From 9f0c76af1cad43cae6b79590f1b06b851e49be0f Mon Sep 17 00:00:00 2001 From: Gabriel Rudloff Date: Fri, 19 Sep 2025 12:46:10 +0000 Subject: [PATCH] docs: document PKCE usage in OpenID client --- docs/source/modules/openid_client.rst | 32 +++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/docs/source/modules/openid_client.rst b/docs/source/modules/openid_client.rst index c3c0c90..3e21b78 100644 --- a/docs/source/modules/openid_client.rst +++ b/docs/source/modules/openid_client.rst @@ -145,3 +145,35 @@ Get auth status for a specific resource and scope by token token = keycloak_openid.token("user", "password") auth_status = keycloak_openid.has_uma_access(token['access_token'], "Resource#Scope") + +PKCE Authorization Flow Example +---------------------------------------------- + +.. code-block:: python + + from keycloak import KeycloakOpenID + from keycloak.pkce_utils import generate_code_verifier, generate_code_challenge + + # Configure client + keycloak_openid = KeycloakOpenID(server_url="http://localhost:8080/", + client_id="example_client", + realm_name="example_realm") + + # Generate PKCE values + code_verifier = generate_code_verifier() + code_challenge, code_challenge_method = generate_code_challenge(code_verifier) + + # Get Code With Oauth Authorization Request (PKCE) + auth_url = keycloak_openid.auth_url( + redirect_uri="your_call_back_url", + scope="email", + state="your_state_info", + code_challenge=code_challenge, + code_challenge_method=code_challenge_method) + + # Get Access Token With Code (PKCE) + access_token = keycloak_openid.token( + grant_type='authorization_code', + code='the_code_you_get_from_auth_url_callback', + redirect_uri="your_call_back_url", + code_verifier=code_verifier)