keycloak.openid_connection¶

Keycloak OpenID Connection Manager module.

The module contains mainly the implementation of KeycloakOpenIDConnection class. This is an extension of the ConnectionManager class, and handles the automatic refresh of openid tokens when required.

Exceptions¶

KeycloakPostError

Keycloak request post error exception.

Classes¶

`ConnectionManager`	Represents a simple server connection.
`KeycloakOpenID`	Keycloak OpenID client.
`KeycloakOpenIDConnection`	A class to help with OpenID connections which can auto refresh tokens.

Module Contents¶

class keycloak.openid_connection.ConnectionManager(base_url, headers={}, timeout=60, verify=True, proxies=None)[source]¶

Bases: object

Represents a simple server connection.

Parameters:

base_url (str) – The server URL.
headers (dict) – The header parameters of the requests to the server.
timeout (int) – Timeout to use for requests to the server.
verify (Union[bool,str]) – Boolean value to enable or disable certificate validation or a string containing a path to a CA bundle to use
proxies (dict) – The proxies servers requests is sent by.

async aclose()[source]¶: Close the async connection on delete.

__del__()[source]¶: Del method.

property base_url¶

Return base url in use for requests to the server.

Returns:: Base URL
Return type:: str

property timeout¶

Return timeout in use for request to the server.

Returns:: Timeout
Return type:: int

property verify¶

Return verify in use for request to the server.

Returns:: Verify indicator
Return type:: bool

property headers¶

Return header request to the server.

Returns:: Request headers
Return type:: dict

param_headers(key)[source]¶

Return a specific header parameter.

Parameters:: key (str) – Header parameters key.
Returns:: If the header parameters exist, return its value.
Return type:: str

clean_headers()[source]¶: Clear header parameters.

exist_param_headers(key)[source]¶

Check if the parameter exists in the header.

Parameters:: key (str) – Header parameters key.
Returns:: If the header parameters exist, return True.
Return type:: bool

add_param_headers(key, value)[source]¶

Add a single parameter inside the header.

Parameters:

key (str) – Header parameters key.
value (str) – Value to be added.

del_param_headers(key)[source]¶

Remove a specific parameter.

Parameters:: key (str) – Key of the header parameters.

raw_get(path, **kwargs)[source]¶

Submit get request to the path.

Parameters:

path (str) – Path for request.
kwargs (dict) – Additional arguments

Returns:

Response the request.

Return type:

Response

Raises:

KeycloakConnectionError – HttpError Can’t connect to server.

raw_post(path, data, **kwargs)[source]¶

Submit post request to the path.

Parameters:

path (str) – Path for request.
data (dict) – Payload for request.
kwargs (dict) – Additional arguments

Returns:

Response the request.

Return type:

Response

Raises:

KeycloakConnectionError – HttpError Can’t connect to server.

raw_put(path, data, **kwargs)[source]¶

Submit put request to the path.

Parameters:

path (str) – Path for request.
data (dict) – Payload for request.
kwargs (dict) – Additional arguments

Returns:

Response the request.

Return type:

Response

Raises:

KeycloakConnectionError – HttpError Can’t connect to server.

raw_delete(path, data=None, **kwargs)[source]¶

Submit delete request to the path.

Parameters:

path (str) – Path for request.
data (dict | None) – Payload for request.
kwargs (dict) – Additional arguments

Returns:

Response the request.

Return type:

Response

Raises:

KeycloakConnectionError – HttpError Can’t connect to server.

async a_raw_get(path, **kwargs)[source]¶

Submit get request to the path.

Parameters:

path (str) – Path for request.
kwargs (dict) – Additional arguments

Returns:

Response the request.

Return type:

Response

Raises:

KeycloakConnectionError – HttpError Can’t connect to server.

async a_raw_post(path, data, **kwargs)[source]¶

Submit post request to the path.

Parameters:

path (str) – Path for request.
data (dict) – Payload for request.
kwargs (dict) – Additional arguments

Returns:

Response the request.

Return type:

Response

Raises:

KeycloakConnectionError – HttpError Can’t connect to server.

async a_raw_put(path, data, **kwargs)[source]¶

Submit put request to the path.

Parameters:

path (str) – Path for request.
data (dict) – Payload for request.
kwargs (dict) – Additional arguments

Returns:

Response the request.

Return type:

Response

Raises:

KeycloakConnectionError – HttpError Can’t connect to server.

async a_raw_delete(path, data=None, **kwargs)[source]¶

Submit delete request to the path.

Parameters:

path (str) – Path for request.
data (dict | None) – Payload for request.
kwargs (dict) – Additional arguments

Returns:

Response the request.

Return type:

Response

Raises:

KeycloakConnectionError – HttpError Can’t connect to server.

exception keycloak.openid_connection.KeycloakPostError(error_message='', response_code=None, response_body=None)[source]¶

Bases: KeycloakOperationError

Keycloak request post error exception.

class keycloak.openid_connection.KeycloakOpenID(server_url, realm_name, client_id, client_secret_key=None, verify=True, custom_headers=None, proxies=None, timeout=60)[source]¶

Keycloak OpenID client.

Parameters:

server_url – Keycloak server url
client_id – client id
realm_name – realm name
client_secret_key – client secret key
verify – Boolean value to enable or disable certificate validation or a string containing a path to a CA bundle to use
custom_headers – dict of custom header to pass to each HTML request
proxies – dict of proxies to sent the request by.
timeout – connection timeout in seconds

property client_id¶

Get client id.

Returns:: Client id
Return type:: str

property client_secret_key¶

Get the client secret key.

Returns:: Client secret key
Return type:: str

property realm_name¶

Get the realm name.

Returns:: Realm name
Return type:: str

property connection¶

Get connection.

Returns:: Connection manager object
Return type:: ConnectionManager

property authorization¶

Get authorization.

Returns:: The authorization manager
Return type:: Authorization

_add_secret_key(payload)[source]¶

Add secret key if exists.

Parameters:: payload (dict) – Payload
Returns:: Payload with the secret key
Return type:: dict

_build_name_role(role)[source]¶

Build name of a role.

Parameters:: role (str) – Role name
Returns:: Role path
Return type:: str

_token_info(token, method_token_info, **kwargs)[source]¶

Getter for the token data.

Parameters:

token (str) – Token
method_token_info (str) – Token info method to use
kwargs (dict) – Additional keyword arguments passed to the decode_token method

Returns:

Token info

Return type:

dict

well_known()[source]¶

Get the well_known object.

The most important endpoint to understand is the well-known configuration endpoint. It lists endpoints and other configuration options relevant to the OpenID Connect implementation in Keycloak.

Returns:: It lists endpoints and other configuration options relevant
Return type:: dict

auth_url(redirect_uri, scope='email', state='')[source]¶

Get authorization URL endpoint.

Parameters:

redirect_uri (str) – Redirect url to receive oauth code
scope (str) – Scope of authorization request, split with the blank space
state (str) – State will be returned to the redirect_uri

Returns:

Authorization URL Full Build

Return type:

str

token(username='', password='', grant_type=['password'], code='', redirect_uri='', totp=None, scope='openid', **extra)[source]¶

Retrieve user token.

The token endpoint is used to obtain tokens. Tokens can either be obtained by exchanging an authorization code or by supplying credentials directly depending on what flow is used. The token endpoint is also used to obtain new access tokens when they expire.

http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint

Parameters:

username (str) – Username
password (str) – Password
grant_type (str) – Grant type
code (str) – Code
redirect_uri (str) – Redirect URI
totp (int) – Time-based one-time password
scope (str) – Scope, defaults to openid
extra (dict) – Additional extra arguments

Returns:

Keycloak token

Return type:

dict

refresh_token(refresh_token, grant_type=['refresh_token'])[source]¶

Refresh the user token.

The token endpoint is used to obtain tokens. Tokens can either be obtained by exchanging an authorization code or by supplying credentials directly depending on what flow is used. The token endpoint is also used to obtain new access tokens when they expire.

http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint

Parameters:

refresh_token (str) – Refresh token from Keycloak
grant_type (str) – Grant type

Returns:

New token

Return type:

dict

exchange_token(token: str, audience: str | None = None, subject: str | None = None, subject_token_type: str | None = None, subject_issuer: str | None = None, requested_issuer: str | None = None, requested_token_type: str = 'urn:ietf:params:oauth:token-type:refresh_token', scope: str = 'openid') → dict[source]¶

Exchange user token.

Use a token to obtain an entirely different token. See https://www.keycloak.org/docs/latest/securing_apps/index.html#_token-exchange

Parameters:

token (str) – Access token
audience (str) – Audience
subject (str) – Subject
subject_token_type (Optional[str]) – Token Type specification
subject_issuer (Optional[str]) – Issuer
requested_issuer (Optional[str]) – Issuer
requested_token_type (str) – Token type specification
scope (str) – Scope, defaults to openid

Returns:

Exchanged token

Return type:

dict

userinfo(token)[source]¶

Get the user info object.

The userinfo endpoint returns standard claims about the authenticated user, and is protected by a bearer token.

http://openid.net/specs/openid-connect-core-1_0.html#UserInfo

Parameters:: token (str) – Access token
Returns:: Userinfo object
Return type:: dict

logout(refresh_token)[source]¶

Log out the authenticated user.

Parameters:: refresh_token (str) – Refresh token from Keycloak
Returns:: Keycloak server response
Return type:: dict

certs()[source]¶

Get certificates.

The certificate endpoint returns the public keys enabled by the realm, encoded as a JSON Web Key (JWK). Depending on the realm settings there can be one or more keys enabled for verifying tokens.

https://tools.ietf.org/html/rfc7517

Returns:: Certificates
Return type:: dict

public_key()[source]¶

Retrieve the public key.

The public key is exposed by the realm page directly.

Returns:: The public key
Return type:: str

entitlement(token, resource_server_id)[source]¶

Get entitlements from the token.

Client applications can use a specific endpoint to obtain a special security token called a requesting party token (RPT). This token consists of all the entitlements (or permissions) for a user as a result of the evaluation of the permissions and authorization policies associated with the resources being requested. With an RPT, client applications can gain access to protected resources at the resource server.

Parameters:

token (str) – Access token
resource_server_id (str) – Resource server ID

Returns:

Entitlements

Return type:

dict

introspect(token, rpt=None, token_type_hint=None)[source]¶

Introspect the user token.

The introspection endpoint is used to retrieve the active state of a token. It is can only be invoked by confidential clients.

https://tools.ietf.org/html/rfc7662

Parameters:

token (str) – Access token
rpt (str) – Requesting party token
token_type_hint (str) – Token type hint

Returns:

Token info

Return type:

dict

Raises:

KeycloakRPTNotFound – In case of RPT not specified

decode_token(token, validate: bool = True, **kwargs)[source]¶

Decode user token.

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. This specification also defines a JWK Set JSON data structure that represents a set of JWKs. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and IANA registries established by that specification.

https://tools.ietf.org/html/rfc7517

Parameters:

token (str) – Keycloak token
validate (bool) – Determines whether the token should be validated with the public key. Defaults to True.
kwargs (dict) – Additional keyword arguments for jwcrypto’s JWT object

Returns:

Decoded token

Return type:

dict

load_authorization_config(path)[source]¶

Load Keycloak settings (authorization).

Parameters:: path (str) – settings file (json)

get_policies(token, method_token_info='introspect', **kwargs)[source]¶

Get policies by user token.

Parameters:

token (str) – User token
method_token_info (str) – Method for token info decoding
kwargs (dict) – Additional keyword arguments

Returns:

Policies

Return type:

dict

Raises:

KeycloakAuthorizationConfigError – In case of bad authorization configuration
KeycloakInvalidTokenError – In case of bad token

get_permissions(token, method_token_info='introspect', **kwargs)[source]¶

Get permission by user token .

Parameters:

token (str) – user token
method_token_info (str) – Decode token method
kwargs (dict) – parameters for decode

Returns:

permissions list

Return type:

list

Raises:

KeycloakAuthorizationConfigError – In case of bad authorization configuration
KeycloakInvalidTokenError – In case of bad token

uma_permissions(token, permissions='')[source]¶

Get UMA permissions by user token with requested permissions.

The token endpoint is used to retrieve UMA permissions from Keycloak. It can only be invoked by confidential clients.

http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint

Parameters:

token (str) – user token
permissions (str) – list of uma permissions list(resource:scope) requested by the user

Returns:

Keycloak server response

Return type:

dict

has_uma_access(token, permissions)[source]¶

Determine whether user has uma permissions with specified user token.

Parameters:

token (str) – user token
permissions (str) – list of uma permissions (resource:scope)

Returns:

Authentication status

Return type:

AuthStatus

Raises:

KeycloakAuthenticationError – In case of failed authentication
KeycloakPostError – In case of failed request to Keycloak

register_client(token: str, payload: dict)[source]¶

Create a client.

ClientRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation

Parameters:

token (str) – Initial access token
payload (dict) – ClientRepresentation

Returns:

Client Representation

Return type:

dict

device()[source]¶

Get device authorization grant.

The device endpoint is used to obtain a user code verification and user authentication. The response contains a device_code, user_code, verification_uri, verification_uri_complete, expires_in (lifetime in seconds for device_code and user_code), and polling interval. Users can either follow the verification_uri and enter the user_code or follow the verification_uri_complete. After authenticating with valid credentials, users can obtain tokens using the “urn:ietf:params:oauth:grant-type:device_code” grant_type and the device_code.

https://auth0.com/docs/get-started/authentication-and-authorization-flow/device-authorization-flow https://github.com/keycloak/keycloak-community/blob/main/design/oauth2-device-authorization-grant.md#how-to-try-it

Returns:: Device Authorization Response
Return type:: dict

update_client(token: str, client_id: str, payload: dict)[source]¶

Update a client.

ClientRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation

Parameters:

token (str) – registration access token
client_id (str) – Keycloak client id
payload (dict) – ClientRepresentation

Returns:

Client Representation

Return type:

dict

async a_well_known()[source]¶

Get the well_known object asynchronously.

The most important endpoint to understand is the well-known configuration endpoint. It lists endpoints and other configuration options relevant to the OpenID Connect implementation in Keycloak.

Returns:: It lists endpoints and other configuration options relevant
Return type:: dict

async a_auth_url(redirect_uri, scope='email', state='')[source]¶

Get authorization URL endpoint asynchronously.

Parameters:

redirect_uri (str) – Redirect url to receive oauth code
scope (str) – Scope of authorization request, split with the blank space
state (str) – State will be returned to the redirect_uri

Returns:

Authorization URL Full Build

Return type:

str

async a_token(username='', password='', grant_type=['password'], code='', redirect_uri='', totp=None, scope='openid', **extra)[source]¶

Retrieve user token asynchronously.

The token endpoint is used to obtain tokens. Tokens can either be obtained by exchanging an authorization code or by supplying credentials directly depending on what flow is used. The token endpoint is also used to obtain new access tokens when they expire.

http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint

Parameters:

username (str) – Username
password (str) – Password
grant_type (str) – Grant type
code (str) – Code
redirect_uri (str) – Redirect URI
totp (int) – Time-based one-time password
scope (str) – Scope, defaults to openid
extra (dict) – Additional extra arguments

Returns:

Keycloak token

Return type:

dict

async a_refresh_token(refresh_token, grant_type=['refresh_token'])[source]¶

Refresh the user token asynchronously.

The token endpoint is used to obtain tokens. Tokens can either be obtained by exchanging an authorization code or by supplying credentials directly depending on what flow is used. The token endpoint is also used to obtain new access tokens when they expire.

http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint

Parameters:

refresh_token (str) – Refresh token from Keycloak
grant_type (str) – Grant type

Returns:

New token

Return type:

dict

async a_exchange_token(token: str, audience: str | None = None, subject: str | None = None, subject_token_type: str | None = None, subject_issuer: str | None = None, requested_issuer: str | None = None, requested_token_type: str = 'urn:ietf:params:oauth:token-type:refresh_token', scope: str = 'openid') → dict[source]¶

Exchange user token asynchronously.

Use a token to obtain an entirely different token. See https://www.keycloak.org/docs/latest/securing_apps/index.html#_token-exchange

Parameters:

token (str) – Access token
audience (str) – Audience
subject (str) – Subject
subject_token_type (Optional[str]) – Token Type specification
subject_issuer (Optional[str]) – Issuer
requested_issuer (Optional[str]) – Issuer
requested_token_type (str) – Token type specification
scope (str) – Scope, defaults to openid

Returns:

Exchanged token

Return type:

dict

async a_userinfo(token)[source]¶

Get the user info object asynchronously.

The userinfo endpoint returns standard claims about the authenticated user, and is protected by a bearer token.

http://openid.net/specs/openid-connect-core-1_0.html#UserInfo

Parameters:: token (str) – Access token
Returns:: Userinfo object
Return type:: dict

async a_logout(refresh_token)[source]¶

Log out the authenticated user asynchronously.

Parameters:: refresh_token (str) – Refresh token from Keycloak
Returns:: Keycloak server response
Return type:: dict

async a_certs()[source]¶

Get certificates asynchronously.

The certificate endpoint returns the public keys enabled by the realm, encoded as a JSON Web Key (JWK). Depending on the realm settings there can be one or more keys enabled for verifying tokens.

https://tools.ietf.org/html/rfc7517

Returns:: Certificates
Return type:: dict

async a_public_key()[source]¶

Retrieve the public key asynchronously.

The public key is exposed by the realm page directly.

Returns:: The public key
Return type:: str

async a_entitlement(token, resource_server_id)[source]¶

Get entitlements from the token asynchronously.

Client applications can use a specific endpoint to obtain a special security token called a requesting party token (RPT). This token consists of all the entitlements (or permissions) for a user as a result of the evaluation of the permissions and authorization policies associated with the resources being requested. With an RPT, client applications can gain access to protected resources at the resource server.

Parameters:

token (str) – Access token
resource_server_id (str) – Resource server ID

Returns:

Entitlements

Return type:

dict

async a_introspect(token, rpt=None, token_type_hint=None)[source]¶

Introspect the user token asynchronously.

The introspection endpoint is used to retrieve the active state of a token. It is can only be invoked by confidential clients.

https://tools.ietf.org/html/rfc7662

Parameters:

token (str) – Access token
rpt (str) – Requesting party token
token_type_hint (str) – Token type hint

Returns:

Token info

Return type:

dict

Raises:

KeycloakRPTNotFound – In case of RPT not specified

async a_decode_token(token, validate: bool = True, **kwargs)[source]¶

Decode user token asynchronously.

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. This specification also defines a JWK Set JSON data structure that represents a set of JWKs. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and IANA registries established by that specification.

https://tools.ietf.org/html/rfc7517

Parameters:

token (str) – Keycloak token
validate (bool) – Determines whether the token should be validated with the public key. Defaults to True.
kwargs (dict) – Additional keyword arguments for jwcrypto’s JWT object

Returns:

Decoded token

Return type:

dict

async a_load_authorization_config(path)[source]¶

Load Keycloak settings (authorization) asynchronously.

Parameters:: path (str) – settings file (json)

async a_get_policies(token, method_token_info='introspect', **kwargs)[source]¶

Get policies by user token asynchronously.

Parameters:

token (str) – User token
method_token_info (str) – Method for token info decoding
kwargs (dict) – Additional keyword arguments

Returns:

Policies

Return type:

dict

Raises:

KeycloakAuthorizationConfigError – In case of bad authorization configuration
KeycloakInvalidTokenError – In case of bad token

async a_get_permissions(token, method_token_info='introspect', **kwargs)[source]¶

Get permission by user token asynchronously.

Parameters:

token (str) – user token
method_token_info (str) – Decode token method
kwargs (dict) – parameters for decode

Returns:

permissions list

Return type:

list

Raises:

KeycloakAuthorizationConfigError – In case of bad authorization configuration
KeycloakInvalidTokenError – In case of bad token

async a_uma_permissions(token, permissions='')[source]¶

Get UMA permissions by user token with requested permissions asynchronously.

The token endpoint is used to retrieve UMA permissions from Keycloak. It can only be invoked by confidential clients.

http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint

Parameters:

token (str) – user token
permissions (str) – list of uma permissions list(resource:scope) requested by the user

Returns:

Keycloak server response

Return type:

dict

async a_has_uma_access(token, permissions)[source]¶

Determine whether user has uma permissions with specified user token asynchronously.

Parameters:

token (str) – user token
permissions (str) – list of uma permissions (resource:scope)

Returns:

Authentication status

Return type:

AuthStatus

Raises:

KeycloakAuthenticationError – In case of failed authentication
KeycloakPostError – In case of failed request to Keycloak

async a_register_client(token: str, payload: dict)[source]¶

Create a client asynchronously.

ClientRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation

Parameters:

token (str) – Initial access token
payload (dict) – ClientRepresentation

Returns:

Client Representation

Return type:

dict

async a_device()[source]¶

Get device authorization grant asynchronously.

The device endpoint is used to obtain a user code verification and user authentication. The response contains a device_code, user_code, verification_uri, verification_uri_complete, expires_in (lifetime in seconds for device_code and user_code), and polling interval. Users can either follow the verification_uri and enter the user_code or follow the verification_uri_complete. After authenticating with valid credentials, users can obtain tokens using the “urn:ietf:params:oauth:grant-type:device_code” grant_type and the device_code.

https://auth0.com/docs/get-started/authentication-and-authorization-flow/device-authorization-flow https://github.com/keycloak/keycloak-community/blob/main/design/oauth2-device-authorization-grant.md#how-to-try-it

Returns:: Device Authorization Response
Return type:: dict

async a_update_client(token: str, client_id: str, payload: dict)[source]¶

Update a client asynchronously.

ClientRepresentation: https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_clientrepresentation

Parameters:

token (str) – registration access token
client_id (str) – Keycloak client id
payload (dict) – ClientRepresentation

Returns:

Client Representation

Return type:

dict

class keycloak.openid_connection.KeycloakOpenIDConnection(server_url, username=None, password=None, token=None, totp=None, realm_name='master', client_id='admin-cli', verify=True, client_secret_key=None, custom_headers=None, user_realm_name=None, timeout=60)[source]¶

Bases: keycloak.connection.ConnectionManager

A class to help with OpenID connections which can auto refresh tokens.

Parameters:: object (_type_) – _description_

_server_url = None[source]¶

_username = None[source]¶

_password = None[source]¶

_totp = None[source]¶

_realm_name = None[source]¶

_client_id = None[source]¶

_verify = None[source]¶

_client_secret_key = None[source]¶

_connection = None[source]¶

_custom_headers = None[source]¶

_user_realm_name = None[source]¶

_expires_at = None[source]¶

_keycloak_openid = None[source]¶

property server_url[source]¶

Get server url.

Returns:: Keycloak server url
Return type:: str

property realm_name[source]¶

Get realm name.

Returns:: Realm name
Return type:: str

property client_id[source]¶

Get client id.

Returns:: Client id
Return type:: str

property client_secret_key[source]¶

Get client secret key.

Returns:: Client secret key
Return type:: str

property username[source]¶

Get username.

Returns:: Admin username
Return type:: str

property password[source]¶

Get password.

Returns:: Admin password
Return type:: str

property totp[source]¶

Get totp.

Returns:: TOTP
Return type:: str

property token[source]¶

Get token.

Returns:: Access and refresh token
Return type:: dict

property expires_at[source]¶

Get token expiry time.

Returns:: Datetime at which the current token will expire
Return type:: datetime

property user_realm_name[source]¶

Get user realm name.

Returns:: User realm name
Return type:: str

property custom_headers[source]¶

Get custom headers.

Returns:: Custom headers
Return type:: dict

property keycloak_openid: keycloak.keycloak_openid.KeycloakOpenID[source]¶

Get the KeycloakOpenID object.

The KeycloakOpenID is used to refresh tokens

Returns:: KeycloakOpenID
Return type:: KeycloakOpenID

get_token()[source]¶

Get admin token.

The admin token is then set in the token attribute.

refresh_token()[source]¶

Refresh the token.

Raises:: KeycloakPostError – In case the refresh token request failed.

_refresh_if_required()[source]¶

raw_get(*args, **kwargs)[source]¶

Call connection.raw_get.

If auto_refresh is set for get and access_token is expired, it will refresh the token and try get once more.

Parameters:

args (tuple) – Additional arguments
kwargs (dict) – Additional keyword arguments

Returns:

Response

Return type:

Response

raw_post(*args, **kwargs)[source]¶

Call connection.raw_post.

If auto_refresh is set for post and access_token is expired, it will refresh the token and try post once more.

Parameters:

args (tuple) – Additional arguments
kwargs (dict) – Additional keyword arguments

Returns:

Response

Return type:

Response

raw_put(*args, **kwargs)[source]¶

Call connection.raw_put.

If auto_refresh is set for put and access_token is expired, it will refresh the token and try put once more.

Parameters:

args (tuple) – Additional arguments
kwargs (dict) – Additional keyword arguments

Returns:

Response

Return type:

Response

raw_delete(*args, **kwargs)[source]¶

Call connection.raw_delete.

If auto_refresh is set for delete and access_token is expired, it will refresh the token and try delete once more.

Parameters:

args (tuple) – Additional arguments
kwargs (dict) – Additional keyword arguments

Returns:

Response

Return type:

Response

async a_get_token()[source]¶

Get admin token.

The admin token is then set in the token attribute.

async a_refresh_token()[source]¶

Refresh the token.

Raises:: KeycloakPostError – In case the refresh token request failed.

async a__refresh_if_required()[source]¶: Refresh the token if it is expired.

async a_raw_get(*args, **kwargs)[source]¶

Call connection.raw_get.

If auto_refresh is set for get and access_token is expired, it will refresh the token and try get once more.

Parameters:

args (tuple) – Additional arguments
kwargs (dict) – Additional keyword arguments

Returns:

Response

Return type:

Response

async a_raw_post(*args, **kwargs)[source]¶

Call connection.raw_post.

If auto_refresh is set for post and access_token is expired, it will refresh the token and try post once more.

Parameters:

args (tuple) – Additional arguments
kwargs (dict) – Additional keyword arguments

Returns:

Response

Return type:

Response

async a_raw_put(*args, **kwargs)[source]¶

Call connection.raw_put.

If auto_refresh is set for put and access_token is expired, it will refresh the token and try put once more.

Parameters:

args (tuple) – Additional arguments
kwargs (dict) – Additional keyword arguments

Returns:

Response

Return type:

Response

async a_raw_delete(*args, **kwargs)[source]¶

Call connection.raw_delete.

If auto_refresh is set for delete and access_token is expired, it will refresh the token and try delete once more.

Parameters:

args (tuple) – Additional arguments
kwargs (dict) – Additional keyword arguments

Returns:

Response

Return type:

Response