Mirror
/
python-keycloak
mirror of https://github.com/marcospereirampj/python-keycloak.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
444 Commits
16 Branches
111 Tags
19 MiB
Tree: a37bf45c77
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a37bf45c77'
${ noResults }
python-keycloak/keycloak/keycloak_admin.py

1952 lines
77 KiB
Raw Normal View History

Methods: list users, get user, create user.
7 years ago
Fixed README and setup.py. Updated docs.
6 years ago
Methods: list users, get user, create user.
7 years ago
Fixed README and setup.py. Updated docs.
6 years ago
Methods: list users, get user, create user.
7 years ago
Fixed README and setup.py. Updated docs.
6 years ago
Methods: list users, get user, create user.
7 years ago
Fixed README and setup.py. Updated docs.
6 years ago
Updated docs.
7 years ago
Fixed new features.
7 years ago
Fixed conflict.
6 years ago
pep8 formatting
6 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Fixed imports.
4 years ago
Manage composite realm roles of the realm role Signed-off-by: Tamara Nocentini <tamara.nocentini@2ndquadrant.com> Signed-off-by: Paolo Romolini <paolo.romolini@2ndquadrant.com>
4 years ago
pep8 formatting
6 years ago
Updated docs.
7 years ago
pep8 formatting
6 years ago
converting 'import *' into individual imports
6 years ago
added composite clients role feature
4 years ago
Fixed imports.
4 years ago
Fix get_group_realm_roles, set correct url to get realm roles. Remove the no longer used, wrong url.
4 years ago
converting 'import *' into individual imports
6 years ago
Create method to list all realms from a Keycloak deployment
6 years ago
Added delete_idp method
4 years ago
Add Missing Methods
4 years ago
Fixed imports.
4 years ago
fix comma
4 years ago
Added code for fetching role users from role in realm and client
4 years ago
Merge branch 'master' into feature/fetchRoleUsers
4 years ago
Adds get_authentication_flow_for_id admin method
4 years ago
added composite clients role feature
4 years ago
Added realm partial export feature
3 years ago
Merge branch 'master' into user_logout
3 years ago
Methods: list users, get user, create user.
7 years ago
Add pagination wrapper
5 years ago
- add function to update a client-scope
4 years ago
Update keycloak_admin.py fixes auto_refresh_token property not using setter on KeyclaokAdmin initialization
5 years ago
Merge branch 'master' into auto-refresh-admin-token
5 years ago
Update keycloak_admin.py fixes auto_refresh_token property not using setter on KeyclaokAdmin initialization
5 years ago
Add support for Client Credentials Grant in KeycloakAdmin
5 years ago
Merge branch 'master' into auto-refresh-admin-token
5 years ago
Updated docks
7 years ago
Replaced deprecated method, improved description and added packages to requirements.
4 years ago
[Feature] add custom headers. Closes #38
5 years ago
Updated documentation and links
5 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Updated docks
7 years ago
Update keycloak_admin.py fixes auto_refresh_token property not using setter on KeyclaokAdmin initialization
5 years ago
Merge branch 'master' into auto-refresh-admin-token
5 years ago
Methods: list users, get user, create user.
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Update keycloak_admin.py fixes auto_refresh_token property not using setter on KeyclaokAdmin initialization
5 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Methods: list users, get user, create user.
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Methods: list users, get user, create user.
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Merge branch 'master' into auto-refresh-admin-token
5 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Update keycloak_admin.py fixes auto_refresh_token property not using setter on KeyclaokAdmin initialization
5 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Add pagination wrapper
5 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Add pagination wrapper
5 years ago
Stopping pagination requests if response count is lower than page size.
3 years ago
Add pagination wrapper
5 years ago
Admin - adding 'Import Realm' to pass a RealmRepresentation and create a new Realm
6 years ago
Updated documentation and links
5 years ago
Admin - adding 'Import Realm' to pass a RealmRepresentation and create a new Realm
6 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
Admin - adding 'Import Realm' to pass a RealmRepresentation and create a new Realm
6 years ago
Added realm partial export feature
3 years ago
Fix feature function documents
3 years ago
Added realm partial export feature
3 years ago
Create method to list all realms from a Keycloak deployment
6 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Create method to list all realms from a Keycloak deployment
6 years ago
Add support to create a new Realm
6 years ago
Fix copy-pasted docstring
6 years ago
Add support to create a new Realm
6 years ago
Updated documentation and links
5 years ago
Add support to create a new Realm
6 years ago
Updated documentation and links
5 years ago
Fix copy-pasted docstring
6 years ago
Add support to create a new Realm
6 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
Add support to create a new Realm
6 years ago
Added routes for deleting and updating realms
5 years ago
Release version 0.22.0
4 years ago
Added routes for deleting and updating realms
5 years ago
Release version 0.22.0
4 years ago
Added routes for deleting and updating realms
5 years ago
Updated docs.
7 years ago
Methods: list users, get user, create user.
7 years ago
Updated documentation and links
5 years ago
Methods: list users, get user, create user.
7 years ago
Updated documentation and links
5 years ago
Methods: list users, get user, create user.
7 years ago
Paginate get_users
5 years ago
Methods: list users, get user, create user.
7 years ago
Add Missing Methods
4 years ago
Add get_idps
6 years ago
Updated documentation and links
5 years ago
Add get_idps
6 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Add get_idps
6 years ago
Added delete_idp method
4 years ago
Add exist_ok attribute to KeycloakAdmin.create_user This attribute allows configuration of the behaviour of create_user when a user with the passed username already exists. If set to False, an exception will be raised (passed through) from the API. If set to True (default), the existing user ID will silently be returned.
4 years ago
Methods: list users, get user, create user.
7 years ago
Updated documentation and links
5 years ago
Methods: list users, get user, create user.
7 years ago
Updated documentation and links
5 years ago
Methods: list users, get user, create user.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Add exist_ok attribute to KeycloakAdmin.create_user This attribute allows configuration of the behaviour of create_user when a user with the passed username already exists. If set to False, an exception will be raised (passed through) from the API. If set to True (default), the existing user ID will silently be returned.
4 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
revert to payload
7 years ago
Methods: list users, get user, create user.
7 years ago
Add get_idps
6 years ago
Add exist_ok attribute to KeycloakAdmin.create_user This attribute allows configuration of the behaviour of create_user when a user with the passed username already exists. If set to False, an exception will be raised (passed through) from the API. If set to True (default), the existing user ID will silently be returned.
4 years ago
Add get_idps
6 years ago
Add exist_ok attribute to KeycloakAdmin.create_user This attribute allows configuration of the behaviour of create_user when a user with the passed username already exists. If set to False, an exception will be raised (passed through) from the API. If set to True (default), the existing user ID will silently be returned.
4 years ago
Add get_idps
6 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
return user id on user creation
5 years ago
Methods: list users, get user, create user.
7 years ago
Updated docs.
7 years ago
Methods: list users, get user, create user.
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Methods: list users, get user, create user.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Updated documentation and links
5 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Fix get_user_id to non case-sensitive
4 years ago
Add Admin Tasks for user and client role management
7 years ago
Methods: list users, get user, create user.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Updated documentation and links
5 years ago
Methods: list users, get user, create user.
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Methods: list users, get user, create user.
7 years ago
Add get_user_groups function
7 years ago
Updated documentation and links
5 years ago
Add get_user_groups function
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Add get_user_groups function
7 years ago
revert back to payload
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Fixed new features.
7 years ago
Updated documentation and links
5 years ago
Fixed new features.
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
Fixed new features.
7 years ago
Add user logout
3 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Update keycloak_admin.py added capabilities to add and get user's social login
4 years ago
added description
4 years ago
Update keycloak_admin.py added capabilities to add and get user's social login
4 years ago
- add function to update a client-scope
4 years ago
Add delete_user_social_login This makes it possible to delete federated identities without having to use raw requests.
3 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Updated documentation and links
5 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Updated documentation and links
5 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Maintain consistency across all methods and force all payload content to be in JSON format
4 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Updated documentation and links
5 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Add groups functions
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Updated documentation and links
5 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Updated documentation and links
5 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Add groups functions
7 years ago
Updated documentation and links
5 years ago
Add groups functions
7 years ago
Updated documentation and links
5 years ago
Add groups functions
7 years ago
Paginate get_groups
5 years ago
Add groups functions
7 years ago
Updated documentation and links
5 years ago
Add groups functions
7 years ago
Updated documentation and links
5 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Add groups functions
7 years ago
Add get_idps
6 years ago
Updated documentation and links
5 years ago
Add get_idps
6 years ago
pep8 formatting
6 years ago
Fix get_subgroups iteration
5 years ago
Add get_idps
6 years ago
Add query params to get_group_members
6 years ago
method to get group members
7 years ago
comments
7 years ago
method to get group members
7 years ago
Updated documentation and links
5 years ago
method to get group members
7 years ago
Updated documentation and links
5 years ago
comments
7 years ago
method to get group members
7 years ago
Paginate get_group_members
5 years ago
method to get group members
7 years ago
Add get_idps
6 years ago
Add groups functions
7 years ago
Updated documentation and links
5 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Fixed new features.
7 years ago
Refactoring code: groups and client.
7 years ago
Add get_idps
6 years ago
Refactoring code: groups and client.
7 years ago
Fix a bug in the subgroup searching
6 years ago
Add groups functions
7 years ago
Add get_idps
6 years ago
Add groups functions
7 years ago
Add get_idps
6 years ago
Updated documentation and links
5 years ago
Refactoring code: groups and client.
7 years ago
Updated documentation and links
5 years ago
Add groups functions
7 years ago
Add get_idps
6 years ago
Add groups functions
7 years ago
pep8 formatting
6 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Add groups functions
7 years ago
pep8 formatting
6 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Fixed create group.
5 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
Add groups functions
7 years ago
Add update_group
5 years ago
Updated documentation and links
5 years ago
Add update_group
5 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
Add update_group
5 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
Add groups functions
7 years ago
Updated documentation and links
5 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Add groups functions
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
Add groups functions
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Updated documentation and links
5 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Updated documentation and links
5 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Refactoring code: groups and client.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Refactoring code: groups and client.
7 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
added send_verify_email, reset_password, send_update_account, server_info, get_sessions, get_clients.
7 years ago
Methods: list users, get user, create user.
7 years ago
Refactoring code: groups and client.
7 years ago
Updated documentation and links
5 years ago
Refactoring code: groups and client.
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Refactoring code: groups and client.
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Updated documentation and links
5 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Fix bug in get_client_id method. Add get_client_authz_settings method
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Fix bug in get_client_id method. Add get_client_authz_settings method
7 years ago
Updated documentation and links
5 years ago
Fix bug in get_client_id method. Add get_client_authz_settings method
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Fix bug in get_client_id method. Add get_client_authz_settings method
7 years ago
Add get_client_authz_resources to retrieve resources
7 years ago
Add get_client_authz_resources to retrieve resources
7 years ago
Add get_client_authz_resources to retrieve resources
7 years ago
Updated documentation and links
5 years ago
Add get_client_authz_resources to retrieve resources
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Add get_client_authz_resources to retrieve resources
7 years ago
added get_client_service_account_user
4 years ago
Add get_idps
6 years ago
Initial commit
7 years ago
Updated documentation and links
5 years ago
Initial commit
7 years ago
Updated documentation and links
5 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
Initial commit
7 years ago
Add update method for clients
5 years ago
Modified update_client & create_realm_role to use keycloak_admin raw_put/post Modified update_client & create_realm_role to use the keycloak_admin raw_put/post instead of the connection's raw_put/post directly to allow for token refresh
5 years ago
Add update method for clients
5 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
Add update method for clients
5 years ago
Initial commit
7 years ago
Updated documentation and links
5 years ago
Initial commit
7 years ago
Add groups functions
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
Initial commit
7 years ago
Add installation provider download
4 years ago
Refactoring code: groups and client.
7 years ago
Updated documentation and links
5 years ago
Refactoring code: groups and client.
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Refactoring code: groups and client.
7 years ago
Added code for fetching role users from role in realm and client
4 years ago
Add Admin Tasks for user and client role management
7 years ago
Updated docs.
7 years ago
Add groups functions
7 years ago
Updated docs.
7 years ago
Updated documentation and links
5 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add groups functions
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Updated documentation and links
5 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Updated documentation and links
5 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Refactoring code: groups and client.
7 years ago
Updated docs.
7 years ago
Fixed the create_client_role and delete_client_role.
6 years ago
Add Admin Tasks for user and client role management
7 years ago
Updated documentation and links
5 years ago
Add Admin Tasks for user and client role management
7 years ago
Fixed the create_client_role and delete_client_role.
6 years ago
Updated documentation and links
5 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring code: groups and client.
7 years ago
Fixed the create_client_role and delete_client_role.
6 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
Add Admin Tasks for user and client role management
7 years ago
added composite clients role feature
4 years ago
Fixed the create_client_role and delete_client_role.
6 years ago
Initial commit
7 years ago
Updated documentation and links
5 years ago
Initial commit
7 years ago
Updated documentation and links
5 years ago
Initial commit
7 years ago
Fixed the create_client_role and delete_client_role.
6 years ago
Refactoring code: groups and client.
7 years ago
Initial commit
7 years ago
Fixed the create_client_role and delete_client_role.
6 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
Initial commit
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Updated documentation and links
5 years ago
Refactoring all services for client and client-roles.
7 years ago
Refactoring code: groups and client.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Refactoring all services for client and client-roles.
7 years ago
Add Admin Tasks for user and client role management
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
Add sync users function
7 years ago
Added code for fetching role users from role in realm and client
4 years ago
Add function to KeycloakAdmin to add a role to a realm
5 years ago
Updated documentation and links
5 years ago
Add function to KeycloakAdmin to add a role to a realm
5 years ago
Modified update_client & create_realm_role to use keycloak_admin raw_put/post Modified update_client & create_realm_role to use the keycloak_admin raw_put/post instead of the connection's raw_put/post directly to allow for token refresh
5 years ago
Add function to KeycloakAdmin to add a role to a realm
5 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
Add function to KeycloakAdmin to add a role to a realm
5 years ago
Add "Get a role by name" API Signed-off-by: Paolo Romolini <paolo.romolini@2ndquadrant.com>
4 years ago
Add update and delete role by name Add 'Update a role' and 'Delete a role' by name and without passing the client parameter
5 years ago
Release version 0.22.0
4 years ago
Add update and delete role by name Add 'Update a role' and 'Delete a role' by name and without passing the client parameter
5 years ago
Release version 0.22.0
4 years ago
Add function to KeycloakAdmin to add a role to a realm
5 years ago
Manage composite realm roles of the realm role Signed-off-by: Tamara Nocentini <tamara.nocentini@2ndquadrant.com> Signed-off-by: Paolo Romolini <paolo.romolini@2ndquadrant.com>
4 years ago
Remove unused client_id from assign_realm_roles
3 years ago
Implement assign_realm_roles method Increment package version Update docstring Remove client_id from path params Fix raw_post with correct url
5 years ago
Updated documentation and links
5 years ago
Implement assign_realm_roles method Increment package version Update docstring Remove client_id from path params Fix raw_post with correct url
5 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
Implement assign_realm_roles method Increment package version Update docstring Remove client_id from path params Fix raw_post with correct url
5 years ago
Added get_realm_roles_of_user
4 years ago
Added get_realm_roles_of_user
4 years ago
Added get_realm_roles_of_user
4 years ago
Add group realm roles delete, get and add Signed-off-by: Paolo Romolini Signed-off-by: Tamara Noncentini
5 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
Add group realm roles delete, get and add Signed-off-by: Paolo Romolini Signed-off-by: Tamara Noncentini
5 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
Add group realm roles delete, get and add Signed-off-by: Paolo Romolini Signed-off-by: Tamara Noncentini
5 years ago
Fix get_group_realm_roles, set correct url to get realm roles. Remove the no longer used, wrong url.
4 years ago
Add group realm roles delete, get and add Signed-off-by: Paolo Romolini Signed-off-by: Tamara Noncentini
5 years ago
add client-level operations for group roles
4 years ago
Release version 0.22.0
4 years ago
add client-level operations for group roles
4 years ago
Update keycloak_admin.py Swapped the names for get_group_client_roles & delete_group_client_roles respectively. Updated usage, removed the roles object build for the get_ method.
4 years ago
add client-level operations for group roles
4 years ago
Update keycloak_admin.py Swapped the names for get_group_client_roles & delete_group_client_roles respectively. Updated usage, removed the roles object build for the get_ method.
4 years ago
add client-level operations for group roles
4 years ago
Update keycloak_admin.py Swapped the names for get_group_client_roles & delete_group_client_roles respectively. Updated usage, removed the roles object build for the get_ method.
4 years ago
add client-level operations for group roles
4 years ago
Update keycloak_admin.py Swapped the names for get_group_client_roles & delete_group_client_roles respectively. Updated usage, removed the roles object build for the get_ method.
4 years ago
add client-level operations for group roles
4 years ago
improve comment
4 years ago
add client-level operations for group roles
4 years ago
Release version 0.22.0
4 years ago
add client-level operations for group roles
4 years ago
Add method to retrieve the client roles of a user
7 years ago
Updated documentation and links
5 years ago
Add method to retrieve the client roles of a user
7 years ago
Add method to retrieve avaialbe and composite client roles of a user
7 years ago
Updated documentation and links
5 years ago
Add method to retrieve avaialbe and composite client roles of a user
7 years ago
Updated documentation and links
5 years ago
Add method to retrieve avaialbe and composite client roles of a user
7 years ago
Add method to retrieve the client roles of a user
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Add method to retrieve the client roles of a user
7 years ago
Add method to delete client roles of a user
7 years ago
Updated documentation and links
5 years ago
Add method to delete client roles of a user
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
Add method to delete client roles of a user
7 years ago
Add authentication flow actions
6 years ago
Updated documentation and links
5 years ago
Add authentication flow actions
6 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Add authentication flow actions
6 years ago
- add function to update a client-scope
4 years ago
Adds get_authentication_flow_for_id admin method
4 years ago
- add function to update a client-scope
4 years ago
Adds get_authentication_flow_for_id admin method
4 years ago
Add authentication flow actions
6 years ago
Updated documentation and links
5 years ago
Add authentication flow actions
6 years ago
Updated documentation and links
5 years ago
Add authentication flow actions
6 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Maintain consistency across all methods and force all payload content to be in JSON format
4 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
Add authentication flow actions
6 years ago
Adds copy_authentication_flow admin method
4 years ago
Maintain consistency across all methods and force all payload content to be in JSON format
4 years ago
Adds copy_authentication_flow admin method
4 years ago
Add authentication flow actions
6 years ago
Updated documentation and links
5 years ago
Add authentication flow actions
6 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Add authentication flow actions
6 years ago
Updated documentation and links
5 years ago
Add authentication flow actions
6 years ago
Updated documentation and links
5 years ago
Add authentication flow actions
6 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Maintain consistency across all methods and force all payload content to be in JSON format
4 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
- add function to update a client-scope
4 years ago
Adds create_authentication_flow_execution admin method
4 years ago
Maintain consistency across all methods and force all payload content to be in JSON format
4 years ago
Adds create_authentication_flow_execution admin method
4 years ago
Add authentication flow actions
6 years ago
Adds create_authentication_flow_subflow admin method
4 years ago
Adds create_authentication_flow_execution admin method
4 years ago
Maintain consistency across all methods and force all payload content to be in JSON format
4 years ago
Adds create_authentication_flow_subflow admin method
4 years ago
Add authentication flow actions
6 years ago
Add Keycloak authenticator config management (add, update and delete methods)
4 years ago
Add sync users function
7 years ago
Added groups functions and client functions. Added Changedlog
7 years ago
Updated documentation and links
5 years ago
Added groups functions and client functions. Added Changedlog
7 years ago
Add sync users function
7 years ago
Merge develop
7 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Add sync users function
7 years ago
Create methods to retrieve all client scopes, a single client scope, and to add a mapper to a client scope
6 years ago
Updated documentation and links
5 years ago
Create methods to retrieve all client scopes, a single client scope, and to add a mapper to a client scope
6 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Create methods to retrieve all client scopes, a single client scope, and to add a mapper to a client scope
6 years ago
Updated documentation and links
5 years ago
Create methods to retrieve all client scopes, a single client scope, and to add a mapper to a client scope
6 years ago
Updated documentation and links
5 years ago
Create methods to retrieve all client scopes, a single client scope, and to add a mapper to a client scope
6 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Create methods to retrieve all client scopes, a single client scope, and to add a mapper to a client scope
6 years ago
Added create_client_scope
4 years ago
fixed for updated parameter on raise_error_from_response()
4 years ago
Added create_client_scope
4 years ago
- add function to update a client-scope
4 years ago
Create methods to retrieve all client scopes, a single client scope, and to add a mapper to a client scope
6 years ago
Updated documentation and links
5 years ago
Create methods to retrieve all client scopes, a single client scope, and to add a mapper to a client scope
6 years ago
Updated documentation and links
5 years ago
Create methods to retrieve all client scopes, a single client scope, and to add a mapper to a client scope
6 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Create add mapper to SP Client and delete mapper from scope methods
4 years ago
update mapper in client scope
4 years ago
Create add mapper to SP Client and delete mapper from scope methods
4 years ago
Create methods to retrieve all client scopes, a single client scope, and to add a mapper to a client scope
6 years ago
fixing issue #91 and be backwards compatible with older keycloak versions
5 years ago
Create 'get_client_secrets' method
6 years ago
Add generate_client_secrets
5 years ago
Create 'get_client_secrets' method
6 years ago
Updated documentation and links
5 years ago
Create 'get_client_secrets' method
6 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Add support to create a new Realm
6 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
feat: add components
5 years ago
fixes + add get_keys
5 years ago
feat: add components
5 years ago
Release version 0.22.0
4 years ago
feat: add components
5 years ago
fixes + add get_keys
5 years ago
feat: add components
5 years ago
fixes + add get_keys
5 years ago
feat: add components
5 years ago
Release version 0.22.0
4 years ago
feat: add components
5 years ago
fixes + add get_keys
5 years ago
feat: add components
5 years ago
Release version 0.22.0
4 years ago
feat: add components
5 years ago
fixes + add get_keys
5 years ago
Added get_events method for KeycloakAdmin Signed-off-by: Lilis Iskandar <lilis@veand.co>
4 years ago
feat: add KeycloakAdmin.set_events
3 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Fix KeycloakAdmin using wrong realm when authenticating with a service account Signed-off-by: Jacky Boen <jacky@veand.co>
3 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Fix KeycloakAdmin using wrong realm when authenticating with a service account Signed-off-by: Jacky Boen <jacky@veand.co>
3 years ago
Fixed merge with external branch.
5 years ago
Merge branch 'master' into auto-refresh-admin-token
5 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Fix KeycloakAdmin using wrong realm when authenticating with a service account Signed-off-by: Jacky Boen <jacky@veand.co>
3 years ago
- add function to update a client-scope
4 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Merge branch 'master' into auto-refresh-admin-token
5 years ago
- add function to update a client-scope
4 years ago
Merge branch 'master' into auto-refresh-admin-token
5 years ago
- add function to update a client-scope
4 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Merge branch 'master' into auto-refresh-admin-token
5 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Handle 'Token is not active' error in refresh_token If a token is acquired but not used before it times out, Keycloak will return a 400 response with the message 'Token is not active'. Change refresh_token to handle this error by getting a new token.
4 years ago
Update keycloak_admin.py automatically refresh stale token
5 years ago
Get sessions associated with the client.
4 years ago
Update keycloak_admin.py Fixed typo in params_path (leads to error)
4 years ago
Get sessions associated with the client.
4 years ago
add remove user realm role
3 years ago
fix json response
3 years ago
  1. # -*- coding: utf-8 -*-
  2. #
  3. # The MIT License (MIT)
  4. #
  5. # Copyright (C) 2017 Marcos Pereira <marcospereira.mpj@gmail.com>
  6. #
  7. # Permission is hereby granted, free of charge, to any person obtaining a copy of
  8. # this software and associated documentation files (the "Software"), to deal in
  9. # the Software without restriction, including without limitation the rights to
  10. # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
  11. # the Software, and to permit persons to whom the Software is furnished to do so,
  12. # subject to the following conditions:
  13. #
  14. # The above copyright notice and this permission notice shall be included in all
  15. # copies or substantial portions of the Software.
  16. #
  17. # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  18. # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
  19. # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
  20. # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
  21. # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
  22. # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  24. # Unless otherwise stated in the comments, "id", in e.g. user_id, refers to the
  25. # internal Keycloak server ID, usually a uuid string
  27. import json
  28. from builtins import isinstance
  29. from typing import Iterable
  31. from .connection import ConnectionManager
  32. from .exceptions import raise_error_from_response, KeycloakGetError
  33. from .keycloak_openid import KeycloakOpenID
  34. from .urls_patterns import URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENT_AUTHZ_RESOURCES, URL_ADMIN_CLIENT_ROLES, \
  35. URL_ADMIN_GET_SESSIONS, URL_ADMIN_RESET_PASSWORD, URL_ADMIN_SEND_UPDATE_ACCOUNT, URL_ADMIN_GROUPS_REALM_ROLES, \
  36. URL_ADMIN_REALM_ROLES_COMPOSITE_REALM_ROLE, URL_ADMIN_CLIENT_INSTALLATION_PROVIDER, \
  37. URL_ADMIN_REALM_ROLES_ROLE_BY_NAME, URL_ADMIN_GROUPS_CLIENT_ROLES, \
  38. URL_ADMIN_USER_CLIENT_ROLES_COMPOSITE, URL_ADMIN_USER_GROUP, URL_ADMIN_REALM_ROLES, URL_ADMIN_GROUP_CHILD, \
  39. URL_ADMIN_USER_CONSENTS, URL_ADMIN_SEND_VERIFY_EMAIL, URL_ADMIN_CLIENT, URL_ADMIN_USER, URL_ADMIN_CLIENT_ROLE, \
  40. URL_ADMIN_USER_GROUPS, URL_ADMIN_CLIENTS, URL_ADMIN_FLOWS_EXECUTIONS, URL_ADMIN_GROUPS, URL_ADMIN_USER_CLIENT_ROLES, \
  41. URL_ADMIN_REALMS, URL_ADMIN_USERS_COUNT, URL_ADMIN_FLOWS, URL_ADMIN_GROUP, URL_ADMIN_CLIENT_AUTHZ_SETTINGS, \
  42. URL_ADMIN_GROUP_MEMBERS, URL_ADMIN_USER_STORAGE, URL_ADMIN_GROUP_PERMISSIONS, URL_ADMIN_IDPS, URL_ADMIN_IDP, \
  43. URL_ADMIN_IDP_MAPPERS, URL_ADMIN_USER_CLIENT_ROLES_AVAILABLE, URL_ADMIN_USERS, URL_ADMIN_CLIENT_SCOPES, \
  44. URL_ADMIN_CLIENT_SCOPES_ADD_MAPPER, URL_ADMIN_CLIENT_SCOPE, URL_ADMIN_CLIENT_SECRETS, \
  45. URL_ADMIN_USER_REALM_ROLES, URL_ADMIN_REALM, URL_ADMIN_COMPONENTS, URL_ADMIN_COMPONENT, URL_ADMIN_KEYS, \
  46. URL_ADMIN_USER_FEDERATED_IDENTITY, URL_ADMIN_USER_FEDERATED_IDENTITIES, URL_ADMIN_CLIENT_ROLE_MEMBERS, \
  47. URL_ADMIN_REALM_ROLES_MEMBERS, URL_ADMIN_CLIENT_PROTOCOL_MAPPER, URL_ADMIN_CLIENT_SCOPES_MAPPERS, \
  48. URL_ADMIN_FLOWS_EXECUTIONS_EXEUCUTION, URL_ADMIN_FLOWS_EXECUTIONS_FLOW, URL_ADMIN_FLOWS_COPY, \
  49. URL_ADMIN_FLOWS_ALIAS, URL_ADMIN_CLIENT_SERVICE_ACCOUNT_USER, URL_ADMIN_AUTHENTICATOR_CONFIG, \
  50. URL_ADMIN_CLIENT_ROLES_COMPOSITE_CLIENT_ROLE, URL_ADMIN_CLIENT_ALL_SESSIONS, URL_ADMIN_EVENTS, \
  51. URL_ADMIN_REALM_EXPORT, URL_ADMIN_DELETE_USER_ROLE, URL_ADMIN_USER_LOGOUT
  54. class KeycloakAdmin:
  56. PAGE_SIZE = 100
  58. _server_url = None
  59. _username = None
  60. _password = None
  61. _realm_name = None
  62. _client_id = None
  63. _verify = None
  64. _client_secret_key = None
  65. _auto_refresh_token = None
  66. _connection = None
  67. _token = None
  68. _custom_headers = None
  69. _user_realm_name = None
  71. def __init__(self, server_url, username=None, password=None, realm_name='master', client_id='admin-cli', verify=True,
  72. client_secret_key=None, custom_headers=None, user_realm_name=None, auto_refresh_token=None):
  73. """
  75. :param server_url: Keycloak server url
  76. :param username: admin username
  77. :param password: admin password
  78. :param realm_name: realm name
  79. :param client_id: client id
  80. :param verify: True if want check connection SSL
  81. :param client_secret_key: client secret key (optional, required only for access type confidential)
  82. :param custom_headers: dict of custom header to pass to each HTML request
  83. :param user_realm_name: The realm name of the user, if different from realm_name
  84. :param auto_refresh_token: list of methods that allows automatic token refresh. ex: ['get', 'put', 'post', 'delete']
  85. """
  86. self.server_url = server_url
  87. self.username = username
  88. self.password = password
  89. self.realm_name = realm_name
  90. self.client_id = client_id
  91. self.verify = verify
  92. self.client_secret_key = client_secret_key
  93. self.auto_refresh_token = auto_refresh_token or []
  94. self.user_realm_name = user_realm_name
  95. self.custom_headers = custom_headers
  97. # Get token Admin
  98. self.get_token()
  100. @property
  101. def server_url(self):
  102. return self._server_url
  104. @server_url.setter
  105. def server_url(self, value):
  106. self._server_url = value
  108. @property
  109. def realm_name(self):
  110. return self._realm_name
  112. @realm_name.setter
  113. def realm_name(self, value):
  114. self._realm_name = value
  116. @property
  117. def connection(self):
  118. return self._connection
  120. @connection.setter
  121. def connection(self, value):
  122. self._connection = value
  124. @property
  125. def client_id(self):
  126. return self._client_id
  128. @client_id.setter
  129. def client_id(self, value):
  130. self._client_id = value
  132. @property
  133. def client_secret_key(self):
  134. return self._client_secret_key
  136. @client_secret_key.setter
  137. def client_secret_key(self, value):
  138. self._client_secret_key = value
  140. @property
  141. def verify(self):
  142. return self._verify
  144. @verify.setter
  145. def verify(self, value):
  146. self._verify = value
  148. @property
  149. def username(self):
  150. return self._username
  152. @username.setter
  153. def username(self, value):
  154. self._username = value
  156. @property
  157. def password(self):
  158. return self._password
  160. @password.setter
  161. def password(self, value):
  162. self._password = value
  164. @property
  165. def token(self):
  166. return self._token
  168. @token.setter
  169. def token(self, value):
  170. self._token = value
  172. @property
  173. def auto_refresh_token(self):
  174. return self._auto_refresh_token
  176. @property
  177. def user_realm_name(self):
  178. return self._user_realm_name
  180. @user_realm_name.setter
  181. def user_realm_name(self, value):
  182. self._user_realm_name = value
  184. @property
  185. def custom_headers(self):
  186. return self._custom_headers
  188. @custom_headers.setter
  189. def custom_headers(self, value):
  190. self._custom_headers = value
  192. @auto_refresh_token.setter
  193. def auto_refresh_token(self, value):
  194. allowed_methods = {'get', 'post', 'put', 'delete'}
  195. if not isinstance(value, Iterable):
  196. raise TypeError('Expected a list of strings among {allowed}'.format(allowed=allowed_methods))
  197. if not all(method in allowed_methods for method in value):
  198. raise TypeError('Unexpected method in auto_refresh_token, accepted methods are {allowed}'.format(allowed=allowed_methods))
  200. self._auto_refresh_token = value
  202. def __fetch_all(self, url, query=None):
  203. '''Wrapper function to paginate GET requests
  205. :param url: The url on which the query is executed
  206. :param query: Existing query parameters (optional)
  208. :return: Combined results of paginated queries
  209. '''
  210. results = []
  212. # initalize query if it was called with None
  213. if not query:
  214. query = {}
  215. page = 0
  216. query['max'] = self.PAGE_SIZE
  218. # fetch until we can
  219. while True:
  220. query['first'] = page*self.PAGE_SIZE
  221. partial_results = raise_error_from_response(
  222. self.raw_get(url, **query),
  223. KeycloakGetError)
  224. if not partial_results:
  225. break
  226. results.extend(partial_results)
  227. if len(partial_results) < query['max']:
  228. break
  229. page += 1
  230. return results
  232. def import_realm(self, payload):
  233. """
  234. Import a new realm from a RealmRepresentation. Realm name must be unique.
  236. RealmRepresentation
  237. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_realmrepresentation
  239. :param payload: RealmRepresentation
  241. :return: RealmRepresentation
  242. """
  244. data_raw = self.raw_post(URL_ADMIN_REALMS,
  245. data=json.dumps(payload))
  246. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[201])
  248. def export_realm(self, export_clients=False, export_groups_and_role=False):
  249. """
  250. Export the realm configurations in the json format
  252. RealmRepresentation
  253. https://www.keycloak.org/docs-api/5.0/rest-api/index.html#_partialexport
  255. :param export-clients: Skip if not want to export realm clients
  256. :param export-groups-and-roles: Skip if not want to export realm groups and roles
  258. :return: realm configurations JSON
  259. """
  260. params_path = {"realm-name": self.realm_name, "export-clients": export_clients, "export-groups-and-roles": export_groups_and_role }
  261. data_raw = self.raw_post(URL_ADMIN_REALM_EXPORT.format(**params_path), data="")
  262. return raise_error_from_response(data_raw, KeycloakGetError)
  264. def get_realms(self):
  265. """
  266. Lists all realms in Keycloak deployment
  268. :return: realms list
  269. """
  270. data_raw = self.raw_get(URL_ADMIN_REALMS)
  271. return raise_error_from_response(data_raw, KeycloakGetError)
  273. def create_realm(self, payload, skip_exists=False):
  274. """
  275. Create a realm
  277. RealmRepresentation:
  278. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_realmrepresentation
  280. :param payload: RealmRepresentation
  281. :param skip_exists: Skip if Realm already exist.
  282. :return: Keycloak server response (RealmRepresentation)
  283. """
  285. data_raw = self.raw_post(URL_ADMIN_REALMS,
  286. data=json.dumps(payload))
  287. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[201], skip_exists=skip_exists)
  289. def update_realm(self, realm_name, payload):
  290. """
  291. Update a realm. This wil only update top level attributes and will ignore any user,
  292. role, or client information in the payload.
  294. RealmRepresentation:
  295. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_realmrepresentation
  297. :param realm_name: Realm name (not the realm id)
  298. :param payload: RealmRepresentation
  299. :return: Http response
  300. """
  302. params_path = {"realm-name": realm_name}
  303. data_raw = self.raw_put(URL_ADMIN_REALM.format(**params_path),
  304. data=json.dumps(payload))
  305. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  307. def delete_realm(self, realm_name):
  308. """
  309. Delete a realm
  311. :param realm_name: Realm name (not the realm id)
  312. :return: Http response
  313. """
  315. params_path = {"realm-name": realm_name}
  316. data_raw = self.raw_delete(URL_ADMIN_REALM.format(**params_path))
  317. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  319. def get_users(self, query=None):
  320. """
  321. Return a list of users, filtered according to query parameters
  323. UserRepresentation
  324. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_userrepresentation
  326. :param query: Query parameters (optional)
  327. :return: users list
  328. """
  329. params_path = {"realm-name": self.realm_name}
  330. return self.__fetch_all(URL_ADMIN_USERS.format(**params_path), query)
  332. def create_idp(self, payload):
  333. """
  334. Create an ID Provider,
  336. IdentityProviderRepresentation
  337. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_identityproviderrepresentation
  339. :param: payload: IdentityProviderRepresentation
  340. """
  341. params_path = {"realm-name": self.realm_name}
  342. data_raw = self.raw_post(URL_ADMIN_IDPS.format(**params_path),
  343. data=json.dumps(payload))
  344. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[201])
  346. def add_mapper_to_idp(self, idp_alias, payload):
  347. """
  348. Create an ID Provider,
  350. IdentityProviderRepresentation
  351. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_identityprovidermapperrepresentation
  353. :param: idp_alias: alias for Idp to add mapper in
  354. :param: payload: IdentityProviderMapperRepresentation
  355. """
  356. params_path = {"realm-name": self.realm_name, "idp-alias": idp_alias}
  357. data_raw = self.raw_post(URL_ADMIN_IDP_MAPPERS.format(**params_path),
  358. data=json.dumps(payload))
  359. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[201])
  361. def get_idps(self):
  362. """
  363. Returns a list of ID Providers,
  365. IdentityProviderRepresentation
  366. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_identityproviderrepresentation
  368. :return: array IdentityProviderRepresentation
  369. """
  370. params_path = {"realm-name": self.realm_name}
  371. data_raw = self.raw_get(URL_ADMIN_IDPS.format(**params_path))
  372. return raise_error_from_response(data_raw, KeycloakGetError)
  374. def delete_idp(self, idp_alias):
  375. """
  376. Deletes ID Provider,
  378. :param: idp_alias: idp alias name
  379. """
  380. params_path = {"realm-name": self.realm_name, "alias": idp_alias}
  381. data_raw = self.raw_delete(URL_ADMIN_IDP.format(**params_path))
  382. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  384. def create_user(self, payload, exist_ok=True):
  385. """
  386. Create a new user. Username must be unique
  388. UserRepresentation
  389. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_userrepresentation
  391. :param payload: UserRepresentation
  392. :param exist_ok: If False, raise KeycloakGetError if username already exists. Otherwise, return existing user ID.
  394. :return: UserRepresentation
  395. """
  396. params_path = {"realm-name": self.realm_name}
  398. if exist_ok:
  399. exists = self.get_user_id(username=payload['username'])
  401. if exists is not None:
  402. return str(exists)
  404. data_raw = self.raw_post(URL_ADMIN_USERS.format(**params_path),
  405. data=json.dumps(payload))
  406. raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[201])
  407. _last_slash_idx = data_raw.headers['Location'].rindex('/')
  408. return data_raw.headers['Location'][_last_slash_idx + 1:]
  410. def users_count(self):
  411. """
  412. User counter
  414. :return: counter
  415. """
  416. params_path = {"realm-name": self.realm_name}
  417. data_raw = self.raw_get(URL_ADMIN_USERS_COUNT.format(**params_path))
  418. return raise_error_from_response(data_raw, KeycloakGetError)
  420. def get_user_id(self, username):
  421. """
  422. Get internal keycloak user id from username
  423. This is required for further actions against this user.
  425. UserRepresentation
  426. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_userrepresentation
  428. :param username: id in UserRepresentation
  430. :return: user_id
  431. """
  432. lower_user_name = username.lower()
  433. users = self.get_users(query={"search": lower_user_name})
  434. return next((user["id"] for user in users if user["username"] == lower_user_name), None)
  436. def get_user(self, user_id):
  437. """
  438. Get representation of the user
  440. :param user_id: User id
  442. UserRepresentation
  443. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_userrepresentation
  445. :return: UserRepresentation
  446. """
  447. params_path = {"realm-name": self.realm_name, "id": user_id}
  448. data_raw = self.raw_get(URL_ADMIN_USER.format(**params_path))
  449. return raise_error_from_response(data_raw, KeycloakGetError)
  451. def get_user_groups(self, user_id):
  452. """
  453. Returns a list of groups of which the user is a member
  455. :param user_id: User id
  457. :return: user groups list
  458. """
  459. params_path = {"realm-name": self.realm_name, "id": user_id}
  460. data_raw = self.raw_get(URL_ADMIN_USER_GROUPS.format(**params_path))
  461. return raise_error_from_response(data_raw, KeycloakGetError)
  463. def update_user(self, user_id, payload):
  464. """
  465. Update the user
  467. :param user_id: User id
  468. :param payload: UserRepresentation
  470. :return: Http response
  471. """
  472. params_path = {"realm-name": self.realm_name, "id": user_id}
  473. data_raw = self.raw_put(URL_ADMIN_USER.format(**params_path),
  474. data=json.dumps(payload))
  475. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  477. def delete_user(self, user_id):
  478. """
  479. Delete the user
  481. :param user_id: User id
  483. :return: Http response
  484. """
  485. params_path = {"realm-name": self.realm_name, "id": user_id}
  486. data_raw = self.raw_delete(URL_ADMIN_USER.format(**params_path))
  487. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  489. def set_user_password(self, user_id, password, temporary=True):
  490. """
  491. Set up a password for the user. If temporary is True, the user will have to reset
  492. the temporary password next time they log in.
  494. https://www.keycloak.org/docs-api/8.0/rest-api/#_users_resource
  495. https://www.keycloak.org/docs-api/8.0/rest-api/#_credentialrepresentation
  497. :param user_id: User id
  498. :param password: New password
  499. :param temporary: True if password is temporary
  501. :return:
  502. """
  503. payload = {"type": "password", "temporary": temporary, "value": password}
  504. params_path = {"realm-name": self.realm_name, "id": user_id}
  505. data_raw = self.raw_put(URL_ADMIN_RESET_PASSWORD.format(**params_path),
  506. data=json.dumps(payload))
  507. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  509. def logout(self, user_id):
  510. """
  511. Logs out user.
  513. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_logout
  515. :param user_id: User id
  516. :return:
  517. """
  518. params_path = {"realm-name": self.realm_name, "id": user_id}
  519. data_raw = self.raw_post(URL_ADMIN_USER_LOGOUT.format(**params_path), data="")
  520. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  522. def consents_user(self, user_id):
  523. """
  524. Get consents granted by the user
  526. :param user_id: User id
  528. :return: consents
  529. """
  530. params_path = {"realm-name": self.realm_name, "id": user_id}
  531. data_raw = self.raw_get(URL_ADMIN_USER_CONSENTS.format(**params_path))
  532. return raise_error_from_response(data_raw, KeycloakGetError)
  534. def get_user_social_logins(self, user_id):
  535. """
  536. Returns a list of federated identities/social logins of which the user has been associated with
  537. :param user_id: User id
  538. :return: federated identities list
  539. """
  540. params_path = {"realm-name": self.realm_name, "id": user_id}
  541. data_raw = self.raw_get(URL_ADMIN_USER_FEDERATED_IDENTITIES.format(**params_path))
  542. return raise_error_from_response(data_raw, KeycloakGetError)
  544. def add_user_social_login(self, user_id, provider_id, provider_userid, provider_username):
  546. """
  547. Add a federated identity / social login provider to the user
  548. :param user_id: User id
  549. :param provider_id: Social login provider id
  550. :param provider_userid: userid specified by the provider
  551. :param provider_username: username specified by the provider
  552. :return:
  553. """
  554. payload = {"identityProvider": provider_id, "userId": provider_userid, "userName": provider_username}
  555. params_path = {"realm-name": self.realm_name, "id": user_id, "provider": provider_id}
  556. data_raw = self.raw_post(URL_ADMIN_USER_FEDERATED_IDENTITY.format(**params_path), data=json.dumps(payload))
  558. def delete_user_social_login(self, user_id, provider_id):
  560. """
  561. Delete a federated identity / social login provider from the user
  562. :param user_id: User id
  563. :param provider_id: Social login provider id
  564. :return:
  565. """
  566. params_path = {"realm-name": self.realm_name, "id": user_id, "provider": provider_id}
  567. data_raw = self.raw_delete(URL_ADMIN_USER_FEDERATED_IDENTITY.format(**params_path))
  568. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  570. def send_update_account(self, user_id, payload, client_id=None, lifespan=None, redirect_uri=None):
  571. """
  572. Send an update account email to the user. An email contains a
  573. link the user can click to perform a set of required actions.
  575. :param user_id: User id
  576. :param payload: A list of actions for the user to complete
  577. :param client_id: Client id (optional)
  578. :param lifespan: Number of seconds after which the generated token expires (optional)
  579. :param redirect_uri: The redirect uri (optional)
  581. :return:
  582. """
  583. params_path = {"realm-name": self.realm_name, "id": user_id}
  584. params_query = {"client_id": client_id, "lifespan": lifespan, "redirect_uri": redirect_uri}
  585. data_raw = self.raw_put(URL_ADMIN_SEND_UPDATE_ACCOUNT.format(**params_path),
  586. data=json.dumps(payload), **params_query)
  587. return raise_error_from_response(data_raw, KeycloakGetError)
  589. def send_verify_email(self, user_id, client_id=None, redirect_uri=None):
  590. """
  591. Send a update account email to the user An email contains a
  592. link the user can click to perform a set of required actions.
  594. :param user_id: User id
  595. :param client_id: Client id (optional)
  596. :param redirect_uri: Redirect uri (optional)
  598. :return:
  599. """
  600. params_path = {"realm-name": self.realm_name, "id": user_id}
  601. params_query = {"client_id": client_id, "redirect_uri": redirect_uri}
  602. data_raw = self.raw_put(URL_ADMIN_SEND_VERIFY_EMAIL.format(**params_path),
  603. data={}, **params_query)
  604. return raise_error_from_response(data_raw, KeycloakGetError)
  606. def get_sessions(self, user_id):
  607. """
  608. Get sessions associated with the user
  610. :param user_id: id of user
  612. UserSessionRepresentation
  613. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_usersessionrepresentation
  615. :return: UserSessionRepresentation
  616. """
  617. params_path = {"realm-name": self.realm_name, "id": user_id}
  618. data_raw = self.raw_get(URL_ADMIN_GET_SESSIONS.format(**params_path))
  619. return raise_error_from_response(data_raw, KeycloakGetError)
  621. def get_server_info(self):
  622. """
  623. Get themes, social providers, auth providers, and event listeners available on this server
  625. ServerInfoRepresentation
  626. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_serverinforepresentation
  628. :return: ServerInfoRepresentation
  629. """
  630. data_raw = self.raw_get(URL_ADMIN_SERVER_INFO)
  631. return raise_error_from_response(data_raw, KeycloakGetError)
  633. def get_groups(self):
  634. """
  635. Returns a list of groups belonging to the realm
  637. GroupRepresentation
  638. https://www.keycloak.org/docs-api/8.0/rest-api/#_grouprepresentation
  640. :return: array GroupRepresentation
  641. """
  642. params_path = {"realm-name": self.realm_name}
  643. return self.__fetch_all(URL_ADMIN_GROUPS.format(**params_path))
  645. def get_group(self, group_id):
  646. """
  647. Get group by id. Returns full group details
  649. GroupRepresentation
  650. https://www.keycloak.org/docs-api/8.0/rest-api/#_grouprepresentation
  652. :param group_id: The group id
  653. :return: Keycloak server response (GroupRepresentation)
  654. """
  655. params_path = {"realm-name": self.realm_name, "id": group_id}
  656. data_raw = self.raw_get(URL_ADMIN_GROUP.format(**params_path))
  657. return raise_error_from_response(data_raw, KeycloakGetError)
  659. def get_subgroups(self, group, path):
  660. """
  661. Utility function to iterate through nested group structures
  663. GroupRepresentation
  664. https://www.keycloak.org/docs-api/8.0/rest-api/#_grouprepresentation
  666. :param name: group (GroupRepresentation)
  667. :param path: group path (string)
  669. :return: Keycloak server response (GroupRepresentation)
  670. """
  672. for subgroup in group["subGroups"]:
  673. if subgroup['path'] == path:
  674. return subgroup
  675. elif subgroup["subGroups"]:
  676. for subgroup in group["subGroups"]:
  677. result = self.get_subgroups(subgroup, path)
  678. if result:
  679. return result
  680. # went through the tree without hits
  681. return None
  683. def get_group_members(self, group_id, **query):
  684. """
  685. Get members by group id. Returns group members
  687. GroupRepresentation
  688. https://www.keycloak.org/docs-api/8.0/rest-api/#_userrepresentation
  690. :param group_id: The group id
  691. :param query: Additional query parameters (see https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_getmembers)
  692. :return: Keycloak server response (UserRepresentation)
  693. """
  694. params_path = {"realm-name": self.realm_name, "id": group_id}
  695. return self.__fetch_all(URL_ADMIN_GROUP_MEMBERS.format(**params_path), query)
  697. def get_group_by_path(self, path, search_in_subgroups=False):
  698. """
  699. Get group id based on name or path.
  700. A straight name or path match with a top-level group will return first.
  701. Subgroups are traversed, the first to match path (or name with path) is returned.
  703. GroupRepresentation
  704. https://www.keycloak.org/docs-api/8.0/rest-api/#_grouprepresentation
  706. :param path: group path
  707. :param search_in_subgroups: True if want search in the subgroups
  708. :return: Keycloak server response (GroupRepresentation)
  709. """
  711. groups = self.get_groups()
  713. # TODO: Review this code is necessary
  714. for group in groups:
  715. if group['path'] == path:
  716. return group
  717. elif search_in_subgroups and group["subGroups"]:
  718. for group in group["subGroups"]:
  719. if group['path'] == path:
  720. return group
  721. res = self.get_subgroups(group, path)
  722. if res != None:
  723. return res
  724. return None
  726. def create_group(self, payload, parent=None, skip_exists=False):
  727. """
  728. Creates a group in the Realm
  730. :param payload: GroupRepresentation
  731. :param parent: parent group's id. Required to create a sub-group.
  732. :param skip_exists: If true then do not raise an error if it already exists
  734. GroupRepresentation
  735. https://www.keycloak.org/docs-api/8.0/rest-api/#_grouprepresentation
  737. :return: Http response
  738. """
  740. if parent is None:
  741. params_path = {"realm-name": self.realm_name}
  742. data_raw = self.raw_post(URL_ADMIN_GROUPS.format(**params_path),
  743. data=json.dumps(payload))
  744. else:
  745. params_path = {"realm-name": self.realm_name, "id": parent, }
  746. data_raw = self.raw_post(URL_ADMIN_GROUP_CHILD.format(**params_path),
  747. data=json.dumps(payload))
  749. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[201], skip_exists=skip_exists)
  751. def update_group(self, group_id, payload):
  752. """
  753. Update group, ignores subgroups.
  755. :param group_id: id of group
  756. :param payload: GroupRepresentation with updated information.
  758. GroupRepresentation
  759. https://www.keycloak.org/docs-api/8.0/rest-api/#_grouprepresentation
  761. :return: Http response
  762. """
  764. params_path = {"realm-name": self.realm_name, "id": group_id}
  765. data_raw = self.raw_put(URL_ADMIN_GROUP.format(**params_path),
  766. data=json.dumps(payload))
  767. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  769. def group_set_permissions(self, group_id, enabled=True):
  770. """
  771. Enable/Disable permissions for a group. Cannot delete group if disabled
  773. :param group_id: id of group
  774. :param enabled: boolean
  775. :return: Keycloak server response
  776. """
  778. params_path = {"realm-name": self.realm_name, "id": group_id}
  779. data_raw = self.raw_put(URL_ADMIN_GROUP_PERMISSIONS.format(**params_path),
  780. data=json.dumps({"enabled": enabled}))
  781. return raise_error_from_response(data_raw, KeycloakGetError)
  783. def group_user_add(self, user_id, group_id):
  784. """
  785. Add user to group (user_id and group_id)
  787. :param user_id: id of user
  788. :param group_id: id of group to add to
  789. :return: Keycloak server response
  790. """
  792. params_path = {"realm-name": self.realm_name, "id": user_id, "group-id": group_id}
  793. data_raw = self.raw_put(URL_ADMIN_USER_GROUP.format(**params_path), data=None)
  794. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  796. def group_user_remove(self, user_id, group_id):
  797. """
  798. Remove user from group (user_id and group_id)
  800. :param user_id: id of user
  801. :param group_id: id of group to remove from
  802. :return: Keycloak server response
  803. """
  805. params_path = {"realm-name": self.realm_name, "id": user_id, "group-id": group_id}
  806. data_raw = self.raw_delete(URL_ADMIN_USER_GROUP.format(**params_path))
  807. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  809. def delete_group(self, group_id):
  810. """
  811. Deletes a group in the Realm
  813. :param group_id: id of group to delete
  814. :return: Keycloak server response
  815. """
  817. params_path = {"realm-name": self.realm_name, "id": group_id}
  818. data_raw = self.raw_delete(URL_ADMIN_GROUP.format(**params_path))
  819. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  821. def get_clients(self):
  822. """
  823. Returns a list of clients belonging to the realm
  825. ClientRepresentation
  826. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_clientrepresentation
  828. :return: Keycloak server response (ClientRepresentation)
  829. """
  831. params_path = {"realm-name": self.realm_name}
  832. data_raw = self.raw_get(URL_ADMIN_CLIENTS.format(**params_path))
  833. return raise_error_from_response(data_raw, KeycloakGetError)
  835. def get_client(self, client_id):
  836. """
  837. Get representation of the client
  839. ClientRepresentation
  840. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_clientrepresentation
  842. :param client_id: id of client (not client-id)
  843. :return: Keycloak server response (ClientRepresentation)
  844. """
  846. params_path = {"realm-name": self.realm_name, "id": client_id}
  847. data_raw = self.raw_get(URL_ADMIN_CLIENT.format(**params_path))
  848. return raise_error_from_response(data_raw, KeycloakGetError)
  850. def get_client_id(self, client_name):
  851. """
  852. Get internal keycloak client id from client-id.
  853. This is required for further actions against this client.
  855. :param client_name: name in ClientRepresentation
  856. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_clientrepresentation
  857. :return: client_id (uuid as string)
  858. """
  860. clients = self.get_clients()
  862. for client in clients:
  863. if client_name == client.get('name') or client_name == client.get('clientId'):
  864. return client["id"]
  866. return None
  868. def get_client_authz_settings(self, client_id):
  869. """
  870. Get authorization json from client.
  872. :param client_id: id in ClientRepresentation
  873. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_clientrepresentation
  874. :return: Keycloak server response
  875. """
  877. params_path = {"realm-name": self.realm_name, "id": client_id}
  878. data_raw = self.raw_get(URL_ADMIN_CLIENT_AUTHZ_SETTINGS.format(**params_path))
  879. return data_raw
  881. def get_client_authz_resources(self, client_id):
  882. """
  883. Get resources from client.
  885. :param client_id: id in ClientRepresentation
  886. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_clientrepresentation
  887. :return: Keycloak server response
  888. """
  890. params_path = {"realm-name": self.realm_name, "id": client_id}
  891. data_raw = self.raw_get(URL_ADMIN_CLIENT_AUTHZ_RESOURCES.format(**params_path))
  892. return data_raw
  894. def get_client_service_account_user(self, client_id):
  895. """
  896. Get service account user from client.
  898. :param client_id: id in ClientRepresentation
  899. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_clientrepresentation
  900. :return: UserRepresentation
  901. """
  903. params_path = {"realm-name": self.realm_name, "id": client_id}
  904. data_raw = self.raw_get(URL_ADMIN_CLIENT_SERVICE_ACCOUNT_USER.format(**params_path))
  905. return raise_error_from_response(data_raw, KeycloakGetError)
  907. def create_client(self, payload, skip_exists=False):
  908. """
  909. Create a client
  911. ClientRepresentation: https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_clientrepresentation
  913. :param skip_exists: If true then do not raise an error if client already exists
  914. :param payload: ClientRepresentation
  915. :return: Keycloak server response (UserRepresentation)
  916. """
  918. params_path = {"realm-name": self.realm_name}
  919. data_raw = self.raw_post(URL_ADMIN_CLIENTS.format(**params_path),
  920. data=json.dumps(payload))
  921. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[201], skip_exists=skip_exists)
  923. def update_client(self, client_id, payload):
  924. """
  925. Update a client
  927. :param client_id: Client id
  928. :param payload: ClientRepresentation
  930. :return: Http response
  931. """
  932. params_path = {"realm-name": self.realm_name, "id": client_id}
  933. data_raw = self.raw_put(URL_ADMIN_CLIENT.format(**params_path),
  934. data=json.dumps(payload))
  935. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  937. def delete_client(self, client_id):
  938. """
  939. Get representation of the client
  941. ClientRepresentation
  942. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_clientrepresentation
  944. :param client_id: keycloak client id (not oauth client-id)
  945. :return: Keycloak server response (ClientRepresentation)
  946. """
  948. params_path = {"realm-name": self.realm_name, "id": client_id}
  949. data_raw = self.raw_delete(URL_ADMIN_CLIENT.format(**params_path))
  950. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  952. def get_client_installation_provider(self, client_id, provider_id):
  953. """
  954. Get content for given installation provider
  956. Related documentation:
  957. https://www.keycloak.org/docs-api/5.0/rest-api/index.html#_clients_resource
  959. Possible provider_id list available in the ServerInfoRepresentation#clientInstallations
  960. https://www.keycloak.org/docs-api/5.0/rest-api/index.html#_serverinforepresentation
  962. :param client_id: Client id
  963. :param provider_id: provider id to specify response format
  964. """
  966. params_path = {"realm-name": self.realm_name, "id": client_id, "provider-id": provider_id}
  967. data_raw = self.raw_get(URL_ADMIN_CLIENT_INSTALLATION_PROVIDER.format(**params_path))
  968. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[200])
  970. def get_realm_roles(self):
  971. """
  972. Get all roles for the realm or client
  974. RoleRepresentation
  975. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_rolerepresentation
  977. :return: Keycloak server response (RoleRepresentation)
  978. """
  980. params_path = {"realm-name": self.realm_name}
  981. data_raw = self.raw_get(URL_ADMIN_REALM_ROLES.format(**params_path))
  982. return raise_error_from_response(data_raw, KeycloakGetError)
  984. def get_realm_role_members(self, role_name, **query):
  985. """
  986. Get role members of realm by role name.
  987. :param role_name: Name of the role.
  988. :param query: Additional Query parameters (see https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_roles_resource)
  989. :return: Keycloak Server Response (UserRepresentation)
  990. """
  991. params_path = {"realm-name": self.realm_name, "role-name":role_name}
  992. return self.__fetch_all(URL_ADMIN_REALM_ROLES_MEMBERS.format(**params_path), query)
  994. def get_client_roles(self, client_id):
  995. """
  996. Get all roles for the client
  998. :param client_id: id of client (not client-id)
  1000. RoleRepresentation
  1001. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_rolerepresentation
  1003. :return: Keycloak server response (RoleRepresentation)
  1004. """
  1006. params_path = {"realm-name": self.realm_name, "id": client_id}
  1007. data_raw = self.raw_get(URL_ADMIN_CLIENT_ROLES.format(**params_path))
  1008. return raise_error_from_response(data_raw, KeycloakGetError)
  1010. def get_client_role(self, client_id, role_name):
  1011. """
  1012. Get client role id by name
  1013. This is required for further actions with this role.
  1015. :param client_id: id of client (not client-id)
  1016. :param role_name: roles name (not id!)
  1018. RoleRepresentation
  1019. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_rolerepresentation
  1021. :return: role_id
  1022. """
  1023. params_path = {"realm-name": self.realm_name, "id": client_id, "role-name": role_name}
  1024. data_raw = self.raw_get(URL_ADMIN_CLIENT_ROLE.format(**params_path))
  1025. return raise_error_from_response(data_raw, KeycloakGetError)
  1027. def get_client_role_id(self, client_id, role_name):
  1028. """
  1029. Warning: Deprecated
  1031. Get client role id by name
  1032. This is required for further actions with this role.
  1034. :param client_id: id of client (not client-id)
  1035. :param role_name: roles name (not id!)
  1037. RoleRepresentation
  1038. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_rolerepresentation
  1040. :return: role_id
  1041. """
  1042. role = self.get_client_role(client_id, role_name)
  1043. return role.get("id")
  1045. def create_client_role(self, client_role_id, payload, skip_exists=False):
  1046. """
  1047. Create a client role
  1049. RoleRepresentation
  1050. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_rolerepresentation
  1052. :param client_role_id: id of client (not client-id)
  1053. :param payload: RoleRepresentation
  1054. :param skip_exists: If true then do not raise an error if client role already exists
  1055. :return: Keycloak server response (RoleRepresentation)
  1056. """
  1058. params_path = {"realm-name": self.realm_name, "id": client_role_id}
  1059. data_raw = self.raw_post(URL_ADMIN_CLIENT_ROLES.format(**params_path),
  1060. data=json.dumps(payload))
  1061. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[201], skip_exists=skip_exists)
  1063. def add_composite_client_roles_to_role(self, client_role_id, role_name, roles):
  1064. """
  1065. Add composite roles to client role
  1067. :param client_role_id: id of client (not client-id)
  1068. :param role_name: The name of the role
  1069. :param roles: roles list or role (use RoleRepresentation) to be updated
  1070. :return Keycloak server response
  1071. """
  1073. payload = roles if isinstance(roles, list) else [roles]
  1074. params_path = {"realm-name": self.realm_name, "id": client_role_id, "role-name": role_name}
  1075. data_raw = self.raw_post(URL_ADMIN_CLIENT_ROLES_COMPOSITE_CLIENT_ROLE.format(**params_path),
  1076. data=json.dumps(payload))
  1077. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  1079. def delete_client_role(self, client_role_id, role_name):
  1080. """
  1081. Delete a client role
  1083. RoleRepresentation
  1084. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_rolerepresentation
  1086. :param client_role_id: id of client (not client-id)
  1087. :param role_name: roles name (not id!)
  1088. """
  1089. params_path = {"realm-name": self.realm_name, "id": client_role_id, "role-name": role_name}
  1090. data_raw = self.raw_delete(URL_ADMIN_CLIENT_ROLE.format(**params_path))
  1091. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  1093. def assign_client_role(self, user_id, client_id, roles):
  1094. """
  1095. Assign a client role to a user
  1097. :param user_id: id of user
  1098. :param client_id: id of client (not client-id)
  1099. :param roles: roles list or role (use RoleRepresentation)
  1100. :return Keycloak server response
  1101. """
  1103. payload = roles if isinstance(roles, list) else [roles]
  1104. params_path = {"realm-name": self.realm_name, "id": user_id, "client-id": client_id}
  1105. data_raw = self.raw_post(URL_ADMIN_USER_CLIENT_ROLES.format(**params_path),
  1106. data=json.dumps(payload))
  1107. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  1109. def get_client_role_members(self, client_id, role_name, **query):
  1110. """
  1111. Get members by client role .
  1112. :param client_id: The client id
  1113. :param role_name: the name of role to be queried.
  1114. :param query: Additional query parameters ( see https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_clients_resource)
  1115. :return: Keycloak server response (UserRepresentation)
  1116. """
  1117. params_path = {"realm-name": self.realm_name, "id":client_id, "role-name":role_name}
  1118. return self.__fetch_all(URL_ADMIN_CLIENT_ROLE_MEMBERS.format(**params_path) , query)
  1121. def create_realm_role(self, payload, skip_exists=False):
  1122. """
  1123. Create a new role for the realm or client
  1125. :param payload: The role (use RoleRepresentation)
  1126. :param skip_exists: If true then do not raise an error if realm role already exists
  1127. :return Keycloak server response
  1128. """
  1130. params_path = {"realm-name": self.realm_name}
  1131. data_raw = self.raw_post(URL_ADMIN_REALM_ROLES.format(**params_path),
  1132. data=json.dumps(payload))
  1133. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[201], skip_exists=skip_exists)
  1135. def get_realm_role(self, role_name):
  1136. """
  1137. Get realm role by role name
  1138. :param role_name: role's name, not id!
  1140. RoleRepresentation
  1141. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_rolerepresentation
  1142. :return: role_id
  1143. """
  1144. params_path = {"realm-name": self.realm_name, "role-name": role_name}
  1145. data_raw = self.raw_get(URL_ADMIN_REALM_ROLES_ROLE_BY_NAME.format(**params_path))
  1146. return raise_error_from_response(data_raw, KeycloakGetError)
  1148. def update_realm_role(self, role_name, payload):
  1149. """
  1150. Update a role for the realm by name
  1151. :param role_name: The name of the role to be updated
  1152. :param payload: The role (use RoleRepresentation)
  1153. :return Keycloak server response
  1154. """
  1156. params_path = {"realm-name": self.realm_name, "role-name": role_name}
  1157. data_raw = self.connection.raw_put(URL_ADMIN_REALM_ROLES_ROLE_BY_NAME.format(**params_path),
  1158. data=json.dumps(payload))
  1159. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  1161. def delete_realm_role(self, role_name):
  1162. """
  1163. Delete a role for the realm by name
  1164. :param payload: The role name {'role-name':'name-of-the-role'}
  1165. :return Keycloak server response
  1166. """
  1168. params_path = {"realm-name": self.realm_name, "role-name": role_name}
  1169. data_raw = self.connection.raw_delete(
  1170. URL_ADMIN_REALM_ROLES_ROLE_BY_NAME.format(**params_path))
  1171. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  1173. def add_composite_realm_roles_to_role(self, role_name, roles):
  1174. """
  1175. Add composite roles to the role
  1177. :param role_name: The name of the role
  1178. :param roles: roles list or role (use RoleRepresentation) to be updated
  1179. :return Keycloak server response
  1180. """
  1182. payload = roles if isinstance(roles, list) else [roles]
  1183. params_path = {"realm-name": self.realm_name, "role-name": role_name}
  1184. data_raw = self.raw_post(
  1185. URL_ADMIN_REALM_ROLES_COMPOSITE_REALM_ROLE.format(**params_path),
  1186. data=json.dumps(payload))
  1187. return raise_error_from_response(data_raw, KeycloakGetError,
  1188. expected_codes=[204])
  1190. def remove_composite_realm_roles_to_role(self, role_name, roles):
  1191. """
  1192. Remove composite roles from the role
  1194. :param role_name: The name of the role
  1195. :param roles: roles list or role (use RoleRepresentation) to be removed
  1196. :return Keycloak server response
  1197. """
  1199. payload = roles if isinstance(roles, list) else [roles]
  1200. params_path = {"realm-name": self.realm_name, "role-name": role_name}
  1201. data_raw = self.raw_delete(
  1202. URL_ADMIN_REALM_ROLES_COMPOSITE_REALM_ROLE.format(**params_path),
  1203. data=json.dumps(payload))
  1204. return raise_error_from_response(data_raw, KeycloakGetError,
  1205. expected_codes=[204])
  1207. def get_composite_realm_roles_of_role(self, role_name):
  1208. """
  1209. Get composite roles of the role
  1211. :param role_name: The name of the role
  1212. :return Keycloak server response (array RoleRepresentation)
  1213. """
  1215. params_path = {"realm-name": self.realm_name, "role-name": role_name}
  1216. data_raw = self.raw_get(
  1217. URL_ADMIN_REALM_ROLES_COMPOSITE_REALM_ROLE.format(**params_path))
  1218. return raise_error_from_response(data_raw, KeycloakGetError)
  1220. def assign_realm_roles(self, user_id, roles):
  1221. """
  1222. Assign realm roles to a user
  1224. :param user_id: id of user
  1225. :param client_id: id of client containing role (not client-id)
  1226. :param roles: roles list or role (use RoleRepresentation)
  1227. :return Keycloak server response
  1228. """
  1230. payload = roles if isinstance(roles, list) else [roles]
  1231. params_path = {"realm-name": self.realm_name, "id": user_id}
  1232. data_raw = self.raw_post(URL_ADMIN_USER_REALM_ROLES.format(**params_path),
  1233. data=json.dumps(payload))
  1234. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  1236. def get_realm_roles_of_user(self, user_id):
  1237. """
  1238. Get all realm roles for a user.
  1240. :param user_id: id of user
  1241. :return: Keycloak server response (array RoleRepresentation)
  1242. """
  1244. params_path = {"realm-name": self.realm_name, "id": user_id}
  1245. data_raw = self.raw_get(URL_ADMIN_USER_REALM_ROLES.format(**params_path))
  1246. return raise_error_from_response(data_raw, KeycloakGetError)
  1248. def assign_group_realm_roles(self, group_id, roles):
  1249. """
  1250. Assign realm roles to a group
  1252. :param group_id: id of groupp
  1253. :param roles: roles list or role (use GroupRoleRepresentation)
  1254. :return Keycloak server response
  1255. """
  1257. payload = roles if isinstance(roles, list) else [roles]
  1258. params_path = {"realm-name": self.realm_name, "id": group_id}
  1259. data_raw = self.raw_post(URL_ADMIN_GROUPS_REALM_ROLES.format(**params_path),
  1260. data=json.dumps(payload))
  1261. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  1263. def delete_group_realm_roles(self, group_id, roles):
  1264. """
  1265. Delete realm roles of a group
  1267. :param group_id: id of group
  1268. :param roles: roles list or role (use GroupRoleRepresentation)
  1269. :return Keycloak server response
  1270. """
  1272. payload = roles if isinstance(roles, list) else [roles]
  1273. params_path = {"realm-name": self.realm_name, "id": group_id}
  1274. data_raw = self.raw_delete(URL_ADMIN_GROUPS_REALM_ROLES.format(**params_path),
  1275. data=json.dumps(payload))
  1276. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  1278. def get_group_realm_roles(self, group_id):
  1279. """
  1280. Get all realm roles for a group.
  1282. :param user_id: id of the group
  1283. :return: Keycloak server response (array RoleRepresentation)
  1284. """
  1285. params_path = {"realm-name": self.realm_name, "id": group_id}
  1286. data_raw = self.raw_get(URL_ADMIN_GROUPS_REALM_ROLES.format(**params_path))
  1287. return raise_error_from_response(data_raw, KeycloakGetError)
  1289. def assign_group_client_roles(self, group_id, client_id, roles):
  1290. """
  1291. Assign client roles to a group
  1293. :param group_id: id of group
  1294. :param client_id: id of client (not client-id)
  1295. :param roles: roles list or role (use GroupRoleRepresentation)
  1296. :return Keycloak server response
  1297. """
  1299. payload = roles if isinstance(roles, list) else [roles]
  1300. params_path = {"realm-name": self.realm_name, "id": group_id, "client-id": client_id}
  1301. data_raw = self.raw_post(URL_ADMIN_GROUPS_CLIENT_ROLES.format(**params_path),
  1302. data=json.dumps(payload))
  1303. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  1305. def get_group_client_roles(self, group_id, client_id):
  1306. """
  1307. Get client roles of a group
  1309. :param group_id: id of group
  1310. :param client_id: id of client (not client-id)
  1311. :return Keycloak server response
  1312. """
  1314. params_path = {"realm-name": self.realm_name, "id": group_id, "client-id": client_id}
  1315. data_raw = self.raw_get(URL_ADMIN_GROUPS_CLIENT_ROLES.format(**params_path))
  1316. return raise_error_from_response(data_raw, KeycloakGetError)
  1318. def delete_group_client_roles(self, group_id, client_id, roles):
  1319. """
  1320. Delete client roles of a group
  1322. :param group_id: id of group
  1323. :param client_id: id of client (not client-id)
  1324. :param roles: roles list or role (use GroupRoleRepresentation)
  1325. :return Keycloak server response (array RoleRepresentation)
  1326. """
  1328. payload = roles if isinstance(roles, list) else [roles]
  1329. params_path = {"realm-name": self.realm_name, "id": group_id, "client-id": client_id}
  1330. data_raw = self.raw_delete(URL_ADMIN_GROUPS_CLIENT_ROLES.format(**params_path),
  1331. data=json.dumps(payload))
  1332. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  1334. def get_client_roles_of_user(self, user_id, client_id):
  1335. """
  1336. Get all client roles for a user.
  1338. :param user_id: id of user
  1339. :param client_id: id of client (not client-id)
  1340. :return: Keycloak server response (array RoleRepresentation)
  1341. """
  1342. return self._get_client_roles_of_user(URL_ADMIN_USER_CLIENT_ROLES, user_id, client_id)
  1344. def get_available_client_roles_of_user(self, user_id, client_id):
  1345. """
  1346. Get available client role-mappings for a user.
  1348. :param user_id: id of user
  1349. :param client_id: id of client (not client-id)
  1350. :return: Keycloak server response (array RoleRepresentation)
  1351. """
  1352. return self._get_client_roles_of_user(URL_ADMIN_USER_CLIENT_ROLES_AVAILABLE, user_id, client_id)
  1354. def get_composite_client_roles_of_user(self, user_id, client_id):
  1355. """
  1356. Get composite client role-mappings for a user.
  1358. :param user_id: id of user
  1359. :param client_id: id of client (not client-id)
  1360. :return: Keycloak server response (array RoleRepresentation)
  1361. """
  1362. return self._get_client_roles_of_user(URL_ADMIN_USER_CLIENT_ROLES_COMPOSITE, user_id, client_id)
  1364. def _get_client_roles_of_user(self, client_level_role_mapping_url, user_id, client_id):
  1365. params_path = {"realm-name": self.realm_name, "id": user_id, "client-id": client_id}
  1366. data_raw = self.raw_get(client_level_role_mapping_url.format(**params_path))
  1367. return raise_error_from_response(data_raw, KeycloakGetError)
  1369. def delete_client_roles_of_user(self, user_id, client_id, roles):
  1370. """
  1371. Delete client roles from a user.
  1373. :param user_id: id of user
  1374. :param client_id: id of client containing role (not client-id)
  1375. :param roles: roles list or role to delete (use RoleRepresentation)
  1376. :return: Keycloak server response
  1377. """
  1378. payload = roles if isinstance(roles, list) else [roles]
  1379. params_path = {"realm-name": self.realm_name, "id": user_id, "client-id": client_id}
  1380. data_raw = self.raw_delete(URL_ADMIN_USER_CLIENT_ROLES.format(**params_path),
  1381. data=json.dumps(payload))
  1382. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  1384. def get_authentication_flows(self):
  1385. """
  1386. Get authentication flows. Returns all flow details
  1388. AuthenticationFlowRepresentation
  1389. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_authenticationflowrepresentation
  1391. :return: Keycloak server response (AuthenticationFlowRepresentation)
  1392. """
  1393. params_path = {"realm-name": self.realm_name}
  1394. data_raw = self.raw_get(URL_ADMIN_FLOWS.format(**params_path))
  1395. return raise_error_from_response(data_raw, KeycloakGetError)
  1397. def get_authentication_flow_for_id(self, flow_id):
  1398. """
  1399. Get one authentication flow by it's id/alias. Returns all flow details
  1401. AuthenticationFlowRepresentation
  1402. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_authenticationflowrepresentation
  1404. :param flow_id: the id of a flow NOT it's alias
  1405. :return: Keycloak server response (AuthenticationFlowRepresentation)
  1406. """
  1407. params_path = {"realm-name": self.realm_name, "flow-id": flow_id}
  1408. data_raw = self.raw_get(URL_ADMIN_FLOWS_ALIAS.format(**params_path))
  1409. return raise_error_from_response(data_raw, KeycloakGetError)
  1411. def create_authentication_flow(self, payload, skip_exists=False):
  1412. """
  1413. Create a new authentication flow
  1415. AuthenticationFlowRepresentation
  1416. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_authenticationflowrepresentation
  1418. :param payload: AuthenticationFlowRepresentation
  1419. :param skip_exists: If true then do not raise an error if authentication flow already exists
  1420. :return: Keycloak server response (RoleRepresentation)
  1421. """
  1423. params_path = {"realm-name": self.realm_name}
  1424. data_raw = self.raw_post(URL_ADMIN_FLOWS.format(**params_path),
  1425. data=json.dumps(payload))
  1426. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[201], skip_exists=skip_exists)
  1428. def copy_authentication_flow(self, payload, flow_alias):
  1429. """
  1430. Copy existing authentication flow under a new name. The new name is given as 'newName' attribute of the passed payload.
  1432. :param payload: JSON containing 'newName' attribute
  1433. :param flow_alias: the flow alias
  1434. :return: Keycloak server response (RoleRepresentation)
  1435. """
  1437. params_path = {"realm-name": self.realm_name, "flow-alias": flow_alias}
  1438. data_raw = self.raw_post(URL_ADMIN_FLOWS_COPY.format(**params_path),
  1439. data=json.dumps(payload))
  1440. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[201])
  1442. def get_authentication_flow_executions(self, flow_alias):
  1443. """
  1444. Get authentication flow executions. Returns all execution steps
  1446. :param flow_alias: the flow alias
  1447. :return: Response(json)
  1448. """
  1449. params_path = {"realm-name": self.realm_name, "flow-alias": flow_alias}
  1450. data_raw = self.raw_get(URL_ADMIN_FLOWS_EXECUTIONS.format(**params_path))
  1451. return raise_error_from_response(data_raw, KeycloakGetError)
  1453. def update_authentication_flow_executions(self, payload, flow_alias):
  1454. """
  1455. Update an authentication flow execution
  1457. AuthenticationExecutionInfoRepresentation
  1458. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_authenticationexecutioninforepresentation
  1460. :param payload: AuthenticationExecutionInfoRepresentation
  1461. :param flow_alias: The flow alias
  1462. :return: Keycloak server response
  1463. """
  1465. params_path = {"realm-name": self.realm_name, "flow-alias": flow_alias}
  1466. data_raw = self.raw_put(URL_ADMIN_FLOWS_EXECUTIONS.format(**params_path),
  1467. data=json.dumps(payload))
  1468. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  1470. def create_authentication_flow_execution(self, payload, flow_alias):
  1471. """
  1472. Create an authentication flow execution
  1474. AuthenticationExecutionInfoRepresentation
  1475. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_authenticationexecutioninforepresentation
  1477. :param payload: AuthenticationExecutionInfoRepresentation
  1478. :param flow_alias: The flow alias
  1479. :return: Keycloak server response
  1480. """
  1482. params_path = {"realm-name": self.realm_name, "flow-alias": flow_alias}
  1483. data_raw = self.raw_post(URL_ADMIN_FLOWS_EXECUTIONS_EXEUCUTION.format(**params_path),
  1484. data=json.dumps(payload))
  1485. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[201])
  1487. def create_authentication_flow_subflow(self, payload, flow_alias, skip_exists=False):
  1488. """
  1489. Create a new sub authentication flow for a given authentication flow
  1491. AuthenticationFlowRepresentation
  1492. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_authenticationflowrepresentation
  1494. :param payload: AuthenticationFlowRepresentation
  1495. :param flow_alias: The flow alias
  1496. :param skip_exists: If true then do not raise an error if authentication flow already exists
  1497. :return: Keycloak server response (RoleRepresentation)
  1498. """
  1500. params_path = {"realm-name": self.realm_name, "flow-alias": flow_alias}
  1501. data_raw = self.raw_post(URL_ADMIN_FLOWS_EXECUTIONS_FLOW.format(**params_path),
  1502. data=json.dumps(payload))
  1503. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[201], skip_exists=skip_exists)
  1505. def get_authenticator_config(self, config_id):
  1506. """
  1507. Get authenticator configuration. Returns all configuration details.
  1509. :param config_id: Authenticator config id
  1510. :return: Response(json)
  1511. """
  1512. params_path = {"realm-name": self.realm_name, "id": config_id}
  1513. data_raw = self.raw_get(URL_ADMIN_AUTHENTICATOR_CONFIG.format(**params_path))
  1514. return raise_error_from_response(data_raw, KeycloakGetError)
  1516. def update_authenticator_config(self, payload, config_id):
  1517. """
  1518. Update an authenticator configuration.
  1520. AuthenticatorConfigRepresentation
  1521. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_authenticatorconfigrepresentation
  1523. :param payload: AuthenticatorConfigRepresentation
  1524. :param config_id: Authenticator config id
  1525. :return: Response(json)
  1526. """
  1527. params_path = {"realm-name": self.realm_name, "id": config_id}
  1528. data_raw = self.raw_put(URL_ADMIN_AUTHENTICATOR_CONFIG.format(**params_path),
  1529. data=json.dumps(payload))
  1530. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  1532. def delete_authenticator_config(self, config_id):
  1533. """
  1534. Delete a authenticator configuration.
  1535. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_authentication_management_resource
  1537. :param config_id: Authenticator config id
  1538. :return: Keycloak server Response
  1539. """
  1541. params_path = {"realm-name": self.realm_name, "id": config_id}
  1542. data_raw = self.raw_delete(URL_ADMIN_AUTHENTICATOR_CONFIG.format(**params_path))
  1544. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  1546. def sync_users(self, storage_id, action):
  1547. """
  1548. Function to trigger user sync from provider
  1550. :param storage_id: The id of the user storage provider
  1551. :param action: Action can be "triggerFullSync" or "triggerChangedUsersSync"
  1552. :return:
  1553. """
  1554. data = {'action': action}
  1555. params_query = {"action": action}
  1557. params_path = {"realm-name": self.realm_name, "id": storage_id}
  1558. data_raw = self.raw_post(URL_ADMIN_USER_STORAGE.format(**params_path),
  1559. data=json.dumps(data), **params_query)
  1560. return raise_error_from_response(data_raw, KeycloakGetError)
  1562. def get_client_scopes(self):
  1563. """
  1564. Get representation of the client scopes for the realm where we are connected to
  1565. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_getclientscopes
  1567. :return: Keycloak server response Array of (ClientScopeRepresentation)
  1568. """
  1570. params_path = {"realm-name": self.realm_name}
  1571. data_raw = self.raw_get(URL_ADMIN_CLIENT_SCOPES.format(**params_path))
  1572. return raise_error_from_response(data_raw, KeycloakGetError)
  1574. def get_client_scope(self, client_scope_id):
  1575. """
  1576. Get representation of the client scopes for the realm where we are connected to
  1577. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_getclientscopes
  1579. :param client_scope_id: The id of the client scope
  1580. :return: Keycloak server response (ClientScopeRepresentation)
  1581. """
  1583. params_path = {"realm-name": self.realm_name, "scope-id": client_scope_id}
  1584. data_raw = self.raw_get(URL_ADMIN_CLIENT_SCOPE.format(**params_path))
  1585. return raise_error_from_response(data_raw, KeycloakGetError)
  1587. def create_client_scope(self, payload, skip_exists=False):
  1588. """
  1589. Create a client scope
  1591. ClientScopeRepresentation: https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_getclientscopes
  1593. :param payload: ClientScopeRepresentation
  1594. :param skip_exists: If true then do not raise an error if client scope already exists
  1595. :return: Keycloak server response (ClientScopeRepresentation)
  1596. """
  1598. params_path = {"realm-name": self.realm_name}
  1599. data_raw = self.raw_post(URL_ADMIN_CLIENT_SCOPES.format(**params_path),
  1600. data=json.dumps(payload))
  1601. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[201], skip_exists=skip_exists)
  1603. def update_client_scope(self, client_scope_id, payload):
  1604. """
  1605. Update a client scope
  1607. ClientScopeRepresentation: https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_client_scopes_resource
  1609. :param client_scope_id: The id of the client scope
  1610. :param payload: ClientScopeRepresentation
  1611. :return: Keycloak server response (ClientScopeRepresentation)
  1612. """
  1614. params_path = {"realm-name": self.realm_name, "scope-id": client_scope_id}
  1615. data_raw = self.raw_put(URL_ADMIN_CLIENT_SCOPE.format(**params_path),
  1616. data=json.dumps(payload))
  1617. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  1619. def add_mapper_to_client_scope(self, client_scope_id, payload):
  1620. """
  1621. Add a mapper to a client scope
  1622. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_create_mapper
  1624. :param client_scope_id: The id of the client scope
  1625. :param payload: ProtocolMapperRepresentation
  1626. :return: Keycloak server Response
  1627. """
  1629. params_path = {"realm-name": self.realm_name, "scope-id": client_scope_id}
  1631. data_raw = self.raw_post(
  1632. URL_ADMIN_CLIENT_SCOPES_ADD_MAPPER.format(**params_path), data=json.dumps(payload))
  1634. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[201])
  1636. def delete_mapper_from_client_scope(self, client_scope_id, protocol_mppaer_id):
  1637. """
  1638. Delete a mapper from a client scope
  1639. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_delete_mapper
  1641. :param client_scope_id: The id of the client scope
  1642. :param payload: ProtocolMapperRepresentation
  1643. :return: Keycloak server Response
  1644. """
  1646. params_path = {"realm-name": self.realm_name, "scope-id": client_scope_id,
  1647. "protocol-mapper-id": protocol_mppaer_id}
  1649. data_raw = self.raw_delete(
  1650. URL_ADMIN_CLIENT_SCOPES_MAPPERS.format(**params_path))
  1652. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  1654. def update_mapper_in_client_scope(self, client_scope_id, protocol_mapper_id, payload):
  1655. """
  1656. Update an existing protocol mapper in a client scope
  1657. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_protocol_mappers_resource
  1659. :param client_scope_id: The id of the client scope
  1660. :param protocol_mapper_id: The id of the protocol mapper which exists in the client scope
  1661. and should to be updated
  1662. :param payload: ProtocolMapperRepresentation
  1663. :return: Keycloak server Response
  1664. """
  1666. params_path = {"realm-name": self.realm_name, "scope-id": client_scope_id,
  1667. "protocol-mapper-id": protocol_mapper_id}
  1669. data_raw = self.raw_put(
  1670. URL_ADMIN_CLIENT_SCOPES_MAPPERS.format(**params_path), data=json.dumps(payload))
  1672. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  1674. def add_mapper_to_client(self, client_id, payload):
  1675. """
  1676. Add a mapper to a client
  1677. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_create_mapper
  1679. :param client_id: The id of the client
  1680. :param payload: ProtocolMapperRepresentation
  1681. :return: Keycloak server Response
  1682. """
  1684. params_path = {"realm-name": self.realm_name, "id": client_id}
  1686. data_raw = self.raw_post(
  1687. URL_ADMIN_CLIENT_PROTOCOL_MAPPER.format(**params_path), data=json.dumps(payload))
  1689. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[201])
  1691. def generate_client_secrets(self, client_id):
  1692. """
  1694. Generate a new secret for the client
  1695. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_regeneratesecret
  1697. :param client_id: id of client (not client-id)
  1698. :return: Keycloak server response (ClientRepresentation)
  1699. """
  1701. params_path = {"realm-name": self.realm_name, "id": client_id}
  1702. data_raw = self.raw_post(URL_ADMIN_CLIENT_SECRETS.format(**params_path), data=None)
  1703. return raise_error_from_response(data_raw, KeycloakGetError)
  1705. def get_client_secrets(self, client_id):
  1706. """
  1708. Get representation of the client secrets
  1709. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_getclientsecret
  1711. :param client_id: id of client (not client-id)
  1712. :return: Keycloak server response (ClientRepresentation)
  1713. """
  1715. params_path = {"realm-name": self.realm_name, "id": client_id}
  1716. data_raw = self.raw_get(URL_ADMIN_CLIENT_SECRETS.format(**params_path))
  1717. return raise_error_from_response(data_raw, KeycloakGetError)
  1719. def get_components(self, query=None):
  1720. """
  1721. Return a list of components, filtered according to query parameters
  1723. ComponentRepresentation
  1724. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_componentrepresentation
  1726. :param query: Query parameters (optional)
  1727. :return: components list
  1728. """
  1729. params_path = {"realm-name": self.realm_name}
  1730. data_raw = self.raw_get(URL_ADMIN_COMPONENTS.format(**params_path),
  1731. data=None, **query)
  1732. return raise_error_from_response(data_raw, KeycloakGetError)
  1734. def create_component(self, payload):
  1735. """
  1736. Create a new component.
  1738. ComponentRepresentation
  1739. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_componentrepresentation
  1741. :param payload: ComponentRepresentation
  1743. :return: UserRepresentation
  1744. """
  1745. params_path = {"realm-name": self.realm_name}
  1747. data_raw = self.raw_post(URL_ADMIN_COMPONENTS.format(**params_path),
  1748. data=json.dumps(payload))
  1749. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[201])
  1751. def get_component(self, component_id):
  1752. """
  1753. Get representation of the component
  1755. :param component_id: Component id
  1757. ComponentRepresentation
  1758. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_componentrepresentation
  1760. :return: ComponentRepresentation
  1761. """
  1762. params_path = {"realm-name": self.realm_name, "component-id": component_id}
  1763. data_raw = self.raw_get(URL_ADMIN_COMPONENT.format(**params_path))
  1764. return raise_error_from_response(data_raw, KeycloakGetError)
  1766. def update_component(self, component_id, payload):
  1767. """
  1768. Update the component
  1770. :param component_id: Component id
  1771. :param payload: ComponentRepresentation
  1772. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_componentrepresentation
  1774. :return: Http response
  1775. """
  1776. params_path = {"realm-name": self.realm_name, "component-id": component_id}
  1777. data_raw = self.raw_put(URL_ADMIN_COMPONENT.format(**params_path),
  1778. data=json.dumps(payload))
  1779. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  1781. def delete_component(self, component_id):
  1782. """
  1783. Delete the component
  1785. :param component_id: Component id
  1787. :return: Http response
  1788. """
  1789. params_path = {"realm-name": self.realm_name, "component-id": component_id}
  1790. data_raw = self.raw_delete(URL_ADMIN_COMPONENT.format(**params_path))
  1791. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  1793. def get_keys(self):
  1794. """
  1795. Return a list of keys, filtered according to query parameters
  1797. KeysMetadataRepresentation
  1798. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_key_resource
  1800. :return: keys list
  1801. """
  1802. params_path = {"realm-name": self.realm_name}
  1803. data_raw = self.raw_get(URL_ADMIN_KEYS.format(**params_path),
  1804. data=None)
  1805. return raise_error_from_response(data_raw, KeycloakGetError)
  1807. def get_events(self, query=None):
  1808. """
  1809. Return a list of events, filtered according to query parameters
  1811. EventRepresentation array
  1812. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_eventrepresentation
  1814. :return: events list
  1815. """
  1816. params_path = {"realm-name": self.realm_name}
  1817. data_raw = self.raw_get(URL_ADMIN_EVENTS.format(**params_path),
  1818. data=None, **query)
  1819. return raise_error_from_response(data_raw, KeycloakGetError)
  1821. def set_events(self, payload):
  1822. """
  1823. Set realm events configuration
  1825. RealmEventsConfigRepresentation
  1826. https://www.keycloak.org/docs-api/8.0/rest-api/index.html#_realmeventsconfigrepresentation
  1828. :return: Http response
  1829. """
  1830. params_path = {"realm-name": self.realm_name}
  1831. data_raw = self.raw_put(URL_ADMIN_EVENTS.format(**params_path),
  1832. data=json.dumps(payload))
  1833. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])
  1835. def raw_get(self, *args, **kwargs):
  1836. """
  1837. Calls connection.raw_get.
  1839. If auto_refresh is set for *get* and *access_token* is expired, it will refresh the token
  1840. and try *get* once more.
  1841. """
  1842. r = self.connection.raw_get(*args, **kwargs)
  1843. if 'get' in self.auto_refresh_token and r.status_code == 401:
  1844. self.refresh_token()
  1845. return self.connection.raw_get(*args, **kwargs)
  1846. return r
  1848. def raw_post(self, *args, **kwargs):
  1849. """
  1850. Calls connection.raw_post.
  1852. If auto_refresh is set for *post* and *access_token* is expired, it will refresh the token
  1853. and try *post* once more.
  1854. """
  1855. r = self.connection.raw_post(*args, **kwargs)
  1856. if 'post' in self.auto_refresh_token and r.status_code == 401:
  1857. self.refresh_token()
  1858. return self.connection.raw_post(*args, **kwargs)
  1859. return r
  1861. def raw_put(self, *args, **kwargs):
  1862. """
  1863. Calls connection.raw_put.
  1865. If auto_refresh is set for *put* and *access_token* is expired, it will refresh the token
  1866. and try *put* once more.
  1867. """
  1868. r = self.connection.raw_put(*args, **kwargs)
  1869. if 'put' in self.auto_refresh_token and r.status_code == 401:
  1870. self.refresh_token()
  1871. return self.connection.raw_put(*args, **kwargs)
  1872. return r
  1874. def raw_delete(self, *args, **kwargs):
  1875. """
  1876. Calls connection.raw_delete.
  1878. If auto_refresh is set for *delete* and *access_token* is expired, it will refresh the token
  1879. and try *delete* once more.
  1880. """
  1881. r = self.connection.raw_delete(*args, **kwargs)
  1882. if 'delete' in self.auto_refresh_token and r.status_code == 401:
  1883. self.refresh_token()
  1884. return self.connection.raw_delete(*args, **kwargs)
  1885. return r
  1887. def get_token(self):
  1888. token_realm_name = 'master' if self.client_secret_key else self.user_realm_name or self.realm_name
  1889. self.keycloak_openid = KeycloakOpenID(server_url=self.server_url, client_id=self.client_id,
  1890. realm_name=token_realm_name, verify=self.verify,
  1891. client_secret_key=self.client_secret_key,
  1892. custom_headers=self.custom_headers)
  1894. grant_type = ["password"]
  1895. if self.client_secret_key:
  1896. grant_type = ["client_credentials"]
  1897. if self.user_realm_name:
  1898. self.realm_name = self.user_realm_name
  1900. self._token = self.keycloak_openid.token(self.username, self.password, grant_type=grant_type)
  1902. headers = {
  1903. 'Authorization': 'Bearer ' + self.token.get('access_token'),
  1904. 'Content-Type': 'application/json'
  1905. }
  1907. if self.custom_headers is not None:
  1908. # merge custom headers to main headers
  1909. headers.update(self.custom_headers)
  1911. self._connection = ConnectionManager(base_url=self.server_url,
  1912. headers=headers,
  1913. timeout=60,
  1914. verify=self.verify)
  1916. def refresh_token(self):
  1917. refresh_token = self.token.get('refresh_token')
  1918. try:
  1919. self.token = self.keycloak_openid.refresh_token(refresh_token)
  1920. except KeycloakGetError as e:
  1921. if e.response_code == 400 and (b'Refresh token expired' in e.response_body or
  1922. b'Token is not active' in e.response_body):
  1923. self.get_token()
  1924. else:
  1925. raise
  1926. self.connection.add_param_headers('Authorization', 'Bearer ' + self.token.get('access_token'))
  1928. def get_client_all_sessions(self, client_id):
  1929. """
  1930. Get sessions associated with the client
  1932. :param client_id: id of client
  1934. UserSessionRepresentation
  1935. http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_usersessionrepresentation
  1937. :return: UserSessionRepresentation
  1938. """
  1939. params_path = {"realm-name": self.realm_name, "id": client_id}
  1940. data_raw = self.connection.raw_get(URL_ADMIN_CLIENT_ALL_SESSIONS.format(**params_path))
  1941. return raise_error_from_response(data_raw, KeycloakGetError)
  1944. def delete_user_realm_role(self, user_id, payload):
  1945. """
  1946. Delete realm-level role mappings
  1947. DELETE admin/realms/{realm-name}/users/{id}/role-mappings/realm
  1949. """
  1950. params_path = {"realm-name": self.realm_name, "id": str(user_id) }
  1951. data_raw = self.connection.raw_delete(URL_ADMIN_DELETE_USER_ROLE.format(**params_path),
  1952. data=json.dumps(payload))
  1953. return raise_error_from_response(data_raw, KeycloakGetError, expected_codes=[204])