From 816cf90ca6339f3d04b62b3236da09acb042cb24 Mon Sep 17 00:00:00 2001 From: manonmichel Date: Mon, 5 Jun 2023 11:36:45 +0200 Subject: [PATCH] add doc --- src/keycloak/keycloak_openid.py | 33 +++++++++------------------------ 1 file changed, 9 insertions(+), 24 deletions(-) diff --git a/src/keycloak/keycloak_openid.py b/src/keycloak/keycloak_openid.py index c147c27..649ba10 100644 --- a/src/keycloak/keycloak_openid.py +++ b/src/keycloak/keycloak_openid.py @@ -714,33 +714,18 @@ class KeycloakOpenID: return raise_error_from_response(data_raw, KeycloakPostError) def device(self): - """Retrieve user token. + """Get device authorization grant. - The token endpoint is used to obtain tokens. Tokens can either be obtained by - exchanging an authorization code or by supplying credentials directly depending on - what flow is used. The token endpoint is also used to obtain new access tokens - when they expire. + The device endpoint is used to obtain a user code verification and user authentication. + The response contains a device_code, user_code, verification_uri, verification_uri_complete, + expires_in (lifetime in seconds for device_code and user_code), and polling interval. + Users can either follow the verification_uri and enter the user_code or follow the verification_uri_complete. + After authenticating with valid credentials, users can obtain tokens using the + "urn:ietf:params:oauth:grant-type:device_code" grant_type and the device_code. - http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint + https://auth0.com/docs/get-started/authentication-and-authorization-flow/device-authorization-flow + https://github.com/keycloak/keycloak-community/blob/main/design/oauth2-device-authorization-grant.md#how-to-try-it - :param username: Username - :type username: str - :param password: Password - :type password: str - :param grant_type: Grant type - :type grant_type: str - :param code: Code - :type code: str - :param redirect_uri: Redirect URI - :type redirect_uri: str - :param totp: Time-based one-time password - :type totp: int - :param scope: Scope, defaults to openid - :type scope: str - :param extra: Additional extra arguments - :type extra: dict - :returns: Keycloak token - :rtype: dict """ params_path = {"realm-name": self.realm_name} payload = {