- Returns
Keycloak server response (array RoleRepresentation)
- assign_realm_roles(self, user_id, roles)[source]¶
Assign realm roles to a user.
- Parameters
user_id – id of user
roles – roles list or role (use RoleRepresentation)
- Returns
Keycloak server response
- delete_realm_roles_of_user(self, user_id, roles)[source]¶
Delete realm roles of a user.
- Parameters
user_id – id of user
roles – roles list or role (use RoleRepresentation)
- Returns
Keycloak server response
- get_realm_roles_of_user(self, user_id)[source]¶
Get all realm roles for a user.
- Parameters
user_id – id of user
- Returns
Keycloak server response (array RoleRepresentation)
- get_available_realm_roles_of_user(self, user_id)[source]¶
Get all available (i.e. unassigned) realm roles for a user.
- Parameters
user_id – id of user
- Returns
Keycloak server response (array RoleRepresentation)
- get_composite_realm_roles_of_user(self, user_id)[source]¶
Get all composite (i.e. implicit) realm roles for a user.
- Parameters
user_id – id of user
- Returns
Keycloak server response (array RoleRepresentation)
- assign_group_realm_roles(self, group_id, roles)[source]¶
Assign realm roles to a group.
- Parameters
group_id – id of groupp
roles – roles list or role (use GroupRoleRepresentation)
- Returns
Keycloak server response
- delete_group_realm_roles(self, group_id, roles)[source]¶
Delete realm roles of a group.
- Parameters
group_id – id of group
roles – roles list or role (use GroupRoleRepresentation)
- Returns
Keycloak server response
- get_group_realm_roles(self, group_id)[source]¶
Get all realm roles for a group.
- Parameters
user_id – id of the group
- Returns
Keycloak server response (array RoleRepresentation)
- assign_group_client_roles(self, group_id, client_id, roles)[source]¶
Assign client roles to a group.
- Parameters
group_id – id of group
client_id – id of client (not client-id)
roles – roles list or role (use GroupRoleRepresentation)
- Returns
Keycloak server response
- get_group_client_roles(self, group_id, client_id)[source]¶
Get client roles of a group.
- Parameters
group_id – id of group
client_id – id of client (not client-id)
- Returns
Keycloak server response
- delete_group_client_roles(self, group_id, client_id, roles)[source]¶
Delete client roles of a group.
- Parameters
group_id – id of group
client_id – id of client (not client-id)
roles – roles list or role (use GroupRoleRepresentation)
- Returns
Keycloak server response (array RoleRepresentation)
- get_client_roles_of_user(self, user_id, client_id)[source]¶
Get all client roles for a user.
- Parameters
user_id – id of user
client_id – id of client (not client-id)
- Returns
Keycloak server response (array RoleRepresentation)
- get_available_client_roles_of_user(self, user_id, client_id)[source]¶
Get available client role-mappings for a user.
- Parameters
user_id – id of user
client_id – id of client (not client-id)
- Returns
Keycloak server response (array RoleRepresentation)
- get_composite_client_roles_of_user(self, user_id, client_id)[source]¶
Get composite client role-mappings for a user.
- Parameters
user_id – id of user
client_id – id of client (not client-id)
- Returns
Keycloak server response (array RoleRepresentation)
- delete_client_roles_of_user(self, user_id, client_id, roles)[source]¶
Delete client roles from a user.
- Parameters
user_id – id of user
client_id – id of client containing role (not client-id)
roles – roles list or role to delete (use RoleRepresentation)
- Returns
Keycloak server response
- get_authentication_flows(self)[source]¶
Get authentication flows.
Returns all flow details
AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_authenticationflowrepresentation
- Returns
Keycloak server response (AuthenticationFlowRepresentation)
- get_authentication_flow_for_id(self, flow_id)[source]¶
Get one authentication flow by it’s id.
Returns all flow details
AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_authenticationflowrepresentation
- Parameters
flow_id – the id of a flow NOT it’s alias
- Returns
Keycloak server response (AuthenticationFlowRepresentation)
- create_authentication_flow(self, payload, skip_exists=False)[source]¶
Create a new authentication flow.
AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_authenticationflowrepresentation
- Parameters
payload – AuthenticationFlowRepresentation
skip_exists – Do not raise an error if authentication flow already exists
- Returns
Keycloak server response (RoleRepresentation)
- copy_authentication_flow(self, payload, flow_alias)[source]¶
Copy existing authentication flow under a new name.
The new name is given as ‘newName’ attribute of the passed payload.
- Parameters
payload – JSON containing ‘newName’ attribute
flow_alias – the flow alias
- Returns
Keycloak server response (RoleRepresentation)
- delete_authentication_flow(self, flow_id)[source]¶
Delete authentication flow.
AuthenticationInfoRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_authenticationinforepresentation
- Parameters
flow_id – authentication flow id
- Returns
Keycloak server response
- get_authentication_flow_executions(self, flow_alias)[source]¶
Get authentication flow executions.
Returns all execution steps
- Parameters
flow_alias – the flow alias
- Returns
Response(json)
- update_authentication_flow_executions(self, payload, flow_alias)[source]¶
Update an authentication flow execution.
AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_authenticationexecutioninforepresentation
- Parameters
payload – AuthenticationExecutionInfoRepresentation
flow_alias – The flow alias
- Returns
Keycloak server response
- get_authentication_flow_execution(self, execution_id)[source]¶
Get authentication flow execution.
AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_authenticationexecutioninforepresentation
- Parameters
execution_id – the execution ID
- Returns
Response(json)
- create_authentication_flow_execution(self, payload, flow_alias)[source]¶
Create an authentication flow execution.
AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_authenticationexecutioninforepresentation
- Parameters
payload – AuthenticationExecutionInfoRepresentation
flow_alias – The flow alias
- Returns
Keycloak server response
- delete_authentication_flow_execution(self, execution_id)[source]¶
Delete authentication flow execution.
AuthenticationExecutionInfoRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_authenticationexecutioninforepresentation
- Parameters
execution_id – keycloak client id (not oauth client-id)
- Returns
Keycloak server response (json)
- create_authentication_flow_subflow(self, payload, flow_alias, skip_exists=False)[source]¶
Create a new sub authentication flow for a given authentication flow.
AuthenticationFlowRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_authenticationflowrepresentation
- Parameters
payload – AuthenticationFlowRepresentation
flow_alias – The flow alias
skip_exists – Do not raise an error if authentication flow already exists
- Returns
Keycloak server response (RoleRepresentation)
- get_authenticator_provider_config_description(self, provider_id)[source]¶
Get authenticator’s provider configuration description.
AuthenticatorConfigInfoRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_authenticatorconfiginforepresentation
- Parameters
provider_id – Provider Id
- Returns
AuthenticatorConfigInfoRepresentation
- get_authenticator_config(self, config_id)[source]¶
Get authenticator configuration.
Returns all configuration details.
- Parameters
config_id – Authenticator config id
- Returns
Response(json)
- update_authenticator_config(self, payload, config_id)[source]¶
Update an authenticator configuration.
AuthenticatorConfigRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_authenticatorconfigrepresentation
- Parameters
payload – AuthenticatorConfigRepresentation
config_id – Authenticator config id
- Returns
Response(json)
- delete_authenticator_config(self, config_id)[source]¶
Delete a authenticator configuration.
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_authentication_management_resource
- Parameters
config_id – Authenticator config id
- Returns
Keycloak server Response
- sync_users(self, storage_id, action)[source]¶
Trigger user sync from provider.
- Parameters
storage_id – The id of the user storage provider
action – Action can be “triggerFullSync” or “triggerChangedUsersSync”
- Returns
- get_client_scopes(self)[source]¶
Get client scopes.
Get representation of the client scopes for the realm where we are connected to https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_getclientscopes
- Returns
Keycloak server response Array of (ClientScopeRepresentation)
- get_client_scope(self, client_scope_id)[source]¶
Get client scope.
Get representation of the client scopes for the realm where we are connected to https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_getclientscopes
- Parameters
client_scope_id – The id of the client scope
- Returns
Keycloak server response (ClientScopeRepresentation)
- get_client_scope_by_name(self, client_scope_name)[source]¶
Get client scope by name.
Get representation of the client scope identified by the client scope name.
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_getclientscopes :param client_scope_name: (str) Name of the client scope :returns: ClientScopeRepresentation or None
- create_client_scope(self, payload, skip_exists=False)[source]¶
Create a client scope.
ClientScopeRepresentation: https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_getclientscopes
- Parameters
payload – ClientScopeRepresentation
skip_exists – If true then do not raise an error if client scope already exists
- Returns
Client scope id
- update_client_scope(self, client_scope_id, payload)[source]¶
Update a client scope.
ClientScopeRepresentation: https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_client_scopes_resource
- Parameters
client_scope_id – The id of the client scope
payload – ClientScopeRepresentation
- Returns
Keycloak server response (ClientScopeRepresentation)
- delete_client_scope(self, client_scope_id)[source]¶
Delete existing client scope.
ClientScopeRepresentation: https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_client_scopes_resource
- Parameters
client_scope_id – The id of the client scope
- Returns
Keycloak server response
- get_mappers_from_client_scope(self, client_scope_id)[source]¶
Get a list of all mappers connected to the client scope.
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_protocol_mappers_resource :param client_scope_id: Client scope id :returns: Keycloak server response (ProtocolMapperRepresentation)
- add_mapper_to_client_scope(self, client_scope_id, payload)[source]¶
Add a mapper to a client scope.
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_create_mapper
- Parameters
client_scope_id – The id of the client scope
payload – ProtocolMapperRepresentation
- Returns
Keycloak server Response
- delete_mapper_from_client_scope(self, client_scope_id, protocol_mapper_id)[source]¶
Delete a mapper from a client scope.
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_delete_mapper
- Parameters
client_scope_id – The id of the client scope
protocol_mapper_id – Protocol mapper id
- Returns
Keycloak server Response
- update_mapper_in_client_scope(self, client_scope_id, protocol_mapper_id, payload)[source]¶
Update an existing protocol mapper in a client scope.
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_protocol_mappers_resource
- Parameters
client_scope_id – The id of the client scope
protocol_mapper_id – The id of the protocol mapper which exists in the client scope and should to be updated
payload – ProtocolMapperRepresentation
- Returns
Keycloak server Response
- get_default_default_client_scopes(self)[source]¶
Get default default client scopes.
Return list of default default client scopes
- Returns
Keycloak server response
- delete_default_default_client_scope(self, scope_id)[source]¶
Delete default default client scope.
- Parameters
scope_id – default default client scope id
- Returns
Keycloak server response
- add_default_default_client_scope(self, scope_id)[source]¶
Add default default client scope.
- Parameters
scope_id – default default client scope id
- Returns
Keycloak server response
- get_default_optional_client_scopes(self)[source]¶
Get default optional client scopes.
Return list of default optional client scopes
- Returns
Keycloak server response
- delete_default_optional_client_scope(self, scope_id)[source]¶
Delete default optional client scope.
- Parameters
scope_id – default optional client scope id
- Returns
Keycloak server response
- add_default_optional_client_scope(self, scope_id)[source]¶
Add default optional client scope.
- Parameters
scope_id – default optional client scope id
- Returns
Keycloak server response
- get_mappers_from_client(self, client_id)[source]¶
List of all client mappers.
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_protocolmapperrepresentation
- Parameters
client_id – Client id
- Returns
KeycloakServerResponse (list of ProtocolMapperRepresentation)
- add_mapper_to_client(self, client_id, payload)[source]¶
Add a mapper to a client.
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_create_mapper
- Parameters
client_id – The id of the client
payload – ProtocolMapperRepresentation
- Returns
Keycloak server Response
- update_client_mapper(self, client_id, mapper_id, payload)[source]¶
Update client mapper.
- Parameters
client_id – The id of the client
client_mapper_id – The id of the mapper to be deleted
payload – ProtocolMapperRepresentation
- Returns
Keycloak server response
- remove_client_mapper(self, client_id, client_mapper_id)[source]¶
Remove a mapper from the client.
https://www.keycloak.org/docs-api/15.0/rest-api/index.html#_protocol_mappers_resource :param client_id: The id of the client :param client_mapper_id: The id of the mapper to be deleted :return: Keycloak server response
- generate_client_secrets(self, client_id)[source]¶
Generate a new secret for the client.
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_regeneratesecret
- Parameters
client_id – id of client (not client-id)
- Returns
Keycloak server response (ClientRepresentation)
- get_client_secrets(self, client_id)[source]¶
Get representation of the client secrets.
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_getclientsecret
- Parameters
client_id – id of client (not client-id)
- Returns
Keycloak server response (ClientRepresentation)
- get_components(self, query=None)[source]¶
Get components.
Return a list of components, filtered according to query parameters
ComponentRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_componentrepresentation
- Parameters
query – Query parameters (optional)
- Returns
components list
- create_component(self, payload)[source]¶
Create a new component.
ComponentRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_componentrepresentation
- Parameters
payload – ComponentRepresentation
- Returns
Component id
- get_component(self, component_id)[source]¶
Get representation of the component.
- Parameters
component_id – Component id
ComponentRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_componentrepresentation
- Returns
ComponentRepresentation
- update_component(self, component_id, payload)[source]¶
Update the component.
- Parameters
component_id – Component id
payload – ComponentRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_componentrepresentation
- Returns
Http response
- delete_component(self, component_id)[source]¶
Delete the component.
- Parameters
component_id – Component id
- Returns
Http response
- get_keys(self)[source]¶
Get keys.
Return a list of keys, filtered according to query parameters
KeysMetadataRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_key_resource
- Returns
keys list
- get_events(self, query=None)[source]¶
Get events.
Return a list of events, filtered according to query parameters
EventRepresentation array https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_eventrepresentation
- Returns
events list
- set_events(self, payload)[source]¶
Set realm events configuration.
RealmEventsConfigRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_realmeventsconfigrepresentation
- Returns
Http response
- raw_get(self, *args, **kwargs)[source]¶
Call connection.raw_get.
If auto_refresh is set for get and access_token is expired, it will refresh the token and try get once more.
- raw_post(self, *args, **kwargs)[source]¶
Call connection.raw_post.
If auto_refresh is set for post and access_token is expired, it will refresh the token and try post once more.
- raw_put(self, *args, **kwargs)[source]¶
Call connection.raw_put.
If auto_refresh is set for put and access_token is expired, it will refresh the token and try put once more.
- raw_delete(self, *args, **kwargs)[source]¶
Call connection.raw_delete.
If auto_refresh is set for delete and access_token is expired, it will refresh the token and try delete once more.
- get_client_all_sessions(self, client_id)[source]¶
Get sessions associated with the client.
- Parameters
client_id – id of client
UserSessionRepresentation http://www.keycloak.org/docs-api/18.0/rest-api/index.html#_usersessionrepresentation
- Returns
UserSessionRepresentation
- get_client_sessions_stats(self)[source]¶
Get current session count for all clients with active sessions.
https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_getclientsessionstats
- Returns
Dict of clients and session count
- get_client_management_permissions(self, client_id)[source]¶
Get management permissions for a client.
- Parameters
client_id – id in ClientRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
- Returns
Keycloak server response
- update_client_management_permissions(self, payload, client_id)[source]¶
Update management permissions for a client.
ManagementPermissionReference https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_managementpermissionreference
- Parameters
payload – ManagementPermissionReference
client_id – id in ClientRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
- Returns
Keycloak server response
Payload example:
payload={ "enabled": true }
- get_client_authz_policy_scopes(self, client_id, policy_id)[source]¶
Get scopes for a given policy.
- Parameters
client_id – id in ClientRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
policy_id – No Document
- Returns
Keycloak server response
- get_client_authz_policy_resources(self, client_id, policy_id)[source]¶
Get resources for a given policy.
- Parameters
client_id – id in ClientRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
policy_id – No Document
- Returns
Keycloak server response
- get_client_authz_scope_permission(self, client_id, scope_id)[source]¶
Get permissions for a given scope.
- Parameters
client_id – id in ClientRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
scope_id – No Document
- Returns
Keycloak server response
- update_client_authz_scope_permission(self, payload, client_id, scope_id)[source]¶
Update permissions for a given scope.
- Parameters
payload – No Document
client_id – id in ClientRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
scope_id – No Document
- Returns
Keycloak server response
Payload example:
payload={ "id": scope_id, "name": "My Permission Name", "type": "scope", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "resources": [some_resource_id], "scopes": [some_scope_id], "policies": [some_policy_id], }
- get_client_authz_client_policies(self, client_id)[source]¶
Get policies for a given client.
- Parameters
client_id – id in ClientRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
- Returns
Keycloak server response (RoleRepresentation)
- create_client_authz_client_policy(self, payload, client_id)[source]¶
Create a new policy for a given client.
- Parameters
payload – No Document
client_id – id in ClientRepresentation https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clientrepresentation
- Returns
Keycloak server response (RoleRepresentation)
Payload example:
payload={ "type": "client", "logic": "POSITIVE", "decisionStrategy": "UNANIMOUS", "name": "My Policy", "clients": [other_client_id], }
- get_composite_client_roles_of_group(self, client_id, group_id)[source]¶
Get the composite client roles of the given group for the given client.
- Parameters
client_id (str) – id of the client.
group_id (str) – id of the group.
- Returns
the composite client roles of the group (list of RoleRepresentation).
- Return type
list
- get_role_client_level_children(self, client_id, role_id)[source]¶
Get the child roles of which the given composite client role is composed of.
- Parameters
client_id (str) – id of the client.
role_id (str) – id of the role.
- Returns
the child roles (list of RoleRepresentation).
- Return type
list
- upload_certificate(self, client_id, certcont)[source]¶
Upload a new certificate for the client.
- Parameters
client_id (str) – id of the client.
certcont (str) – the content of the certificate.
- Returns
dictionary {“certificate”: “<certcont>”}, where <certcont> is the content of the uploaded certificate.
- Return type
dict
- get_required_action_by_alias(self, action_alias)[source]¶
Get a required action by its alias.
- Parameters
action_alias (str) – the alias of the requried action.
- Returns
the required action (RequiredActionProviderRepresentation).
- Return type
dict