fix: Added grant type as openid_connection optional attribute

src/keycloak/keycloak_admin.py

@@ -86,6 +86,7 @@ class KeycloakAdmin:
     def __init__(
         self,
         server_url=None,
+        grant_type=None,
         username=None,
         password=None,
         token=None,
@@ -104,6 +105,8 @@ class KeycloakAdmin:
 
         :param server_url: Keycloak server url
         :type server_url: str
+        :param grant_type: grant type for authn
+        :type grant_type: str
         :param username: admin username
         :type username: str
         :param password: admin password
@@ -136,6 +139,7 @@ class KeycloakAdmin:
         """
         self.connection = connection or KeycloakOpenIDConnection(
             server_url=server_url,
+            grant_type=grant_type,
             username=username,
             password=password,
             token=token,

src/keycloak/keycloak_openid.py

@@ -276,7 +276,7 @@ class KeycloakOpenID:
         self,
         username="",
         password="",
-        grant_type=["password"],
+        grant_type="password",
         code="",
         redirect_uri="",
         totp=None,
@@ -338,7 +338,7 @@ class KeycloakOpenID:
         )
         return raise_error_from_response(data_raw, KeycloakPostError)
 
-    def refresh_token(self, refresh_token, grant_type=["refresh_token"]):
+    def refresh_token(self, refresh_token, grant_type="refresh_token"):
         """Refresh the user token.
 
         The token endpoint is used to obtain tokens. Tokens can either be obtained by
@@ -409,7 +409,7 @@ class KeycloakOpenID:
         """
         params_path = {"realm-name": self.realm_name}
         payload = {
-            "grant_type": ["urn:ietf:params:oauth:grant-type:token-exchange"],
+            "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
             "client_id": self.client_id,
             "subject_token": token,
             "subject_token_type": subject_token_type,
@@ -920,7 +920,7 @@ class KeycloakOpenID:
         self,
         username="",
         password="",
-        grant_type=["password"],
+        grant_type="password",
         code="",
         redirect_uri="",
         totp=None,
@@ -982,7 +982,7 @@ class KeycloakOpenID:
         )
         return raise_error_from_response(data_raw, KeycloakPostError)
 
-    async def a_refresh_token(self, refresh_token, grant_type=["refresh_token"]):
+    async def a_refresh_token(self, refresh_token, grant_type="refresh_token"):
         """Refresh the user token asynchronously.
 
         The token endpoint is used to obtain tokens. Tokens can either be obtained by
@@ -1053,7 +1053,7 @@ class KeycloakOpenID:
         """
         params_path = {"realm-name": self.realm_name}
         payload = {
-            "grant_type": ["urn:ietf:params:oauth:grant-type:token-exchange"],
+            "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
             "client_id": self.client_id,
             "subject_token": token,
             "subject_token_type": subject_token_type,

src/keycloak/openid_connection.py

@@ -43,6 +43,7 @@ class KeycloakOpenIDConnection(ConnectionManager):
     """
 
     _server_url = None
+    _grant_type = None
     _username = None
     _password = None
     _totp = None
@@ -59,6 +60,7 @@ class KeycloakOpenIDConnection(ConnectionManager):
     def __init__(
         self,
         server_url,
+        grant_type=None,
         username=None,
         password=None,
         token=None,
@@ -76,6 +78,8 @@ class KeycloakOpenIDConnection(ConnectionManager):
 
         :param server_url: Keycloak server url
         :type server_url: str
+        :param grant_type: grant type for authn
+        :type grant_type: str
         :param username: admin username
         :type username: str
         :param password: admin password
@@ -110,6 +114,7 @@ class KeycloakOpenIDConnection(ConnectionManager):
         self.token_lifetime_fraction = 0.9
         self.headers = {}
         self.server_url = server_url
+        self.grant_type = grant_type
         self.username = username
         self.password = password
         self.token = token
@@ -124,6 +129,12 @@ class KeycloakOpenIDConnection(ConnectionManager):
         self.headers = {**self.headers, "Content-Type": "application/json"}
         self.cert = cert
 
+        if not self.grant_type:
+            if username and password:
+                self.grant_type = "password"
+            elif client_secret_key:
+                self.grant_type = "client_credentials"
+
         super().__init__(
             base_url=self.server_url,
             headers=self.headers,
@@ -314,15 +325,9 @@ class KeycloakOpenIDConnection(ConnectionManager):
 
         The admin token is then set in the `token` attribute.
         """
-        grant_type = []
-        if self.username and self.password:
-            grant_type.append("password")
-        elif self.client_secret_key:
-            grant_type.append("client_credentials")
-
-        if grant_type:
+        if self.grant_type:
             self.token = self.keycloak_openid.token(
-                self.username, self.password, grant_type=grant_type, totp=self.totp
+                self.username, self.password, grant_type=self.grant_type, totp=self.totp
             )
         else:
             self.token = None
@@ -426,15 +431,9 @@ class KeycloakOpenIDConnection(ConnectionManager):
 
         The admin token is then set in the `token` attribute.
         """
-        grant_type = []
-        if self.username and self.password:
-            grant_type.append("password")
-        elif self.client_secret_key:
-            grant_type.append("client_credentials")
-
-        if grant_type:
+        if self.grant_type:
             self.token = await self.keycloak_openid.a_token(
-                self.username, self.password, grant_type=grant_type, totp=self.totp
+                self.username, self.password, grant_type=self.grant_type, totp=self.totp
             )
         else:
             self.token = None