Mirror
/
python-keycloak
mirror of https://github.com/marcospereirampj/python-keycloak.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
746 Commits
14 Branches
95 Tags
15 MiB
Tree: 7bbf4e15b7
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7bbf4e15b7'
${ noResults }
python-keycloak/src/keycloak/keycloak_uma.py

200 lines
7.3 KiB
Raw Normal View History

feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
feat: add Keycloak UMA client (#403)
1 year ago
fix: Refactor auto refresh (#415) * refactor: Factor our OpenIdConnectionManager class and deprecate old methods * refactor: Refactor keycloak uma client to use openid connection manager * fix: Perform token renewal at 90% of lifetime * refactor: Add optional openid connection constructor param to keycloak admin * refactor: Remove auto_refresh_token in favour of automatic refresh on expiry * refactor: move KeycloakOpenIDConnectionManager to a separate file * docs: uma additions and fixes * refactor: rename token_renewal_fraction->token_lifetime_fraction * refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection * docs: incorporate review comments
1 year ago
feat: add Keycloak UMA client (#403)
1 year ago
  1. # -*- coding: utf-8 -*-
  2. #
  3. # The MIT License (MIT)
  4. #
  5. # Copyright (C) 2017 Marcos Pereira <marcospereira.mpj@gmail.com>
  6. #
  7. # Permission is hereby granted, free of charge, to any person obtaining a copy of
  8. # this software and associated documentation files (the "Software"), to deal in
  9. # the Software without restriction, including without limitation the rights to
  10. # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
  11. # the Software, and to permit persons to whom the Software is furnished to do so,
  12. # subject to the following conditions:
  13. #
  14. # The above copyright notice and this permission notice shall be included in all
  15. # copies or substantial portions of the Software.
  16. #
  17. # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  18. # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
  19. # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
  20. # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
  21. # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
  22. # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  24. """Keycloak UMA module.
  26. The module contains a UMA compatible client for keycloak:
  27. https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-federated-authz-2.0.html
  28. """
  29. import json
  30. from urllib.parse import quote_plus
  32. from .exceptions import (
  33. KeycloakDeleteError,
  34. KeycloakGetError,
  35. KeycloakPostError,
  36. KeycloakPutError,
  37. raise_error_from_response,
  38. )
  39. from .openid_connection import KeycloakOpenIDConnection
  40. from .urls_patterns import URL_UMA_WELL_KNOWN
  43. class KeycloakUMA:
  44. """Keycloak UMA client.
  46. :param connection: OpenID connection manager
  47. """
  49. def __init__(self, connection: KeycloakOpenIDConnection):
  50. """Init method.
  52. :param connection: OpenID connection manager
  53. :type connection: KeycloakOpenIDConnection
  54. """
  55. self.connection = connection
  56. custom_headers = self.connection.custom_headers or {}
  57. custom_headers.update({"Content-Type": "application/json"})
  58. self.connection.custom_headers = custom_headers
  59. self._well_known = None
  61. def _fetch_well_known(self):
  62. params_path = {"realm-name": self.connection.realm_name}
  63. data_raw = self.connection.raw_get(URL_UMA_WELL_KNOWN.format(**params_path))
  64. return raise_error_from_response(data_raw, KeycloakGetError)
  66. @staticmethod
  67. def format_url(url, **kwargs):
  68. """Substitute url path parameters.
  70. Given a parameterized url string, returns the string after url encoding and substituting
  71. the given params. For example,
  72. `format_url("https://myserver/{my_resource}/{id}", my_resource="hello world", id="myid")`
  73. would produce `https://myserver/hello+world/myid`.
  75. :param url: url string to format
  76. :type url: str
  77. :param kwargs: dict containing kwargs to substitute
  78. :type kwargs: dict
  79. :return: formatted string
  80. :rtype: str
  81. """
  82. return url.format(**{k: quote_plus(v) for k, v in kwargs.items()})
  84. @property
  85. def uma_well_known(self):
  86. """Get the well_known UMA2 config.
  88. :returns: It lists endpoints and other configuration options relevant
  89. :rtype: dict
  90. """
  91. # per instance cache
  92. if not self._well_known:
  93. self._well_known = self._fetch_well_known()
  94. return self._well_known
  96. def resource_set_create(self, payload):
  97. """Create a resource set.
  99. Spec
  100. https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#rfc.section.2.2.1
  102. ResourceRepresentation
  103. https://www.keycloak.org/docs-api/20.0.0/rest-api/index.html#_resourcerepresentation
  105. :param payload: ResourceRepresentation
  106. :type payload: dict
  107. :return: ResourceRepresentation with the _id property assigned
  108. :rtype: dict
  109. """
  110. data_raw = self.connection.raw_post(
  111. self.uma_well_known["resource_registration_endpoint"], data=json.dumps(payload)
  112. )
  113. return raise_error_from_response(data_raw, KeycloakPostError, expected_codes=[201])
  115. def resource_set_update(self, resource_id, payload):
  116. """Update a resource set.
  118. Spec
  119. https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#update-resource-set
  121. ResourceRepresentation
  122. https://www.keycloak.org/docs-api/20.0.0/rest-api/index.html#_resourcerepresentation
  124. :param resource_id: id of the resource
  125. :type resource_id: str
  126. :param payload: ResourceRepresentation
  127. :type payload: dict
  128. :return: Response dict (empty)
  129. :rtype: dict
  130. """
  131. url = self.format_url(
  132. self.uma_well_known["resource_registration_endpoint"] + "/{id}", id=resource_id
  133. )
  134. data_raw = self.connection.raw_put(url, data=json.dumps(payload))
  135. return raise_error_from_response(data_raw, KeycloakPutError, expected_codes=[204])
  137. def resource_set_read(self, resource_id):
  138. """Read a resource set.
  140. Spec
  141. https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#read-resource-set
  143. ResourceRepresentation
  144. https://www.keycloak.org/docs-api/20.0.0/rest-api/index.html#_resourcerepresentation
  146. :param resource_id: id of the resource
  147. :type resource_id: str
  148. :return: ResourceRepresentation
  149. :rtype: dict
  150. """
  151. url = self.format_url(
  152. self.uma_well_known["resource_registration_endpoint"] + "/{id}", id=resource_id
  153. )
  154. data_raw = self.connection.raw_get(url)
  155. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[200])
  157. def resource_set_delete(self, resource_id):
  158. """Delete a resource set.
  160. Spec
  161. https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#delete-resource-set
  163. :param resource_id: id of the resource
  164. :type resource_id: str
  165. :return: Response dict (empty)
  166. :rtype: dict
  167. """
  168. url = self.format_url(
  169. self.uma_well_known["resource_registration_endpoint"] + "/{id}", id=resource_id
  170. )
  171. data_raw = self.connection.raw_delete(url)
  172. return raise_error_from_response(data_raw, KeycloakDeleteError, expected_codes=[204])
  174. def resource_set_list_ids(self):
  175. """List all resource set ids.
  177. Spec
  178. https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#list-resource-sets
  180. :return: List of ids
  181. :rtype: List[str]
  182. """
  183. data_raw = self.connection.raw_get(self.uma_well_known["resource_registration_endpoint"])
  184. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[200])
  186. def resource_set_list(self):
  187. """List all resource sets.
  189. Spec
  190. https://docs.kantarainitiative.org/uma/rec-oauth-resource-reg-v1_0_1.html#list-resource-sets
  192. ResourceRepresentation
  193. https://www.keycloak.org/docs-api/20.0.0/rest-api/index.html#_resourcerepresentation
  195. :yields: Iterator over a list of ResourceRepresentations
  196. :rtype: Iterator[dict]
  197. """
  198. for resource_id in self.resource_set_list_ids():
  199. resource = self.resource_set_read(resource_id)
  200. yield resource