Browse Source

fix: Set client_credentials as grant_type also when x509 certificate is given (#597)

* fix: Added grant type as openid_connection optional attribute

* fix: Add getter and setter for grant_type

---------

Co-authored-by: Alex Rohozneanu <aro@bigbrother.nl>
pull/598/head v4.5.1
alexrohozneanu 3 months ago
committed by GitHub
parent
commit
41d20478e9
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
  1. 4
      src/keycloak/keycloak_admin.py
  2. 12
      src/keycloak/keycloak_openid.py
  3. 44
      src/keycloak/openid_connection.py

4
src/keycloak/keycloak_admin.py

@ -86,6 +86,7 @@ class KeycloakAdmin:
def __init__(
self,
server_url=None,
grant_type=None,
username=None,
password=None,
token=None,
@ -104,6 +105,8 @@ class KeycloakAdmin:
:param server_url: Keycloak server url
:type server_url: str
:param grant_type: grant type for authn
:type grant_type: str
:param username: admin username
:type username: str
:param password: admin password
@ -136,6 +139,7 @@ class KeycloakAdmin:
"""
self.connection = connection or KeycloakOpenIDConnection(
server_url=server_url,
grant_type=grant_type,
username=username,
password=password,
token=token,

12
src/keycloak/keycloak_openid.py

@ -276,7 +276,7 @@ class KeycloakOpenID:
self,
username="",
password="",
grant_type=["password"],
grant_type="password",
code="",
redirect_uri="",
totp=None,
@ -338,7 +338,7 @@ class KeycloakOpenID:
)
return raise_error_from_response(data_raw, KeycloakPostError)
def refresh_token(self, refresh_token, grant_type=["refresh_token"]):
def refresh_token(self, refresh_token, grant_type="refresh_token"):
"""Refresh the user token.
The token endpoint is used to obtain tokens. Tokens can either be obtained by
@ -409,7 +409,7 @@ class KeycloakOpenID:
"""
params_path = {"realm-name": self.realm_name}
payload = {
"grant_type": ["urn:ietf:params:oauth:grant-type:token-exchange"],
"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
"client_id": self.client_id,
"subject_token": token,
"subject_token_type": subject_token_type,
@ -920,7 +920,7 @@ class KeycloakOpenID:
self,
username="",
password="",
grant_type=["password"],
grant_type="password",
code="",
redirect_uri="",
totp=None,
@ -982,7 +982,7 @@ class KeycloakOpenID:
)
return raise_error_from_response(data_raw, KeycloakPostError)
async def a_refresh_token(self, refresh_token, grant_type=["refresh_token"]):
async def a_refresh_token(self, refresh_token, grant_type="refresh_token"):
"""Refresh the user token asynchronously.
The token endpoint is used to obtain tokens. Tokens can either be obtained by
@ -1053,7 +1053,7 @@ class KeycloakOpenID:
"""
params_path = {"realm-name": self.realm_name}
payload = {
"grant_type": ["urn:ietf:params:oauth:grant-type:token-exchange"],
"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
"client_id": self.client_id,
"subject_token": token,
"subject_token_type": subject_token_type,

44
src/keycloak/openid_connection.py

@ -43,6 +43,7 @@ class KeycloakOpenIDConnection(ConnectionManager):
"""
_server_url = None
_grant_type = None
_username = None
_password = None
_totp = None
@ -59,6 +60,7 @@ class KeycloakOpenIDConnection(ConnectionManager):
def __init__(
self,
server_url,
grant_type=None,
username=None,
password=None,
token=None,
@ -76,6 +78,8 @@ class KeycloakOpenIDConnection(ConnectionManager):
:param server_url: Keycloak server url
:type server_url: str
:param grant_type: grant type for authn
:type grant_type: str
:param username: admin username
:type username: str
:param password: admin password
@ -110,6 +114,7 @@ class KeycloakOpenIDConnection(ConnectionManager):
self.token_lifetime_fraction = 0.9
self.headers = {}
self.server_url = server_url
self.grant_type = grant_type
self.username = username
self.password = password
self.token = token
@ -124,6 +129,12 @@ class KeycloakOpenIDConnection(ConnectionManager):
self.headers = {**self.headers, "Content-Type": "application/json"}
self.cert = cert
if not self.grant_type:
if username and password:
self.grant_type = "password"
elif client_secret_key:
self.grant_type = "client_credentials"
super().__init__(
base_url=self.server_url,
headers=self.headers,
@ -145,6 +156,19 @@ class KeycloakOpenIDConnection(ConnectionManager):
def server_url(self, value):
self.base_url = value
@property
def grant_type(self):
"""Get grant type.
:returns: Grant type
:rtype: str
"""
return self._grant_type
@grant_type.setter
def grant_type(self, value):
self._grant_type = value
@property
def realm_name(self):
"""Get realm name.
@ -314,15 +338,9 @@ class KeycloakOpenIDConnection(ConnectionManager):
The admin token is then set in the `token` attribute.
"""
grant_type = []
if self.username and self.password:
grant_type.append("password")
elif self.client_secret_key:
grant_type.append("client_credentials")
if grant_type:
if self.grant_type:
self.token = self.keycloak_openid.token(
self.username, self.password, grant_type=grant_type, totp=self.totp
self.username, self.password, grant_type=self.grant_type, totp=self.totp
)
else:
self.token = None
@ -426,15 +444,9 @@ class KeycloakOpenIDConnection(ConnectionManager):
The admin token is then set in the `token` attribute.
"""
grant_type = []
if self.username and self.password:
grant_type.append("password")
elif self.client_secret_key:
grant_type.append("client_credentials")
if grant_type:
if self.grant_type:
self.token = await self.keycloak_openid.a_token(
self.username, self.password, grant_type=grant_type, totp=self.totp
self.username, self.password, grant_type=self.grant_type, totp=self.totp
)
else:
self.token = None

Loading…
Cancel
Save