Mirror
/
python-keycloak
mirror of https://github.com/marcospereirampj/python-keycloak.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
Browse Source

fix: Set client_credentials as grant_type also when x509 certificate is given (#597) 

* fix: Added grant type as openid_connection optional attribute

* fix: Add getter and setter for grant_type

---------

Co-authored-by: Alex Rohozneanu <aro@bigbrother.nl>
pull/598/head v4.5.1
alexrohozneanu 4 weeks ago
committed by GitHub
parent
034a075423
commit
41d20478e9
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
3 changed files with 38 additions and 22 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      src/keycloak/keycloak_admin.py
  2. 12
      src/keycloak/keycloak_openid.py
  3. 44
      src/keycloak/openid_connection.py

4
src/keycloak/keycloak_admin.py
View File

@ -86,6 +86,7 @@ class KeycloakAdmin:
def __init__(
self,
server_url=None,
grant_type=None,
username=None,
password=None,
token=None,
@ -104,6 +105,8 @@ class KeycloakAdmin:
:param server_url: Keycloak server url
:type server_url: str
:param grant_type: grant type for authn
:type grant_type: str
:param username: admin username
:type username: str
:param password: admin password
@ -136,6 +139,7 @@ class KeycloakAdmin:
"""
self.connection = connection or KeycloakOpenIDConnection(
server_url=server_url,
grant_type=grant_type,
username=username,
password=password,
token=token,

12
src/keycloak/keycloak_openid.py
View File

@ -276,7 +276,7 @@ class KeycloakOpenID:
self,
username="",
password="",
grant_type=["password"],
grant_type="password",
code="",
redirect_uri="",
totp=None,
@ -338,7 +338,7 @@ class KeycloakOpenID:
)
return raise_error_from_response(data_raw, KeycloakPostError)
def refresh_token(self, refresh_token, grant_type=["refresh_token"]):
def refresh_token(self, refresh_token, grant_type="refresh_token"):
"""Refresh the user token.
The token endpoint is used to obtain tokens. Tokens can either be obtained by
@ -409,7 +409,7 @@ class KeycloakOpenID:
"""
params_path = {"realm-name": self.realm_name}
payload = {
"grant_type": ["urn:ietf:params:oauth:grant-type:token-exchange"],
"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
"client_id": self.client_id,
"subject_token": token,
"subject_token_type": subject_token_type,
@ -920,7 +920,7 @@ class KeycloakOpenID:
self,
username="",
password="",
grant_type=["password"],
grant_type="password",
code="",
redirect_uri="",
totp=None,
@ -982,7 +982,7 @@ class KeycloakOpenID:
)
return raise_error_from_response(data_raw, KeycloakPostError)
async def a_refresh_token(self, refresh_token, grant_type=["refresh_token"]):
async def a_refresh_token(self, refresh_token, grant_type="refresh_token"):
"""Refresh the user token asynchronously.
The token endpoint is used to obtain tokens. Tokens can either be obtained by
@ -1053,7 +1053,7 @@ class KeycloakOpenID:
"""
params_path = {"realm-name": self.realm_name}
payload = {
"grant_type": ["urn:ietf:params:oauth:grant-type:token-exchange"],
"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
"client_id": self.client_id,
"subject_token": token,
"subject_token_type": subject_token_type,

44
src/keycloak/openid_connection.py
View File

@ -43,6 +43,7 @@ class KeycloakOpenIDConnection(ConnectionManager):
"""
_server_url = None
_grant_type = None
_username = None
_password = None
_totp = None
@ -59,6 +60,7 @@ class KeycloakOpenIDConnection(ConnectionManager):
def __init__(
self,
server_url,
grant_type=None,
username=None,
password=None,
token=None,
@ -76,6 +78,8 @@ class KeycloakOpenIDConnection(ConnectionManager):
:param server_url: Keycloak server url
:type server_url: str
:param grant_type: grant type for authn
:type grant_type: str
:param username: admin username
:type username: str
:param password: admin password
@ -110,6 +114,7 @@ class KeycloakOpenIDConnection(ConnectionManager):
self.token_lifetime_fraction = 0.9
self.headers = {}
self.server_url = server_url
self.grant_type = grant_type
self.username = username
self.password = password
self.token = token
@ -124,6 +129,12 @@ class KeycloakOpenIDConnection(ConnectionManager):
self.headers = {**self.headers, "Content-Type": "application/json"}
self.cert = cert
if not self.grant_type:
if username and password:
self.grant_type = "password"
elif client_secret_key:
self.grant_type = "client_credentials"
super().__init__(
base_url=self.server_url,
headers=self.headers,
@ -145,6 +156,19 @@ class KeycloakOpenIDConnection(ConnectionManager):
def server_url(self, value):
self.base_url = value
@property
def grant_type(self):
"""Get grant type.
:returns: Grant type
:rtype: str
"""
return self._grant_type
@grant_type.setter
def grant_type(self, value):
self._grant_type = value
@property
def realm_name(self):
"""Get realm name.
@ -314,15 +338,9 @@ class KeycloakOpenIDConnection(ConnectionManager):
The admin token is then set in the `token` attribute.
"""
grant_type = []
if self.username and self.password:
grant_type.append("password")
elif self.client_secret_key:
grant_type.append("client_credentials")
if grant_type:
if self.grant_type:
self.token = self.keycloak_openid.token(
self.username, self.password, grant_type=grant_type, totp=self.totp
self.username, self.password, grant_type=self.grant_type, totp=self.totp
)
else:
self.token = None
@ -426,15 +444,9 @@ class KeycloakOpenIDConnection(ConnectionManager):
The admin token is then set in the `token` attribute.
"""
grant_type = []
if self.username and self.password:
grant_type.append("password")
elif self.client_secret_key:
grant_type.append("client_credentials")
if grant_type:
if self.grant_type:
self.token = await self.keycloak_openid.a_token(
self.username, self.password, grant_type=grant_type, totp=self.totp
self.username, self.password, grant_type=self.grant_type, totp=self.totp
)
else:
self.token = None

Write Preview
Loading…
Cancel
Save