Marcos Pereira Jr
10 months ago
committed by
Marcos Pereira
4 changed files with 412 additions and 1 deletions
-
11docs/source/getting_started.rst
-
196docs/source/modules/admin.rst
-
146docs/source/modules/openid_client.rst
-
60docs/source/modules/uma.rst
@ -1,4 +1,13 @@ |
|||
.. _getting_started: |
|||
|
|||
The User Guide |
|||
Quickstart |
|||
======================== |
|||
|
|||
Some examples of using OpenID, Admin and UMA integration. |
|||
|
|||
.. toctree:: |
|||
:maxdepth: 2 |
|||
|
|||
modules/openid_client |
|||
modules/admin |
|||
modules/uma |
@ -0,0 +1,196 @@ |
|||
.. admin: |
|||
|
|||
Admin Client |
|||
======================== |
|||
|
|||
|
|||
Configure admin client |
|||
------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
|
|||
admin = KeycloakAdmin( |
|||
server_url="http://localhost:8080/", |
|||
username='example-admin', |
|||
password='secret', |
|||
realm_name="master", |
|||
user_realm_name="only_if_other_realm_than_master") |
|||
|
|||
|
|||
Configure admin client with connection |
|||
-------------------------------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
from keycloak import KeycloakAdmin |
|||
from keycloak import KeycloakOpenIDConnection |
|||
|
|||
keycloak_connection = KeycloakOpenIDConnection( |
|||
server_url="http://localhost:8080/", |
|||
username='example-admin', |
|||
password='secret', |
|||
realm_name="master", |
|||
user_realm_name="only_if_other_realm_than_master", |
|||
client_id="my_client", |
|||
client_secret_key="client-secret", |
|||
verify=True) |
|||
|
|||
keycloak_admin = KeycloakAdmin(connection=keycloak_connection) |
|||
|
|||
|
|||
Create user |
|||
------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
new_user = keycloak_admin.create_user({"email": "example@example.com", |
|||
"username": "example@example.com", |
|||
"enabled": True, |
|||
"firstName": "Example", |
|||
"lastName": "Example"}) |
|||
|
|||
|
|||
Add user and raise exception if username already exists |
|||
----------------------------------------------------------- |
|||
|
|||
The exist_ok currently defaults to True for backwards compatibility reasons. |
|||
|
|||
.. code-block:: python |
|||
|
|||
new_user = keycloak_admin.create_user({"email": "example@example.com", |
|||
"username": "example@example.com", |
|||
"enabled": True, |
|||
"firstName": "Example", |
|||
"lastName": "Example"}, |
|||
exist_ok=False) |
|||
|
|||
Add user and set password |
|||
--------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
new_user = keycloak_admin.create_user({"email": "example@example.com", |
|||
"username": "example@example.com", |
|||
"enabled": True, |
|||
"firstName": "Example", |
|||
"lastName": "Example", |
|||
"credentials": [{"value": "secret","type": "password",}]}) |
|||
|
|||
|
|||
Add user and specify a locale |
|||
------------------------------ |
|||
|
|||
.. code-block:: python |
|||
|
|||
new_user = keycloak_admin.create_user({"email": "example@example.fr", |
|||
"username": "example@example.fr", |
|||
"enabled": True, |
|||
"firstName": "Example", |
|||
"lastName": "Example", |
|||
"attributes": { |
|||
"locale": ["fr"] |
|||
}}) |
|||
|
|||
User counter |
|||
------------------------------ |
|||
|
|||
.. code-block:: python |
|||
|
|||
count_users = keycloak_admin.users_count() |
|||
|
|||
Get users Returns a list of users, filtered according to query parameters |
|||
---------------------------------------------------------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
users = keycloak_admin.get_users({}) |
|||
|
|||
Get user ID from username |
|||
------------------------------ |
|||
|
|||
.. code-block:: python |
|||
|
|||
user_id_keycloak = keycloak_admin.get_user_id("username-keycloak") |
|||
|
|||
|
|||
Get user |
|||
------------------------------ |
|||
|
|||
.. code-block:: python |
|||
|
|||
user = keycloak_admin.get_user("user-id-keycloak") |
|||
|
|||
Update user |
|||
------------------------------ |
|||
|
|||
.. code-block:: python |
|||
|
|||
response = keycloak_admin.update_user(user_id="user-id-keycloak", |
|||
payload={'firstName': 'Example Update'}) |
|||
|
|||
|
|||
Update user password |
|||
------------------------------ |
|||
|
|||
.. code-block:: python |
|||
|
|||
response = keycloak_admin.set_user_password(user_id="user-id-keycloak", password="secret", temporary=True) |
|||
|
|||
|
|||
Get user credentials |
|||
------------------------------ |
|||
|
|||
.. code-block:: python |
|||
|
|||
credentials = keycloak_admin.get_credentials(user_id='user_id') |
|||
|
|||
Get user credential by ID |
|||
------------------------------ |
|||
|
|||
.. code-block:: python |
|||
|
|||
credential = keycloak_admin.get_credential(user_id='user_id', credential_id='credential_id') |
|||
|
|||
Delete user credential |
|||
------------------------------ |
|||
|
|||
.. code-block:: python |
|||
|
|||
response = keycloak_admin.delete_credential(user_id='user_id', credential_id='credential_id') |
|||
|
|||
Delete User |
|||
------------------------------ |
|||
|
|||
.. code-block:: python |
|||
|
|||
response = keycloak_admin.delete_user(user_id="user-id-keycloak") |
|||
|
|||
Get consents granted by the user |
|||
-------------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
consents = keycloak_admin.consents_user(user_id="user-id-keycloak") |
|||
|
|||
Send user action |
|||
------------------------------ |
|||
|
|||
.. code-block:: python |
|||
|
|||
response = keycloak_admin.send_update_account(user_id="user-id-keycloak", |
|||
payload=['UPDATE_PASSWORD']) |
|||
|
|||
Send verify email |
|||
------------------------------ |
|||
|
|||
.. code-block:: python |
|||
|
|||
response = keycloak_admin.send_verify_email(user_id="user-id-keycloak") |
|||
|
|||
Get sessions associated with the user |
|||
-------------------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
sessions = keycloak_admin.get_sessions(user_id="user-id-keycloak") |
@ -0,0 +1,146 @@ |
|||
.. _openid_client: |
|||
|
|||
|
|||
OpenID Client |
|||
======================== |
|||
|
|||
Configure client OpenID |
|||
------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
from keycloak import KeycloakOpenID |
|||
|
|||
# Configure client |
|||
keycloak_openid = KeycloakOpenID(server_url="http://localhost:8080/auth/", |
|||
client_id="example_client", |
|||
realm_name="example_realm", |
|||
client_secret_key="secret") |
|||
|
|||
|
|||
Get .well_know |
|||
----------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
config_well_known = keycloak_openid.well_known() |
|||
|
|||
|
|||
Get code with OAuth authorization request |
|||
---------------------------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
auth_url = keycloak_openid.auth_url( |
|||
redirect_uri="your_call_back_url", |
|||
scope="email", |
|||
state="your_state_info") |
|||
|
|||
|
|||
Get access token with code |
|||
---------------------------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
access_token = keycloak_openid.token( |
|||
grant_type='authorization_code', |
|||
code='the_code_you_get_from_auth_url_callback', |
|||
redirect_uri="your_call_back_url") |
|||
|
|||
|
|||
Get access token with user and password |
|||
---------------------------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
token = keycloak_openid.token("user", "password") |
|||
token = keycloak_openid.token("user", "password", totp="012345") |
|||
|
|||
|
|||
Get token using Token Exchange |
|||
---------------------------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
token = keycloak_openid.exchange_token(token['access_token'], |
|||
"my_client", "other_client", "some_user") |
|||
|
|||
|
|||
Refresh token |
|||
---------------------------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
token = keycloak_openid.refresh_token(token['refresh_token']) |
|||
|
|||
Get UserInfo |
|||
---------------------------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
userinfo = keycloak_openid.userinfo(token['access_token']) |
|||
|
|||
Logout |
|||
---------------------------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
keycloak_openid.logout(token['refresh_token']) |
|||
|
|||
Get certs |
|||
---------------------------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
certs = keycloak_openid.certs() |
|||
|
|||
Introspect RPT |
|||
---------------------------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
token_rpt_info = keycloak_openid.introspect(keycloak_openid.introspect(token['access_token'], |
|||
rpt=rpt['rpt'], |
|||
token_type_hint="requesting_party_token")) |
|||
|
|||
Introspect token |
|||
---------------------------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
token_info = keycloak_openid.introspect(token['access_token']) |
|||
|
|||
|
|||
Decode token |
|||
---------------------------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
KEYCLOAK_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\n" + keycloak_openid.public_key() + "\n-----END PUBLIC KEY-----" |
|||
options = {"verify_signature": True, "verify_aud": True, "verify_exp": True} |
|||
token_info = keycloak_openid.decode_token(token['access_token'], key=KEYCLOAK_PUBLIC_KEY, options=options) |
|||
|
|||
|
|||
Get UMA-permissions by token |
|||
---------------------------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
token = keycloak_openid.token("user", "password") |
|||
permissions = keycloak_openid.uma_permissions(token['access_token']) |
|||
|
|||
Get UMA-permissions by token with specific resource and scope requested |
|||
-------------------------------------------------------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
token = keycloak_openid.token("user", "password") |
|||
permissions = keycloak_openid.uma_permissions(token['access_token'], permissions="Resource#Scope") |
|||
|
|||
Get auth status for a specific resource and scope by token |
|||
-------------------------------------------------------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
token = keycloak_openid.token("user", "password") |
|||
auth_status = keycloak_openid.has_uma_access(token['access_token'], "Resource#Scope") |
@ -0,0 +1,60 @@ |
|||
.. _uma: |
|||
|
|||
UMA |
|||
======================== |
|||
|
|||
|
|||
Configure client UMA |
|||
------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
from keycloak import KeycloakOpenIDConnection |
|||
from keycloak import KeycloakUMA |
|||
|
|||
keycloak_connection = KeycloakOpenIDConnection( |
|||
server_url="http://localhost:8080/", |
|||
realm_name="master", |
|||
client_id="my_client", |
|||
client_secret_key="client-secret") |
|||
|
|||
keycloak_uma = KeycloakUMA(connection=keycloak_connection) |
|||
|
|||
|
|||
Create a resource set |
|||
------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
resource_set = keycloak_uma.resource_set_create({ |
|||
"name": "example_resource", |
|||
"scopes": ["example:read", "example:write"], |
|||
"type": "urn:example"}) |
|||
|
|||
List resource sets |
|||
------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
resource_sets = uma.resource_set_list() |
|||
|
|||
Get resource set |
|||
------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
latest_resource = uma.resource_set_read(resource_set["_id"]) |
|||
|
|||
Update resource set |
|||
------------------------- |
|||
|
|||
.. code-block:: python |
|||
|
|||
latest_resource["name"] = "New Resource Name" |
|||
uma.resource_set_update(resource_set["_id"], latest_resource) |
|||
|
|||
Delete resource set |
|||
------------------------ |
|||
.. code-block:: python |
|||
|
|||
uma.resource_set_delete(resource_id=resource_set["_id"]) |
Write
Preview
Loading…
Cancel
Save
Reference in new issue