You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

146 lines
3.9 KiB

10 months ago
  1. .. _openid_client:
  2. OpenID Client
  3. ========================
  4. Configure client OpenID
  5. -------------------------
  6. .. code-block:: python
  7. from keycloak import KeycloakOpenID
  8. # Configure client
  9. keycloak_openid = KeycloakOpenID(server_url="http://localhost:8080/auth/",
  10. client_id="example_client",
  11. realm_name="example_realm",
  12. client_secret_key="secret")
  13. Get .well_know
  14. -----------------------
  15. .. code-block:: python
  16. config_well_known = keycloak_openid.well_known()
  17. Get code with OAuth authorization request
  18. ----------------------------------------------
  19. .. code-block:: python
  20. auth_url = keycloak_openid.auth_url(
  21. redirect_uri="your_call_back_url",
  22. scope="email",
  23. state="your_state_info")
  24. Get access token with code
  25. ----------------------------------------------
  26. .. code-block:: python
  27. access_token = keycloak_openid.token(
  28. grant_type='authorization_code',
  29. code='the_code_you_get_from_auth_url_callback',
  30. redirect_uri="your_call_back_url")
  31. Get access token with user and password
  32. ----------------------------------------------
  33. .. code-block:: python
  34. token = keycloak_openid.token("user", "password")
  35. token = keycloak_openid.token("user", "password", totp="012345")
  36. Get token using Token Exchange
  37. ----------------------------------------------
  38. .. code-block:: python
  39. token = keycloak_openid.exchange_token(token['access_token'],
  40. "my_client", "other_client", "some_user")
  41. Refresh token
  42. ----------------------------------------------
  43. .. code-block:: python
  44. token = keycloak_openid.refresh_token(token['refresh_token'])
  45. Get UserInfo
  46. ----------------------------------------------
  47. .. code-block:: python
  48. userinfo = keycloak_openid.userinfo(token['access_token'])
  49. Logout
  50. ----------------------------------------------
  51. .. code-block:: python
  52. keycloak_openid.logout(token['refresh_token'])
  53. Get certs
  54. ----------------------------------------------
  55. .. code-block:: python
  56. certs = keycloak_openid.certs()
  57. Introspect RPT
  58. ----------------------------------------------
  59. .. code-block:: python
  60. token_rpt_info = keycloak_openid.introspect(keycloak_openid.introspect(token['access_token'],
  61. rpt=rpt['rpt'],
  62. token_type_hint="requesting_party_token"))
  63. Introspect token
  64. ----------------------------------------------
  65. .. code-block:: python
  66. token_info = keycloak_openid.introspect(token['access_token'])
  67. Decode token
  68. ----------------------------------------------
  69. .. code-block:: python
  70. KEYCLOAK_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\n" + keycloak_openid.public_key() + "\n-----END PUBLIC KEY-----"
  71. options = {"verify_signature": True, "verify_aud": True, "verify_exp": True}
  72. token_info = keycloak_openid.decode_token(token['access_token'], key=KEYCLOAK_PUBLIC_KEY, options=options)
  73. Get UMA-permissions by token
  74. ----------------------------------------------
  75. .. code-block:: python
  76. token = keycloak_openid.token("user", "password")
  77. permissions = keycloak_openid.uma_permissions(token['access_token'])
  78. Get UMA-permissions by token with specific resource and scope requested
  79. --------------------------------------------------------------------------
  80. .. code-block:: python
  81. token = keycloak_openid.token("user", "password")
  82. permissions = keycloak_openid.uma_permissions(token['access_token'], permissions="Resource#Scope")
  83. Get auth status for a specific resource and scope by token
  84. --------------------------------------------------------------------------
  85. .. code-block:: python
  86. token = keycloak_openid.token("user", "password")
  87. auth_status = keycloak_openid.has_uma_access(token['access_token'], "Resource#Scope")