Mirror
/
python-keycloak
mirror of https://github.com/marcospereirampj/python-keycloak.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
Browse Source

chore: Add device authorization grant (#454) 

* feat: Add device authorization grant

* fix: device doc and url

* fix: reformat url import

* fix: import in alphabetical order

---------

Co-authored-by: Richard Nemeth <ryshoooo@gmail.com>
pull/430/head
manonmichel 12 months ago
committed by elias.hamacher
parent
3bcc0a1608
commit
73af7b9d45
2 changed files with 31 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 30
      src/keycloak/keycloak_openid.py
  2. 1
      src/keycloak/urls_patterns.py

30
src/keycloak/keycloak_openid.py
View File

@ -51,6 +51,7 @@ from .urls_patterns import (
URL_CERTS, URL_CERTS,
URL_CLIENT_REGISTRATION, URL_CLIENT_REGISTRATION,
URL_CLIENT_UPDATE, URL_CLIENT_UPDATE,
URL_DEVICE,
URL_ENTITLEMENT, URL_ENTITLEMENT,
URL_INTROSPECT, URL_INTROSPECT,
URL_LOGOUT, URL_LOGOUT,
@ -714,6 +715,35 @@ class KeycloakOpenID:
) )
return raise_error_from_response(data_raw, KeycloakPostError) return raise_error_from_response(data_raw, KeycloakPostError)
def device(self):
"""Get device authorization grant.
The device endpoint is used to obtain a user code verification and user authentication.
The response contains a device_code, user_code, verification_uri,
verification_uri_complete, expires_in (lifetime in seconds for device_code
and user_code), and polling interval.
Users can either follow the verification_uri and enter the user_code or
follow the verification_uri_complete.
After authenticating with valid credentials, users can obtain tokens using the
"urn:ietf:params:oauth:grant-type:device_code" grant_type and the device_code.
https://auth0.com/docs/get-started/authentication-and-authorization-flow/device-authorization-flow
https://github.com/keycloak/keycloak-community/blob/main/design/oauth2-device-authorization-grant.md#how-to-try-it
:returns: Device Authorization Response
:rtype: dict
"""
params_path = {"realm-name": self.realm_name}
payload = {
"client_id": self.client_id,
}
payload = self._add_secret_key(payload)
data_raw = self.connection.raw_post(URL_DEVICE.format(**params_path), data=payload)
return raise_error_from_response(data_raw, KeycloakPostError)
def update_client(self, token: str, client_id: str, payload: dict): def update_client(self, token: str, client_id: str, payload: dict):
"""Update a client. """Update a client.

1
src/keycloak/urls_patterns.py
View File

@ -37,6 +37,7 @@ URL_AUTH = (
"{authorization-endpoint}?client_id={client-id}&response_type=code&redirect_uri={redirect-uri}" "{authorization-endpoint}?client_id={client-id}&response_type=code&redirect_uri={redirect-uri}"
"&scope={scope}&state={state}" "&scope={scope}&state={state}"
) )
URL_DEVICE = "realms/{realm-name}/protocol/openid-connect/auth/device"
URL_CLIENT_REGISTRATION = URL_REALM + "/clients-registrations/default" URL_CLIENT_REGISTRATION = URL_REALM + "/clients-registrations/default"
URL_CLIENT_UPDATE = URL_CLIENT_REGISTRATION + "/{client-id}" URL_CLIENT_UPDATE = URL_CLIENT_REGISTRATION + "/{client-id}"

Write Preview
Loading…
Cancel
Save