OpenID Client¶
Configure client OpenID¶
from keycloak import KeycloakOpenID
# Configure client
keycloak_openid = KeycloakOpenID(server_url="http://localhost:8080/auth/",
client_id="example_client",
realm_name="example_realm",
client_secret_key="secret")
Get .well_know¶
config_well_known = keycloak_openid.well_known()
Get access token with code¶
access_token = keycloak_openid.token(
grant_type='authorization_code',
code='the_code_you_get_from_auth_url_callback',
redirect_uri="your_call_back_url")
Get access token with user and password¶
token = keycloak_openid.token("user", "password")
token = keycloak_openid.token("user", "password", totp="012345")
Get token using Token Exchange¶
token = keycloak_openid.exchange_token(token['access_token'],
"my_client", "other_client", "some_user")
Refresh token¶
token = keycloak_openid.refresh_token(token['refresh_token'])
Get UserInfo¶
userinfo = keycloak_openid.userinfo(token['access_token'])
Logout¶
keycloak_openid.logout(token['refresh_token'])
Get certs¶
certs = keycloak_openid.certs()
Introspect RPT¶
token_rpt_info = keycloak_openid.introspect(keycloak_openid.introspect(token['access_token'],
rpt=rpt['rpt'],
token_type_hint="requesting_party_token"))
Introspect token¶
token_info = keycloak_openid.introspect(token['access_token'])
Decode token¶
KEYCLOAK_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\n" + keycloak_openid.public_key() + "\n-----END PUBLIC KEY-----"
options = {"verify_signature": True, "verify_aud": True, "verify_exp": True}
token_info = keycloak_openid.decode_token(token['access_token'], key=KEYCLOAK_PUBLIC_KEY, options=options)
Get UMA-permissions by token¶
token = keycloak_openid.token("user", "password")
permissions = keycloak_openid.uma_permissions(token['access_token'])
Get UMA-permissions by token with specific resource and scope requested¶
token = keycloak_openid.token("user", "password")
permissions = keycloak_openid.uma_permissions(token['access_token'], permissions="Resource#Scope")
Get auth status for a specific resource and scope by token¶
token = keycloak_openid.token("user", "password")
auth_status = keycloak_openid.has_uma_access(token['access_token'], "Resource#Scope")