Browse Source

fix: Set client_credentials as grant_type also when x509 certificate is given (#597)

* fix: Added grant type as openid_connection optional attribute

* fix: Add getter and setter for grant_type

---------

Co-authored-by: Alex Rohozneanu <aro@bigbrother.nl>
pull/598/head v4.5.1
alexrohozneanu 1 month ago
committed by GitHub
parent
commit
41d20478e9
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
  1. 4
      src/keycloak/keycloak_admin.py
  2. 12
      src/keycloak/keycloak_openid.py
  3. 44
      src/keycloak/openid_connection.py

4
src/keycloak/keycloak_admin.py

@ -86,6 +86,7 @@ class KeycloakAdmin:
def __init__( def __init__(
self, self,
server_url=None, server_url=None,
grant_type=None,
username=None, username=None,
password=None, password=None,
token=None, token=None,
@ -104,6 +105,8 @@ class KeycloakAdmin:
:param server_url: Keycloak server url :param server_url: Keycloak server url
:type server_url: str :type server_url: str
:param grant_type: grant type for authn
:type grant_type: str
:param username: admin username :param username: admin username
:type username: str :type username: str
:param password: admin password :param password: admin password
@ -136,6 +139,7 @@ class KeycloakAdmin:
""" """
self.connection = connection or KeycloakOpenIDConnection( self.connection = connection or KeycloakOpenIDConnection(
server_url=server_url, server_url=server_url,
grant_type=grant_type,
username=username, username=username,
password=password, password=password,
token=token, token=token,

12
src/keycloak/keycloak_openid.py

@ -276,7 +276,7 @@ class KeycloakOpenID:
self, self,
username="", username="",
password="", password="",
grant_type=["password"],
grant_type="password",
code="", code="",
redirect_uri="", redirect_uri="",
totp=None, totp=None,
@ -338,7 +338,7 @@ class KeycloakOpenID:
) )
return raise_error_from_response(data_raw, KeycloakPostError) return raise_error_from_response(data_raw, KeycloakPostError)
def refresh_token(self, refresh_token, grant_type=["refresh_token"]):
def refresh_token(self, refresh_token, grant_type="refresh_token"):
"""Refresh the user token. """Refresh the user token.
The token endpoint is used to obtain tokens. Tokens can either be obtained by The token endpoint is used to obtain tokens. Tokens can either be obtained by
@ -409,7 +409,7 @@ class KeycloakOpenID:
""" """
params_path = {"realm-name": self.realm_name} params_path = {"realm-name": self.realm_name}
payload = { payload = {
"grant_type": ["urn:ietf:params:oauth:grant-type:token-exchange"],
"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
"client_id": self.client_id, "client_id": self.client_id,
"subject_token": token, "subject_token": token,
"subject_token_type": subject_token_type, "subject_token_type": subject_token_type,
@ -920,7 +920,7 @@ class KeycloakOpenID:
self, self,
username="", username="",
password="", password="",
grant_type=["password"],
grant_type="password",
code="", code="",
redirect_uri="", redirect_uri="",
totp=None, totp=None,
@ -982,7 +982,7 @@ class KeycloakOpenID:
) )
return raise_error_from_response(data_raw, KeycloakPostError) return raise_error_from_response(data_raw, KeycloakPostError)
async def a_refresh_token(self, refresh_token, grant_type=["refresh_token"]):
async def a_refresh_token(self, refresh_token, grant_type="refresh_token"):
"""Refresh the user token asynchronously. """Refresh the user token asynchronously.
The token endpoint is used to obtain tokens. Tokens can either be obtained by The token endpoint is used to obtain tokens. Tokens can either be obtained by
@ -1053,7 +1053,7 @@ class KeycloakOpenID:
""" """
params_path = {"realm-name": self.realm_name} params_path = {"realm-name": self.realm_name}
payload = { payload = {
"grant_type": ["urn:ietf:params:oauth:grant-type:token-exchange"],
"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
"client_id": self.client_id, "client_id": self.client_id,
"subject_token": token, "subject_token": token,
"subject_token_type": subject_token_type, "subject_token_type": subject_token_type,

44
src/keycloak/openid_connection.py

@ -43,6 +43,7 @@ class KeycloakOpenIDConnection(ConnectionManager):
""" """
_server_url = None _server_url = None
_grant_type = None
_username = None _username = None
_password = None _password = None
_totp = None _totp = None
@ -59,6 +60,7 @@ class KeycloakOpenIDConnection(ConnectionManager):
def __init__( def __init__(
self, self,
server_url, server_url,
grant_type=None,
username=None, username=None,
password=None, password=None,
token=None, token=None,
@ -76,6 +78,8 @@ class KeycloakOpenIDConnection(ConnectionManager):
:param server_url: Keycloak server url :param server_url: Keycloak server url
:type server_url: str :type server_url: str
:param grant_type: grant type for authn
:type grant_type: str
:param username: admin username :param username: admin username
:type username: str :type username: str
:param password: admin password :param password: admin password
@ -110,6 +114,7 @@ class KeycloakOpenIDConnection(ConnectionManager):
self.token_lifetime_fraction = 0.9 self.token_lifetime_fraction = 0.9
self.headers = {} self.headers = {}
self.server_url = server_url self.server_url = server_url
self.grant_type = grant_type
self.username = username self.username = username
self.password = password self.password = password
self.token = token self.token = token
@ -124,6 +129,12 @@ class KeycloakOpenIDConnection(ConnectionManager):
self.headers = {**self.headers, "Content-Type": "application/json"} self.headers = {**self.headers, "Content-Type": "application/json"}
self.cert = cert self.cert = cert
if not self.grant_type:
if username and password:
self.grant_type = "password"
elif client_secret_key:
self.grant_type = "client_credentials"
super().__init__( super().__init__(
base_url=self.server_url, base_url=self.server_url,
headers=self.headers, headers=self.headers,
@ -145,6 +156,19 @@ class KeycloakOpenIDConnection(ConnectionManager):
def server_url(self, value): def server_url(self, value):
self.base_url = value self.base_url = value
@property
def grant_type(self):
"""Get grant type.
:returns: Grant type
:rtype: str
"""
return self._grant_type
@grant_type.setter
def grant_type(self, value):
self._grant_type = value
@property @property
def realm_name(self): def realm_name(self):
"""Get realm name. """Get realm name.
@ -314,15 +338,9 @@ class KeycloakOpenIDConnection(ConnectionManager):
The admin token is then set in the `token` attribute. The admin token is then set in the `token` attribute.
""" """
grant_type = []
if self.username and self.password:
grant_type.append("password")
elif self.client_secret_key:
grant_type.append("client_credentials")
if grant_type:
if self.grant_type:
self.token = self.keycloak_openid.token( self.token = self.keycloak_openid.token(
self.username, self.password, grant_type=grant_type, totp=self.totp
self.username, self.password, grant_type=self.grant_type, totp=self.totp
) )
else: else:
self.token = None self.token = None
@ -426,15 +444,9 @@ class KeycloakOpenIDConnection(ConnectionManager):
The admin token is then set in the `token` attribute. The admin token is then set in the `token` attribute.
""" """
grant_type = []
if self.username and self.password:
grant_type.append("password")
elif self.client_secret_key:
grant_type.append("client_credentials")
if grant_type:
if self.grant_type:
self.token = await self.keycloak_openid.a_token( self.token = await self.keycloak_openid.a_token(
self.username, self.password, grant_type=grant_type, totp=self.totp
self.username, self.password, grant_type=self.grant_type, totp=self.totp
) )
else: else:
self.token = None self.token = None

Loading…
Cancel
Save