1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
.. _openid_client:
OpenID Client
========================
Configure client OpenID
-------------------------
.. code-block:: python
from keycloak import KeycloakOpenID
# Configure client
# For versions older than 18 /auth/ must be added at the end of the server_url.
keycloak_openid = KeycloakOpenID(server_url="http://localhost:8080/",
client_id="example_client",
realm_name="example_realm",
client_secret_key="secret")
Get .well_know
-----------------------
.. code-block:: python
config_well_known = keycloak_openid.well_known()
Get code with OAuth authorization request
----------------------------------------------
.. code-block:: python
auth_url = keycloak_openid.auth_url(
redirect_uri="your_call_back_url",
scope="email",
state="your_state_info")
Get access token with code
----------------------------------------------
.. code-block:: python
access_token = keycloak_openid.token(
grant_type='authorization_code',
code='the_code_you_get_from_auth_url_callback',
redirect_uri="your_call_back_url")
Get access token with user and password
----------------------------------------------
.. code-block:: python
token = keycloak_openid.token("user", "password")
token = keycloak_openid.token("user", "password", totp="012345")
Get token using Token Exchange
----------------------------------------------
.. code-block:: python
token = keycloak_openid.exchange_token(token['access_token'],
"my_client", "other_client", "some_user")
Refresh token
----------------------------------------------
.. code-block:: python
token = keycloak_openid.refresh_token(token['refresh_token'])
Get UserInfo
----------------------------------------------
.. code-block:: python
userinfo = keycloak_openid.userinfo(token['access_token'])
Logout
----------------------------------------------
.. code-block:: python
keycloak_openid.logout(token['refresh_token'])
Get certs
----------------------------------------------
.. code-block:: python
certs = keycloak_openid.certs()
Introspect RPT
----------------------------------------------
.. code-block:: python
token_rpt_info = keycloak_openid.introspect(keycloak_openid.introspect(token['access_token'],
rpt=rpt['rpt'],
token_type_hint="requesting_party_token"))
Introspect token
----------------------------------------------
.. code-block:: python
token_info = keycloak_openid.introspect(token['access_token'])
Decode token
----------------------------------------------
.. code-block:: python
token_info = keycloak_openid.decode_token(token['access_token'])
# Without validation
token_info = keycloak_openid.decode_token(token['access_token'], validate=False)
Get UMA-permissions by token
----------------------------------------------
.. code-block:: python
token = keycloak_openid.token("user", "password")
permissions = keycloak_openid.uma_permissions(token['access_token'])
Get UMA-permissions by token with specific resource and scope requested
--------------------------------------------------------------------------
.. code-block:: python
token = keycloak_openid.token("user", "password")
permissions = keycloak_openid.uma_permissions(token['access_token'], permissions="Resource#Scope")
Get auth status for a specific resource and scope by token
--------------------------------------------------------------------------
.. code-block:: python
token = keycloak_openid.token("user", "password")
auth_status = keycloak_openid.has_uma_access(token['access_token'], "Resource#Scope")
|
