diff --git a/README.md b/README.md index 89b7096..064dc0e 100644 --- a/README.md +++ b/README.md @@ -44,49 +44,112 @@ The documentation for python-keycloak is available on [readthedocs](http://pytho ## Usage ```python -from keycloak import Keycloak +from keycloak import KeycloakOpenID # Configure client -keycloak = Keycloak(server_url="http://localhost:8080/auth/", +keycloak_openid = KeycloakOpenID(server_url="http://localhost:8080/auth/", client_id="example_client", realm_name="example_realm", client_secret_key="secret") # Get WellKnow -config_well_know = keycloak.well_know() +config_well_know = keycloak_openid.well_know() # Get Token -token = keycloak.token("user", "password") +token = keycloak_openid.token("user", "password") # Get Userinfo -userinfo = keycloak.userinfo(token['access_token']) +userinfo = keycloak_openid.userinfo(token['access_token']) # Logout -keycloak.logout(token['refresh_token']) +keycloak_openid.logout(token['refresh_token']) # Get Certs -certs = keycloak.certs() +certs = keycloak_openid.certs() # Get RPT (Entitlement) -token = keycloak.token("user", "password") -rpt = keycloak.entitlement(token['access_token'], "resource_id") +token = keycloak_openid.token("user", "password") +rpt = keycloak_openid.entitlement(token['access_token'], "resource_id") # Instropect RPT -token_rpt_info = keycloak.instropect(keycloak.instropect(token['access_token'], rpt=rpt['rpt'], +token_rpt_info = keycloak_openid.instropect(keycloak_openid.instropect(token['access_token'], rpt=rpt['rpt'], token_type_hint="requesting_party_token")) # Introspect Token -token_info = keycloak.introspect(token['access_token'])) +token_info = keycloak_openid.introspect(token['access_token'])) # Decode Token KEYCLOAK_PUBLIC_KEY = "secret" options = {"verify_signature": True, "verify_aud": True, "exp": True} -token_info = keycloak.decode_token(token['access_token'], key=KEYCLOAK_PUBLIC_KEY, options=options) +token_info = keycloak_openid.decode_token(token['access_token'], key=KEYCLOAK_PUBLIC_KEY, options=options) # Get permissions by token -token = keycloak.token("user", "password") -keycloak.load_authorization_config("example-authz-config.json") -policies = keycloak.get_policies(token['access_token'], method_token_info='decode', key=KEYCLOAK_PUBLIC_KEY) -permissions = keycloak.get_permissions(token['access_token'], method_token_info='introspect') +token = keycloak_openid.token("user", "password") +keycloak_openid.load_authorization_config("example-authz-config.json") +policies = keycloak_openid.get_policies(token['access_token'], method_token_info='decode', key=KEYCLOAK_PUBLIC_KEY) +permissions = keycloak_openid.get_permissions(token['access_token'], method_token_info='introspect') + +# KEYCLOAK ADMIN + +from keycloak import KeycloakAdmin + +keycloak_admin = KeycloakAdmin(server_url="http://localhost:8080/auth/", + username='example-admin', + password='secret', + realm_name="example_realm") + +# Add user +new_user = keycloak_admin.create_user({"email": "example@example.com", + "username": "example@example.com", + "enabled": True, + "firstName": "Example", + "lastName": "Example", + "realmRoles": ["user_default", ], + "attributes": {"example": "1,2,3,3,"}}) + +# User counter +count_users = keycloak_admin.users_count() + +# Get users Returns a list of users, filtered according to query parameters +users = keycloak_admin.get_users({}) + +# Get User +user = keycloak_admin.get_user("user-id-keycloak") + +# Update User +response = keycloak_admin.update_user(user_id="user-id-keycloak", + payload={'firstName': 'Example Update'}) + +# Delete User +response = keycloak_admin.delete_user(user_id="user-id-keycloak") + +# Get consents granted by the user +consents = keycloak_admin.consents_user(user_id="user-id-keycloak") + +# Send User Action +response = keycloak_admin.send_update_account(user_id="user-id-keycloak", + payload=json.dumps(['UPDATE_PASSWORD'])) + +# Send Verify Email +response = keycloak_admin.send_verify_email(user_id="user-id-keycloak") + +# Get sessions associated with the user +sessions = keycloak_admin.get_sessions(user_id="user-id-keycloak") + +# Get themes, social providers, auth providers, and event listeners available on this server +server_info = keycloak_admin.get_server_info() + +# Get clients belonging to the realm Returns a list of clients belonging to the realm +clients = keycloak_admin.get_clients() + +# Get representation of the client - id of client (not client-id) +client = keycloak_admin.get_client(client_id='id-client') + +# Get all roles for the client +client_roles = keycloak_admin.get_client_role(client_id='id-client') + + +# Get all roles for the realm or client +realm_roles = keycloak_admin.get_roles() ``` \ No newline at end of file diff --git a/docs/source/index.rst b/docs/source/index.rst index 1c6be6c..8abc8d9 100644 --- a/docs/source/index.rst +++ b/docs/source/index.rst @@ -71,48 +71,112 @@ Usage Main methods:: - from keycloak import Keycloak + from keycloak import KeycloakOpenID # Configure client - keycloak = Keycloak(server_url="http://localhost:8080/auth/", + keycloak_openid = KeycloakOpenID(server_url="http://localhost:8080/auth/", client_id="example_client", realm_name="example_realm", client_secret_key="secret") # Get WellKnow - config_well_know = keycloak.well_know() + config_well_know = keycloak_openid.well_know() # Get Token - token = keycloak.token("user", "password") + token = keycloak_openid.token("user", "password") # Get Userinfo - userinfo = keycloak.userinfo(token['access_token']) + userinfo = keycloak_openid.userinfo(token['access_token']) # Logout - keycloak.logout(token['refresh_token']) + keycloak_openid.logout(token['refresh_token']) # Get Certs - certs = keycloak.certs() + certs = keycloak_openid.certs() # Get RPT (Entitlement) - token = keycloak.token("user", "password") - rpt = keycloak.entitlement(token['access_token'], "resource_id") + token = keycloak_openid.token("user", "password") + rpt = keycloak_openid.entitlement(token['access_token'], "resource_id") # Instropect RPT - token_rpt_info = keycloak.instropect(keycloak.instropect(token['access_token'], rpt=rpt['rpt'], + token_rpt_info = keycloak_openid.instropect(keycloak_openid.instropect(token['access_token'], rpt=rpt['rpt'], token_type_hint="requesting_party_token")) # Introspect Token - token_info = keycloak.introspect(token['access_token'])) + token_info = keycloak_openid.introspect(token['access_token'])) # Decode Token KEYCLOAK_PUBLIC_KEY = "secret" options = {"verify_signature": True, "verify_aud": True, "exp": True} - token_info = keycloak.decode_token(token['access_token'], key=KEYCLOAK_PUBLIC_KEY, options=options) + token_info = keycloak_openid.decode_token(token['access_token'], key=KEYCLOAK_PUBLIC_KEY, options=options) # Get permissions by token - token = keycloak.token("user", "password") - keycloak.load_authorization_config("example-authz-config.json") - policies = keycloak.get_policies(token['access_token'], method_token_info='decode', key=KEYCLOAK_PUBLIC_KEY) - permissions = keycloak.get_permissions(token['access_token'], method_token_info='introspect') + token = keycloak_openid.token("user", "password") + keycloak_openid.load_authorization_config("example-authz-config.json") + policies = keycloak_openid.get_policies(token['access_token'], method_token_info='decode', key=KEYCLOAK_PUBLIC_KEY) + permissions = keycloak_openid.get_permissions(token['access_token'], method_token_info='introspect') + + # KEYCLOAK ADMIN + + from keycloak import KeycloakAdmin + + keycloak_admin = KeycloakAdmin(server_url="http://localhost:8080/auth/", + username='example-admin', + password='secret', + realm_name="example_realm") + + # Add user + new_user = keycloak_admin.create_user({"email": "example@example.com", + "username": "example@example.com", + "enabled": True, + "firstName": "Example", + "lastName": "Example", + "realmRoles": ["user_default", ], + "attributes": {"example": "1,2,3,3,"}}) + + # User counter + count_users = keycloak_admin.users_count() + + # Get users Returns a list of users, filtered according to query parameters + users = keycloak_admin.get_users({}) + + # Get User + user = keycloak_admin.get_user("user-id-keycloak") + + # Update User + response = keycloak_admin.update_user(user_id="user-id-keycloak", + payload={'firstName': 'Example Update'}) + + # Delete User + response = keycloak_admin.delete_user(user_id="user-id-keycloak") + + # Get consents granted by the user + consents = keycloak_admin.consents_user(user_id="user-id-keycloak") + + # Send User Action + response = keycloak_admin.send_update_account(user_id="user-id-keycloak", + payload=json.dumps(['UPDATE_PASSWORD'])) + + # Send Verify Email + response = keycloak_admin.send_verify_email(user_id="user-id-keycloak") + + # Get sessions associated with the user + sessions = keycloak_admin.get_sessions(user_id="user-id-keycloak") + + # Get themes, social providers, auth providers, and event listeners available on this server + server_info = keycloak_admin.get_server_info() + + # Get clients belonging to the realm Returns a list of clients belonging to the realm + clients = keycloak_admin.get_clients() + + # Get representation of the client - id of client (not client-id) + client = keycloak_admin.get_client(client_id='id-client') + + # Get all roles for the client + client_roles = keycloak_admin.get_client_role(client_id='id-client') + + + # Get all roles for the realm or client + realm_roles = keycloak_admin.get_roles() + diff --git a/keycloak/keycloak_admin.py b/keycloak/keycloak_admin.py index 75de538..1f75c6c 100644 --- a/keycloak/keycloak_admin.py +++ b/keycloak/keycloak_admin.py @@ -14,20 +14,19 @@ # # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see . -from keycloak.urls_patterns import URL_ADMIN_USERS_COUNT, URL_ADMIN_USER, URL_ADMIN_USER_CONSENTS, \ + +from .urls_patterns import URL_ADMIN_USERS_COUNT, URL_ADMIN_USER, URL_ADMIN_USER_CONSENTS, \ URL_ADMIN_SEND_UPDATE_ACCOUNT, URL_ADMIN_RESET_PASSWORD, URL_ADMIN_SEND_VERIFY_EMAIL, URL_ADMIN_GET_SESSIONS, \ - URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENTS + URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENTS, URL_ADMIN_CLIENT, URL_ADMIN_CLIENT_ROLES, URL_ADMIN_REALM_ROLES from .keycloak_openid import KeycloakOpenID -from .exceptions import raise_error_from_response, KeycloakGetError, KeycloakSecretNotFound, \ - KeycloakRPTNotFound, KeycloakAuthorizationConfigError, KeycloakInvalidTokenError +from .exceptions import raise_error_from_response, KeycloakGetError from .urls_patterns import ( URL_ADMIN_USERS, ) from .connection import ConnectionManager -from jose import jwt import json @@ -96,7 +95,7 @@ class KeycloakAdmin: def token(self, value): self._token = value - def list_users(self, query=None): + def get_users(self, query=None): """ Get users Returns a list of users, filtered according to query parameters @@ -122,7 +121,7 @@ class KeycloakAdmin: data=json.dumps(payload)) return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201) - def count_users(self): + def users_count(self): """ User counter @@ -203,21 +202,6 @@ class KeycloakAdmin: data=payload, **params_query) return raise_error_from_response(data_raw, KeycloakGetError) - def reset_password(self, user_id, password): - """ - Set up a temporary password for the user User will have to reset the - temporary password next time they log in. - - :param user_id: User id - :param password: A Temporary password - - :return: - """ - params_path = {"realm-name": self.realm_name, "id": user_id} - data_raw = self.connection.raw_put(URL_ADMIN_RESET_PASSWORD.format(**params_path), - data=json.dumps({'pass': password})) - return raise_error_from_response(data_raw, KeycloakGetError) - def send_verify_email(self, user_id, client_id=None, redirect_uri=None): """ Send a update account email to the user An email contains a @@ -254,8 +238,6 @@ class KeycloakAdmin: """ Get themes, social providers, auth providers, and event listeners available on this server - :param user_id: User id - ServerInfoRepresentation http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_serverinforepresentation @@ -277,3 +259,46 @@ class KeycloakAdmin: data_raw = self.connection.raw_get(URL_ADMIN_CLIENTS.format(**params_path)) return raise_error_from_response(data_raw, KeycloakGetError) + def get_client(self, client_id): + """ + Get representation of the client + + ClientRepresentation + http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation + + :param client_id: id of client (not client-id) + + :return: ClientRepresentation + """ + params_path = {"realm-name": self.realm_name, "id": client_id} + data_raw = self.connection.raw_get(URL_ADMIN_CLIENT.format(**params_path)) + return raise_error_from_response(data_raw, KeycloakGetError) + + def get_client_role(self, client_id): + """ + Get all roles for the client + + RoleRepresentation + http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation + + :param client_id: id of client (not client-id) + + :return: RoleRepresentation + """ + params_path = {"realm-name": self.realm_name, "id": client_id} + data_raw = self.connection.raw_get(URL_ADMIN_CLIENT_ROLES.format(**params_path)) + return raise_error_from_response(data_raw, KeycloakGetError) + + def get_roles(self): + """ + Get all roles for the realm or client + + RoleRepresentation + http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation + + :return: RoleRepresentation + """ + params_path = {"realm-name": self.realm_name} + data_raw = self.connection.raw_get(URL_ADMIN_REALM_ROLES.format(**params_path)) + return raise_error_from_response(data_raw, KeycloakGetError) + diff --git a/keycloak/urls_patterns.py b/keycloak/urls_patterns.py index 240eca0..6ffab2a 100644 --- a/keycloak/urls_patterns.py +++ b/keycloak/urls_patterns.py @@ -36,5 +36,9 @@ URL_ADMIN_GET_SESSIONS = "admin/realms/{realm-name}/users/{id}/sessions" URL_ADMIN_SERVER_INFO = "admin/serverinfo" URL_ADMIN_CLIENTS = "admin/realms/{realm-name}/clients" +URL_ADMIN_CLIENT = "admin/realms/{realm-name}/clients/{id}" +URL_ADMIN_CLIENT_ROLES = "admin/realms/{realm-name}/clients/{id}/roles" + +URL_ADMIN_REALM_ROLES = "admin/realms/{realm-name}/roles"