keycloak.keycloak_uma ===================== .. py:module:: keycloak.keycloak_uma .. autoapi-nested-parse:: Keycloak UMA module. The module contains a UMA compatible client for keycloak: https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-federated-authz-2.0.html Classes ------- .. autoapisummary:: keycloak.keycloak_uma.KeycloakUMA Module Contents --------------- .. py:class:: KeycloakUMA(connection: keycloak.openid_connection.KeycloakOpenIDConnection) Keycloak UMA client. :param connection: OpenID connection manager .. py:attribute:: connection .. py:attribute:: _well_known :value: None .. py:method:: _fetch_well_known() -> dict .. py:method:: format_url(url: str, **kwargs: Any) -> str :staticmethod: Substitute url path parameters. Given a parameterized url string, returns the string after url encoding and substituting the given params. For example, `format_url("https://myserver/{my_resource}/{id}", my_resource="hello world", id="myid")` would produce `https://myserver/hello+world/myid`. :param url: url string to format :type url: str :param kwargs: dict containing kwargs to substitute :type kwargs: dict :return: formatted string :rtype: str .. py:method:: a_format_url(url: str, **kwargs: Any) -> str :staticmethod: :async: Substitute url path parameters. Given a parameterized url string, returns the string after url encoding and substituting the given params. For example, `format_url("https://myserver/{my_resource}/{id}", my_resource="hello world", id="myid")` would produce `https://myserver/hello+world/myid`. :param url: url string to format :type url: str :param kwargs: dict containing kwargs to substitute :type kwargs: dict :return: formatted string :rtype: str .. py:property:: uma_well_known :type: dict Get the well_known UMA2 config. :returns: It lists endpoints and other configuration options relevant :rtype: dict .. py:property:: a_uma_well_known :type: dict Get the well_known UMA2 config async. :returns: It lists endpoints and other configuration options relevant :rtype: dict .. py:method:: resource_set_create(payload: dict) -> dict Create a resource set. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#rfc.section.2.2.1 ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :param payload: ResourceRepresentation :type payload: dict :return: ResourceRepresentation with the _id property assigned :rtype: dict .. py:method:: resource_set_update(resource_id: str, payload: dict) -> dict Update a resource set. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#update-resource-set ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :param resource_id: id of the resource :type resource_id: str :param payload: ResourceRepresentation :type payload: dict :return: Response dict (empty) :rtype: bytes .. py:method:: resource_set_read(resource_id: str) -> dict Read a resource set. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#read-resource-set ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :param resource_id: id of the resource :type resource_id: str :return: ResourceRepresentation :rtype: dict .. py:method:: resource_set_delete(resource_id: str) -> dict Delete a resource set. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#delete-resource-set :param resource_id: id of the resource :type resource_id: str :return: Response dict (empty) :rtype: dict .. py:method:: resource_set_list_ids(name: str = '', exact_name: bool = False, uri: str = '', owner: str = '', resource_type: str = '', scope: str = '', matchingUri: bool = False, first: int = 0, maximum: int = -1) -> list Query for list of resource set ids. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#list-resource-sets :param name: query resource name :type name: str :param exact_name: query exact match for resource name :type exact_name: bool :param uri: query resource uri :type uri: str :param owner: query resource owner :type owner: str :param resource_type: query resource type :type resource_type: str :param scope: query resource scope :type scope: str :param matchingUri: enable URI matching :type matchingUri: bool :param first: index of first matching resource to return :type first: int :param maximum: maximum number of resources to return (-1 for all) :type maximum: int :return: List of ids :rtype: List[str] .. py:method:: resource_set_list() -> collections.abc.Generator[dict, Any, Any] List all resource sets. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#list-resource-sets ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :yields: Iterator over a list of ResourceRepresentations :rtype: Iterator[dict] .. py:method:: permission_ticket_create(permissions: collections.abc.Iterable[keycloak.uma_permissions.UMAPermission]) -> dict Create a permission ticket. :param permissions: Iterable of uma permissions to validate the token against :type permissions: Iterable[UMAPermission] :returns: Keycloak decision :rtype: boolean :raises KeycloakPostError: In case permission resource not found .. py:method:: permissions_check(token: str, permissions: collections.abc.Iterable[keycloak.uma_permissions.UMAPermission], **extra_payload: Any) -> bool Check UMA permissions by user token with requested permissions. The token endpoint is used to check UMA permissions from Keycloak. It can only be invoked by confidential clients. https://www.keycloak.org/docs/latest/authorization_services/#_service_authorization_api :param token: user token :type token: str :param permissions: Iterable of uma permissions to validate the token against :type permissions: Iterable[UMAPermission] :param extra_payload: extra payload data :type extra_payload: dict :returns: Keycloak decision :rtype: boolean .. py:method:: policy_resource_create(resource_id: str, payload: dict) -> dict Create permission policy for resource. Supports name, description, scopes, roles, groups, clients https://www.keycloak.org/docs/latest/authorization_services/#associating-a-permission-with-a-resource :param resource_id: _id of resource :type resource_id: str :param payload: permission configuration :type payload: dict :return: PermissionRepresentation :rtype: dict .. py:method:: policy_update(policy_id: str, payload: dict) -> bytes Update permission policy. https://www.keycloak.org/docs/latest/authorization_services/#associating-a-permission-with-a-resource https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation :param policy_id: id of policy permission :type policy_id: str :param payload: policy permission configuration :type payload: dict :return: PermissionRepresentation :rtype: bytes .. py:method:: policy_delete(policy_id: str) -> dict Delete permission policy. https://www.keycloak.org/docs/latest/authorization_services/#removing-a-permission https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation :param policy_id: id of permission policy :type policy_id: str :return: PermissionRepresentation :rtype: dict .. py:method:: policy_query(resource: str = '', name: str = '', scope: str = '', first: int = 0, maximum: int = -1) -> list Query permission policies. https://www.keycloak.org/docs/latest/authorization_services/#querying-permission :param resource: query resource id :type resource: str :param name: query resource name :type name: str :param scope: query resource scope :type scope: str :param first: index of first matching resource to return :type first: int :param maximum: maximum number of resources to return (-1 for all) :type maximum: int :return: List of ids :return: List of ids :rtype: List[str] .. py:method:: a__fetch_well_known() -> dict :async: Get the well_known UMA2 config async. :returns: It lists endpoints and other configuration options relevant :rtype: dict .. py:method:: a_resource_set_create(payload: dict) -> dict :async: Create a resource set asynchronously. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#rfc.section.2.2.1 ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :param payload: ResourceRepresentation :type payload: dict :return: ResourceRepresentation with the _id property assigned :rtype: dict .. py:method:: a_resource_set_update(resource_id: str, payload: dict) -> dict :async: Update a resource set asynchronously. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#update-resource-set ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :param resource_id: id of the resource :type resource_id: str :param payload: ResourceRepresentation :type payload: dict :return: Response dict (empty) :rtype: dict .. py:method:: a_resource_set_read(resource_id: str) -> dict :async: Read a resource set asynchronously. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#read-resource-set ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :param resource_id: id of the resource :type resource_id: str :return: ResourceRepresentation :rtype: dict .. py:method:: a_resource_set_delete(resource_id: str) -> dict :async: Delete a resource set asynchronously. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#delete-resource-set :param resource_id: id of the resource :type resource_id: str :return: Response dict (empty) :rtype: dict .. py:method:: a_resource_set_list_ids(name: str = '', exact_name: bool = False, uri: str = '', owner: str = '', resource_type: str = '', scope: str = '', matchingUri: bool = False, first: int = 0, maximum: int = -1) -> list :async: Query for list of resource set ids asynchronously. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#list-resource-sets :param name: query resource name :type name: str :param exact_name: query exact match for resource name :type exact_name: bool :param uri: query resource uri :type uri: str :param owner: query resource owner :type owner: str :param resource_type: query resource type :type resource_type: str :param scope: query resource scope :type scope: str :param first: index of first matching resource to return :param matchingUri: enable URI matching :type matchingUri: bool :type first: int :param maximum: maximum number of resources to return (-1 for all) :type maximum: int :return: List of ids :rtype: List[str] .. py:method:: a_resource_set_list() -> collections.abc.AsyncGenerator[dict, Any] :async: List all resource sets asynchronously. Spec https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#list-resource-sets ResourceRepresentation https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_resourcerepresentation :yields: Iterator over a list of ResourceRepresentations :rtype: Iterator[dict] .. py:method:: a_permission_ticket_create(permissions: collections.abc.Iterable[keycloak.uma_permissions.UMAPermission]) -> dict :async: Create a permission ticket asynchronously. :param permissions: Iterable of uma permissions to validate the token against :type permissions: Iterable[UMAPermission] :returns: Keycloak decision :rtype: boolean :raises KeycloakPostError: In case permission resource not found .. py:method:: a_permissions_check(token: str, permissions: collections.abc.Iterable[keycloak.uma_permissions.UMAPermission], **extra_payload: Any) -> bool :async: Check UMA permissions by user token with requested permissions asynchronously. The token endpoint is used to check UMA permissions from Keycloak. It can only be invoked by confidential clients. https://www.keycloak.org/docs/latest/authorization_services/#_service_authorization_api :param token: user token :type token: str :param permissions: Iterable of uma permissions to validate the token against :type permissions: Iterable[UMAPermission] :param extra_payload: extra payload data :type extra_payload: dict :returns: Keycloak decision :rtype: boolean .. py:method:: a_policy_resource_create(resource_id: str, payload: dict) -> dict :async: Create permission policy for resource asynchronously. Supports name, description, scopes, roles, groups, clients https://www.keycloak.org/docs/latest/authorization_services/#associating-a-permission-with-a-resource :param resource_id: _id of resource :type resource_id: str :param payload: permission configuration :type payload: dict :return: PermissionRepresentation :rtype: dict .. py:method:: a_policy_update(policy_id: str, payload: dict) -> bytes :async: Update permission policy asynchronously. https://www.keycloak.org/docs/latest/authorization_services/#associating-a-permission-with-a-resource https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation :param policy_id: id of policy permission :type policy_id: str :param payload: policy permission configuration :type payload: dict :return: PermissionRepresentation :rtype: bytes .. py:method:: a_policy_delete(policy_id: str) -> dict :async: Delete permission policy asynchronously. https://www.keycloak.org/docs/latest/authorization_services/#removing-a-permission https://www.keycloak.org/docs-api/24.0.2/rest-api/index.html#_policyrepresentation :param policy_id: id of permission policy :type policy_id: str :return: PermissionRepresentation :rtype: dict .. py:method:: a_policy_query(resource: str = '', name: str = '', scope: str = '', first: int = 0, maximum: int = -1) -> list :async: Query permission policies asynchronously. https://www.keycloak.org/docs/latest/authorization_services/#querying-permission :param resource: query resource id :type resource: str :param name: query resource name :type name: str :param scope: query resource scope :type scope: str :param first: index of first matching resource to return :type first: int :param maximum: maximum number of resources to return (-1 for all) :type maximum: int :return: List of ids :return: List of ids :rtype: List[str]