You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

147 lines
3.8 KiB

11 months ago
11 months ago
11 months ago
  1. .. _openid_client:
  2. OpenID Client
  3. ========================
  4. Configure client OpenID
  5. -------------------------
  6. .. code-block:: python
  7. from keycloak import KeycloakOpenID
  8. # Configure client
  9. # For versions older than 18 /auth/ must be added at the end of the server_url.
  10. keycloak_openid = KeycloakOpenID(server_url="http://localhost:8080/",
  11. client_id="example_client",
  12. realm_name="example_realm",
  13. client_secret_key="secret")
  14. Get .well_know
  15. -----------------------
  16. .. code-block:: python
  17. config_well_known = keycloak_openid.well_known()
  18. Get code with OAuth authorization request
  19. ----------------------------------------------
  20. .. code-block:: python
  21. auth_url = keycloak_openid.auth_url(
  22. redirect_uri="your_call_back_url",
  23. scope="email",
  24. state="your_state_info")
  25. Get access token with code
  26. ----------------------------------------------
  27. .. code-block:: python
  28. access_token = keycloak_openid.token(
  29. grant_type='authorization_code',
  30. code='the_code_you_get_from_auth_url_callback',
  31. redirect_uri="your_call_back_url")
  32. Get access token with user and password
  33. ----------------------------------------------
  34. .. code-block:: python
  35. token = keycloak_openid.token("user", "password")
  36. token = keycloak_openid.token("user", "password", totp="012345")
  37. Get token using Token Exchange
  38. ----------------------------------------------
  39. .. code-block:: python
  40. token = keycloak_openid.exchange_token(token['access_token'],
  41. "my_client", "other_client", "some_user")
  42. Refresh token
  43. ----------------------------------------------
  44. .. code-block:: python
  45. token = keycloak_openid.refresh_token(token['refresh_token'])
  46. Get UserInfo
  47. ----------------------------------------------
  48. .. code-block:: python
  49. userinfo = keycloak_openid.userinfo(token['access_token'])
  50. Logout
  51. ----------------------------------------------
  52. .. code-block:: python
  53. keycloak_openid.logout(token['refresh_token'])
  54. Get certs
  55. ----------------------------------------------
  56. .. code-block:: python
  57. certs = keycloak_openid.certs()
  58. Introspect RPT
  59. ----------------------------------------------
  60. .. code-block:: python
  61. token_rpt_info = keycloak_openid.introspect(keycloak_openid.introspect(token['access_token'],
  62. rpt=rpt['rpt'],
  63. token_type_hint="requesting_party_token"))
  64. Introspect token
  65. ----------------------------------------------
  66. .. code-block:: python
  67. token_info = keycloak_openid.introspect(token['access_token'])
  68. Decode token
  69. ----------------------------------------------
  70. .. code-block:: python
  71. token_info = keycloak_openid.decode_token(token['access_token'])
  72. # Without validation
  73. token_info = keycloak_openid.decode_token(token['access_token'], validate=False)
  74. Get UMA-permissions by token
  75. ----------------------------------------------
  76. .. code-block:: python
  77. token = keycloak_openid.token("user", "password")
  78. permissions = keycloak_openid.uma_permissions(token['access_token'])
  79. Get UMA-permissions by token with specific resource and scope requested
  80. --------------------------------------------------------------------------
  81. .. code-block:: python
  82. token = keycloak_openid.token("user", "password")
  83. permissions = keycloak_openid.uma_permissions(token['access_token'], permissions="Resource#Scope")
  84. Get auth status for a specific resource and scope by token
  85. --------------------------------------------------------------------------
  86. .. code-block:: python
  87. token = keycloak_openid.token("user", "password")
  88. auth_status = keycloak_openid.has_uma_access(token['access_token'], "Resource#Scope")