You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

306 lines
11 KiB

7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
6 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
6 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
6 years ago
7 years ago
6 years ago
  1. .. python-keycloak documentation master file, created by
  2. sphinx-quickstart on Tue Aug 15 11:02:59 2017.
  3. You can adapt this file completely to your liking, but it should at least
  4. contain the root `toctree` directive.
  5. .. toctree::
  6. :maxdepth: 2
  7. :caption: Contents:
  8. Indices and tables
  9. ==================
  10. * :ref:`genindex`
  11. * :ref:`modindex`
  12. * :ref:`search`
  13. .. image:: https://readthedocs.org/projects/python-keycloak/badge/?version=latest
  14. :target: http://python-keycloak.readthedocs.io/en/latest/?badge=latest
  15. Welcome to python-keycloak's documentation!
  16. ===========================================
  17. **python-keycloak** is a Python package providing access to the Keycloak API.
  18. Installation
  19. ==================
  20. Via Pypi Package::
  21. $ pip install python-keycloak
  22. Manually::
  23. $ python setup.py install
  24. Dependencies
  25. ==================
  26. python-keycloak depends on:
  27. * Python 3
  28. * `requests <http://docs.python-requests.org/en/master/>`_
  29. * `python-jose <http://python-jose.readthedocs.io/en/latest/>`_
  30. Tests Dependencies
  31. ------------------
  32. * unittest
  33. * `httmock <https://github.com/patrys/httmock>`_
  34. Bug reports
  35. ==================
  36. Please report bugs and feature requests at
  37. `https://github.com/marcospereirampj/python-keycloak/issues <https://github.com/marcospereirampj/python-keycloak/issues>`_
  38. Documentation
  39. ==================
  40. The documentation for python-keycloak is available on `readthedocs <http://python-keycloak.readthedocs.io>`_.
  41. Contributors
  42. ==================
  43. * `Agriness Team <http://www.agriness.com/pt/>`_
  44. * `Marcos Pereira <marcospereira.mpj@gmail.com>`_
  45. * `Martin Devlin <martin.devlin@pearson.com>`_
  46. * `Shon T. Urbas <shon.urbas@gmail.com>`_
  47. * `Markus Spanier <https://bitbucket.org/spanierm/>`_
  48. * `Remco Kranenburg <https://bitbucket.org/Remco47/>`_
  49. * `Armin <https://bitbucket.org/arminfelder/>`_
  50. * `Njordr <https://bitbucket.org/njordr/>`_
  51. * `Josha Inglis <https://bitbucket.org/joshainglis/>`_
  52. * `Alex <https://bitbucket.org/alex_zel/>`_
  53. * `Ewan Jone <https://bitbucket.org/kisamoto/>`_
  54. Usage
  55. =====
  56. Main methods::
  57. # KEYCLOAK OPENID
  58. from keycloak import KeycloakOpenID
  59. # Configure client
  60. keycloak_openid = KeycloakOpenID(server_url="http://localhost:8080/auth/",
  61. client_id="example_client",
  62. realm_name="example_realm",
  63. client_secret_key="secret",
  64. verify=True)
  65. # Optionally, you can pass custom headers that will be added to all HTTP calls
  66. # keycloak_openid = KeycloakOpenID(server_url="http://localhost:8080/auth/",
  67. # client_id="example_client",
  68. # realm_name="example_realm",
  69. # client_secret_key="secret",
  70. # verify=True,
  71. # custom_headers={'CustomHeader': 'value'})
  72. # Optionally, you can pass proxies as well that will be used in all HTTP calls. See requests documentation for more details_
  73. # `requests-proxies <https://2.python-requests.org/en/master/user/advanced/#id10>`_.
  74. # keycloak_openid = KeycloakOpenID(server_url="http://localhost:8080/auth/",
  75. # client_id="example_client",
  76. # realm_name="example_realm",
  77. # client_secret_key="secret",
  78. # verify=True,
  79. # proxies={'http': 'http://10.10.1.10:3128', 'https': 'http://10.10.1.10:1080'})
  80. # Get WellKnow
  81. config_well_know = keycloak_openid.well_know()
  82. # Get Token
  83. token = keycloak_openid.token("user", "password")
  84. token = keycloak_openid.token("user", "password", totp="012345")
  85. # Get Userinfo
  86. userinfo = keycloak_openid.userinfo(token['access_token'])
  87. # Refresh token
  88. token = keycloak_openid.refresh_token(token['refresh_token'])
  89. # Logout
  90. keycloak_openid.logout(token['refresh_token'])
  91. # Get Certs
  92. certs = keycloak_openid.certs()
  93. # Get RPT (Entitlement)
  94. token = keycloak_openid.token("user", "password")
  95. rpt = keycloak_openid.entitlement(token['access_token'], "resource_id")
  96. # Instropect RPT
  97. token_rpt_info = keycloak_openid.introspect(keycloak_openid.introspect(token['access_token'], rpt=rpt['rpt'],
  98. token_type_hint="requesting_party_token"))
  99. # Introspect Token
  100. token_info = keycloak_openid.introspect(token['access_token']))
  101. # Decode Token
  102. KEYCLOAK_PUBLIC_KEY = "secret"
  103. options = {"verify_signature": True, "verify_aud": True, "verify_exp": True}
  104. token_info = keycloak_openid.decode_token(token['access_token'], key=KEYCLOAK_PUBLIC_KEY, options=options)
  105. # Get permissions by token
  106. token = keycloak_openid.token("user", "password")
  107. keycloak_openid.load_authorization_config("example-authz-config.json")
  108. policies = keycloak_openid.get_policies(token['access_token'], method_token_info='decode', key=KEYCLOAK_PUBLIC_KEY)
  109. permissions = keycloak_openid.get_permissions(token['access_token'], method_token_info='introspect')
  110. # KEYCLOAK ADMIN
  111. from keycloak import KeycloakAdmin
  112. keycloak_admin = KeycloakAdmin(server_url="http://localhost:8080/auth/",
  113. username='example-admin',
  114. password='secret',
  115. realm_name="example_realm",
  116. verify=True)
  117. # Optionally, you can pass custom headers that will be added to all HTTP calls
  118. #keycloak_admin = KeycloakAdmin(server_url="http://localhost:8080/auth/",
  119. # username='example-admin',
  120. # password='secret',
  121. # realm_name="example_realm",
  122. # verify=True,
  123. # custom_headers={'CustomHeader': 'value'})
  124. #
  125. # You can also authenticate with client_id and client_secret
  126. #keycloak_admin = KeycloakAdmin(server_url="http://localhost:8080/auth/",
  127. # client_id="example_client",
  128. # client_secret_key="secret",
  129. # realm_name="example_realm",
  130. # verify=True,
  131. # custom_headers={'CustomHeader': 'value'})
  132. # Add user
  133. new_user = keycloak_admin.create_user({"email": "example@example.com",
  134. "username": "example@example.com",
  135. "enabled": True,
  136. "firstName": "Example",
  137. "lastName": "Example",
  138. "realmRoles": ["user_default", ],
  139. "attributes": {"example": "1,2,3,3,"}})
  140. # Add user and set password
  141. new_user = keycloak_admin.create_user({"email": "example@example.com",
  142. "username": "example@example.com",
  143. "enabled": True,
  144. "firstName": "Example",
  145. "lastName": "Example",
  146. "credentials": [{"value": "secret","type": "password",}],
  147. "realmRoles": ["user_default", ],
  148. "attributes": {"example": "1,2,3,3,"}})
  149. # User counter
  150. count_users = keycloak_admin.users_count()
  151. # Get users Returns a list of users, filtered according to query parameters
  152. users = keycloak_admin.get_users({})
  153. # Get user ID from name
  154. user-id-keycloak = keycloak_admin.get_user_id("example@example.com")
  155. # Get User
  156. user = keycloak_admin.get_user("user-id-keycloak")
  157. # Update User
  158. response = keycloak_admin.update_user(user_id="user-id-keycloak",
  159. payload={'firstName': 'Example Update'})
  160. # Update User Password
  161. response = set_user_password(user_id="user-id-keycloak", password="secret", temporary=True)
  162. # Delete User
  163. response = keycloak_admin.delete_user(user_id="user-id-keycloak")
  164. # Get consents granted by the user
  165. consents = keycloak_admin.consents_user(user_id="user-id-keycloak")
  166. # Send User Action
  167. response = keycloak_admin.send_update_account(user_id="user-id-keycloak",
  168. payload=json.dumps(['UPDATE_PASSWORD']))
  169. # Send Verify Email
  170. response = keycloak_admin.send_verify_email(user_id="user-id-keycloak")
  171. # Get sessions associated with the user
  172. sessions = keycloak_admin.get_sessions(user_id="user-id-keycloak")
  173. # Get themes, social providers, auth providers, and event listeners available on this server
  174. server_info = keycloak_admin.get_server_info()
  175. # Get clients belonging to the realm Returns a list of clients belonging to the realm
  176. clients = keycloak_admin.get_clients()
  177. # Get client - id (not client-id) from client by name
  178. client_id=keycloak_admin.get_client_id("my-client")
  179. # Get representation of the client - id of client (not client-id)
  180. client = keycloak_admin.get_client(client_id="client_id")
  181. # Get all roles for the realm or client
  182. realm_roles = keycloak_admin.get_realm_roles()
  183. # Get all roles for the client
  184. client_roles = keycloak_admin.get_client_roles(client_id="client_id")
  185. # Get client role
  186. role = keycloak_admin.get_client_role(client_id="client_id", role_name="role_name")
  187. # Warning: Deprecated
  188. # Get client role id from name
  189. role_id = keycloak_admin.get_client_role_id(client_id="client_id", role_name="test")
  190. # Create client role
  191. keycloak_admin.create_client_role(client_id="client_id", {'name': 'roleName', 'clientRole': True})
  192. # Get client role id from name
  193. role_id = keycloak_admin.get_client_role_id(client_id=client_id, role_name="test")
  194. # Get all roles for the realm or client
  195. realm_roles = keycloak_admin.get_roles()
  196. # Assign client role to user. Note that BOTH role_name and role_id appear to be required.
  197. keycloak_admin.assign_client_role(client_id="client_id", user_id="user_id", role_id="role_id", role_name="test")
  198. # Assign realm roles to user. Note that BOTH role_name and role_id appear to be required.
  199. keycloak_admin.assign_realm_roles(client_id="client_id", user_id="user_id", roles=[{"roles_representation"}])
  200. # Delete realm roles of user. Note that BOTH role_name and role_id appear to be required.
  201. keycloak_admin.deletes_realm_roles_of_user(user_id="user_id", roles=[{"roles_representation"}])
  202. # Create new group
  203. group = keycloak_admin.create_group(name="Example Group")
  204. # Get all groups
  205. groups = keycloak_admin.get_groups()
  206. # Get group
  207. group = keycloak_admin.get_group(group_id='group_id')
  208. # Get group by path
  209. group = keycloak_admin.get_group_by_path(path='/group/subgroup', search_in_subgroups=True)
  210. # Function to trigger user sync from provider
  211. sync_users(storage_id="storage_di", action="action")
  212. # List public RSA keys
  213. components = keycloak_admin.keys
  214. # List all keys
  215. components = keycloak_admin.get_components(query={"parent":"example_realm", "type":"org.keycloak.keys.KeyProvider"})
  216. # Create a new RSA key
  217. component = keycloak_admin.create_component({"name":"rsa-generated","providerId":"rsa-generated","providerType":"org.keycloak.keys.KeyProvider","parentId":"example_realm","config":{"priority":["100"],"enabled":["true"],"active":["true"],"algorithm":["RS256"],"keySize":["2048"]}})
  218. # Update the key
  219. component_details['config']['active'] = ["false"]
  220. keycloak_admin.update_component(component['id'])
  221. # Delete the key
  222. keycloak_admin.delete_component(component['id'])