Browse Source

Updated docs.

pull/12/head
Marcos Pereira 7 years ago
parent
commit
df7e0e1132
  1. 95
      README.md
  2. 96
      docs/source/index.rst
  3. 73
      keycloak/keycloak_admin.py
  4. 4
      keycloak/urls_patterns.py

95
README.md

@ -44,49 +44,112 @@ The documentation for python-keycloak is available on [readthedocs](http://pytho
## Usage ## Usage
```python ```python
from keycloak import Keycloak
from keycloak import KeycloakOpenID
# Configure client # Configure client
keycloak = Keycloak(server_url="http://localhost:8080/auth/",
keycloak_openid = KeycloakOpenID(server_url="http://localhost:8080/auth/",
client_id="example_client", client_id="example_client",
realm_name="example_realm", realm_name="example_realm",
client_secret_key="secret") client_secret_key="secret")
# Get WellKnow # Get WellKnow
config_well_know = keycloak.well_know()
config_well_know = keycloak_openid.well_know()
# Get Token # Get Token
token = keycloak.token("user", "password")
token = keycloak_openid.token("user", "password")
# Get Userinfo # Get Userinfo
userinfo = keycloak.userinfo(token['access_token'])
userinfo = keycloak_openid.userinfo(token['access_token'])
# Logout # Logout
keycloak.logout(token['refresh_token'])
keycloak_openid.logout(token['refresh_token'])
# Get Certs # Get Certs
certs = keycloak.certs()
certs = keycloak_openid.certs()
# Get RPT (Entitlement) # Get RPT (Entitlement)
token = keycloak.token("user", "password")
rpt = keycloak.entitlement(token['access_token'], "resource_id")
token = keycloak_openid.token("user", "password")
rpt = keycloak_openid.entitlement(token['access_token'], "resource_id")
# Instropect RPT # Instropect RPT
token_rpt_info = keycloak.instropect(keycloak.instropect(token['access_token'], rpt=rpt['rpt'],
token_rpt_info = keycloak_openid.instropect(keycloak_openid.instropect(token['access_token'], rpt=rpt['rpt'],
token_type_hint="requesting_party_token")) token_type_hint="requesting_party_token"))
# Introspect Token # Introspect Token
token_info = keycloak.introspect(token['access_token']))
token_info = keycloak_openid.introspect(token['access_token']))
# Decode Token # Decode Token
KEYCLOAK_PUBLIC_KEY = "secret" KEYCLOAK_PUBLIC_KEY = "secret"
options = {"verify_signature": True, "verify_aud": True, "exp": True} options = {"verify_signature": True, "verify_aud": True, "exp": True}
token_info = keycloak.decode_token(token['access_token'], key=KEYCLOAK_PUBLIC_KEY, options=options)
token_info = keycloak_openid.decode_token(token['access_token'], key=KEYCLOAK_PUBLIC_KEY, options=options)
# Get permissions by token # Get permissions by token
token = keycloak.token("user", "password")
keycloak.load_authorization_config("example-authz-config.json")
policies = keycloak.get_policies(token['access_token'], method_token_info='decode', key=KEYCLOAK_PUBLIC_KEY)
permissions = keycloak.get_permissions(token['access_token'], method_token_info='introspect')
token = keycloak_openid.token("user", "password")
keycloak_openid.load_authorization_config("example-authz-config.json")
policies = keycloak_openid.get_policies(token['access_token'], method_token_info='decode', key=KEYCLOAK_PUBLIC_KEY)
permissions = keycloak_openid.get_permissions(token['access_token'], method_token_info='introspect')
# KEYCLOAK ADMIN
from keycloak import KeycloakAdmin
keycloak_admin = KeycloakAdmin(server_url="http://localhost:8080/auth/",
username='example-admin',
password='secret',
realm_name="example_realm")
# Add user
new_user = keycloak_admin.create_user({"email": "example@example.com",
"username": "example@example.com",
"enabled": True,
"firstName": "Example",
"lastName": "Example",
"realmRoles": ["user_default", ],
"attributes": {"example": "1,2,3,3,"}})
# User counter
count_users = keycloak_admin.users_count()
# Get users Returns a list of users, filtered according to query parameters
users = keycloak_admin.get_users({})
# Get User
user = keycloak_admin.get_user("user-id-keycloak")
# Update User
response = keycloak_admin.update_user(user_id="user-id-keycloak",
payload={'firstName': 'Example Update'})
# Delete User
response = keycloak_admin.delete_user(user_id="user-id-keycloak")
# Get consents granted by the user
consents = keycloak_admin.consents_user(user_id="user-id-keycloak")
# Send User Action
response = keycloak_admin.send_update_account(user_id="user-id-keycloak",
payload=json.dumps(['UPDATE_PASSWORD']))
# Send Verify Email
response = keycloak_admin.send_verify_email(user_id="user-id-keycloak")
# Get sessions associated with the user
sessions = keycloak_admin.get_sessions(user_id="user-id-keycloak")
# Get themes, social providers, auth providers, and event listeners available on this server
server_info = keycloak_admin.get_server_info()
# Get clients belonging to the realm Returns a list of clients belonging to the realm
clients = keycloak_admin.get_clients()
# Get representation of the client - id of client (not client-id)
client = keycloak_admin.get_client(client_id='id-client')
# Get all roles for the client
client_roles = keycloak_admin.get_client_role(client_id='id-client')
# Get all roles for the realm or client
realm_roles = keycloak_admin.get_roles()
``` ```

96
docs/source/index.rst

@ -71,48 +71,112 @@ Usage
Main methods:: Main methods::
from keycloak import Keycloak
from keycloak import KeycloakOpenID
# Configure client # Configure client
keycloak = Keycloak(server_url="http://localhost:8080/auth/",
keycloak_openid = KeycloakOpenID(server_url="http://localhost:8080/auth/",
client_id="example_client", client_id="example_client",
realm_name="example_realm", realm_name="example_realm",
client_secret_key="secret") client_secret_key="secret")
# Get WellKnow # Get WellKnow
config_well_know = keycloak.well_know()
config_well_know = keycloak_openid.well_know()
# Get Token # Get Token
token = keycloak.token("user", "password")
token = keycloak_openid.token("user", "password")
# Get Userinfo # Get Userinfo
userinfo = keycloak.userinfo(token['access_token'])
userinfo = keycloak_openid.userinfo(token['access_token'])
# Logout # Logout
keycloak.logout(token['refresh_token'])
keycloak_openid.logout(token['refresh_token'])
# Get Certs # Get Certs
certs = keycloak.certs()
certs = keycloak_openid.certs()
# Get RPT (Entitlement) # Get RPT (Entitlement)
token = keycloak.token("user", "password")
rpt = keycloak.entitlement(token['access_token'], "resource_id")
token = keycloak_openid.token("user", "password")
rpt = keycloak_openid.entitlement(token['access_token'], "resource_id")
# Instropect RPT # Instropect RPT
token_rpt_info = keycloak.instropect(keycloak.instropect(token['access_token'], rpt=rpt['rpt'],
token_rpt_info = keycloak_openid.instropect(keycloak_openid.instropect(token['access_token'], rpt=rpt['rpt'],
token_type_hint="requesting_party_token")) token_type_hint="requesting_party_token"))
# Introspect Token # Introspect Token
token_info = keycloak.introspect(token['access_token']))
token_info = keycloak_openid.introspect(token['access_token']))
# Decode Token # Decode Token
KEYCLOAK_PUBLIC_KEY = "secret" KEYCLOAK_PUBLIC_KEY = "secret"
options = {"verify_signature": True, "verify_aud": True, "exp": True} options = {"verify_signature": True, "verify_aud": True, "exp": True}
token_info = keycloak.decode_token(token['access_token'], key=KEYCLOAK_PUBLIC_KEY, options=options)
token_info = keycloak_openid.decode_token(token['access_token'], key=KEYCLOAK_PUBLIC_KEY, options=options)
# Get permissions by token # Get permissions by token
token = keycloak.token("user", "password")
keycloak.load_authorization_config("example-authz-config.json")
policies = keycloak.get_policies(token['access_token'], method_token_info='decode', key=KEYCLOAK_PUBLIC_KEY)
permissions = keycloak.get_permissions(token['access_token'], method_token_info='introspect')
token = keycloak_openid.token("user", "password")
keycloak_openid.load_authorization_config("example-authz-config.json")
policies = keycloak_openid.get_policies(token['access_token'], method_token_info='decode', key=KEYCLOAK_PUBLIC_KEY)
permissions = keycloak_openid.get_permissions(token['access_token'], method_token_info='introspect')
# KEYCLOAK ADMIN
from keycloak import KeycloakAdmin
keycloak_admin = KeycloakAdmin(server_url="http://localhost:8080/auth/",
username='example-admin',
password='secret',
realm_name="example_realm")
# Add user
new_user = keycloak_admin.create_user({"email": "example@example.com",
"username": "example@example.com",
"enabled": True,
"firstName": "Example",
"lastName": "Example",
"realmRoles": ["user_default", ],
"attributes": {"example": "1,2,3,3,"}})
# User counter
count_users = keycloak_admin.users_count()
# Get users Returns a list of users, filtered according to query parameters
users = keycloak_admin.get_users({})
# Get User
user = keycloak_admin.get_user("user-id-keycloak")
# Update User
response = keycloak_admin.update_user(user_id="user-id-keycloak",
payload={'firstName': 'Example Update'})
# Delete User
response = keycloak_admin.delete_user(user_id="user-id-keycloak")
# Get consents granted by the user
consents = keycloak_admin.consents_user(user_id="user-id-keycloak")
# Send User Action
response = keycloak_admin.send_update_account(user_id="user-id-keycloak",
payload=json.dumps(['UPDATE_PASSWORD']))
# Send Verify Email
response = keycloak_admin.send_verify_email(user_id="user-id-keycloak")
# Get sessions associated with the user
sessions = keycloak_admin.get_sessions(user_id="user-id-keycloak")
# Get themes, social providers, auth providers, and event listeners available on this server
server_info = keycloak_admin.get_server_info()
# Get clients belonging to the realm Returns a list of clients belonging to the realm
clients = keycloak_admin.get_clients()
# Get representation of the client - id of client (not client-id)
client = keycloak_admin.get_client(client_id='id-client')
# Get all roles for the client
client_roles = keycloak_admin.get_client_role(client_id='id-client')
# Get all roles for the realm or client
realm_roles = keycloak_admin.get_roles()

73
keycloak/keycloak_admin.py

@ -14,20 +14,19 @@
# #
# You should have received a copy of the GNU Lesser General Public License # You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
from keycloak.urls_patterns import URL_ADMIN_USERS_COUNT, URL_ADMIN_USER, URL_ADMIN_USER_CONSENTS, \
from .urls_patterns import URL_ADMIN_USERS_COUNT, URL_ADMIN_USER, URL_ADMIN_USER_CONSENTS, \
URL_ADMIN_SEND_UPDATE_ACCOUNT, URL_ADMIN_RESET_PASSWORD, URL_ADMIN_SEND_VERIFY_EMAIL, URL_ADMIN_GET_SESSIONS, \ URL_ADMIN_SEND_UPDATE_ACCOUNT, URL_ADMIN_RESET_PASSWORD, URL_ADMIN_SEND_VERIFY_EMAIL, URL_ADMIN_GET_SESSIONS, \
URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENTS
URL_ADMIN_SERVER_INFO, URL_ADMIN_CLIENTS, URL_ADMIN_CLIENT, URL_ADMIN_CLIENT_ROLES, URL_ADMIN_REALM_ROLES
from .keycloak_openid import KeycloakOpenID from .keycloak_openid import KeycloakOpenID
from .exceptions import raise_error_from_response, KeycloakGetError, KeycloakSecretNotFound, \
KeycloakRPTNotFound, KeycloakAuthorizationConfigError, KeycloakInvalidTokenError
from .exceptions import raise_error_from_response, KeycloakGetError
from .urls_patterns import ( from .urls_patterns import (
URL_ADMIN_USERS, URL_ADMIN_USERS,
) )
from .connection import ConnectionManager from .connection import ConnectionManager
from jose import jwt
import json import json
@ -96,7 +95,7 @@ class KeycloakAdmin:
def token(self, value): def token(self, value):
self._token = value self._token = value
def list_users(self, query=None):
def get_users(self, query=None):
""" """
Get users Returns a list of users, filtered according to query parameters Get users Returns a list of users, filtered according to query parameters
@ -122,7 +121,7 @@ class KeycloakAdmin:
data=json.dumps(payload)) data=json.dumps(payload))
return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201) return raise_error_from_response(data_raw, KeycloakGetError, expected_code=201)
def count_users(self):
def users_count(self):
""" """
User counter User counter
@ -203,21 +202,6 @@ class KeycloakAdmin:
data=payload, **params_query) data=payload, **params_query)
return raise_error_from_response(data_raw, KeycloakGetError) return raise_error_from_response(data_raw, KeycloakGetError)
def reset_password(self, user_id, password):
"""
Set up a temporary password for the user User will have to reset the
temporary password next time they log in.
:param user_id: User id
:param password: A Temporary password
:return:
"""
params_path = {"realm-name": self.realm_name, "id": user_id}
data_raw = self.connection.raw_put(URL_ADMIN_RESET_PASSWORD.format(**params_path),
data=json.dumps({'pass': password}))
return raise_error_from_response(data_raw, KeycloakGetError)
def send_verify_email(self, user_id, client_id=None, redirect_uri=None): def send_verify_email(self, user_id, client_id=None, redirect_uri=None):
""" """
Send a update account email to the user An email contains a Send a update account email to the user An email contains a
@ -254,8 +238,6 @@ class KeycloakAdmin:
""" """
Get themes, social providers, auth providers, and event listeners available on this server Get themes, social providers, auth providers, and event listeners available on this server
:param user_id: User id
ServerInfoRepresentation ServerInfoRepresentation
http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_serverinforepresentation http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_serverinforepresentation
@ -277,3 +259,46 @@ class KeycloakAdmin:
data_raw = self.connection.raw_get(URL_ADMIN_CLIENTS.format(**params_path)) data_raw = self.connection.raw_get(URL_ADMIN_CLIENTS.format(**params_path))
return raise_error_from_response(data_raw, KeycloakGetError) return raise_error_from_response(data_raw, KeycloakGetError)
def get_client(self, client_id):
"""
Get representation of the client
ClientRepresentation
http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_clientrepresentation
:param client_id: id of client (not client-id)
:return: ClientRepresentation
"""
params_path = {"realm-name": self.realm_name, "id": client_id}
data_raw = self.connection.raw_get(URL_ADMIN_CLIENT.format(**params_path))
return raise_error_from_response(data_raw, KeycloakGetError)
def get_client_role(self, client_id):
"""
Get all roles for the client
RoleRepresentation
http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
:param client_id: id of client (not client-id)
:return: RoleRepresentation
"""
params_path = {"realm-name": self.realm_name, "id": client_id}
data_raw = self.connection.raw_get(URL_ADMIN_CLIENT_ROLES.format(**params_path))
return raise_error_from_response(data_raw, KeycloakGetError)
def get_roles(self):
"""
Get all roles for the realm or client
RoleRepresentation
http://www.keycloak.org/docs-api/3.3/rest-api/index.html#_rolerepresentation
:return: RoleRepresentation
"""
params_path = {"realm-name": self.realm_name}
data_raw = self.connection.raw_get(URL_ADMIN_REALM_ROLES.format(**params_path))
return raise_error_from_response(data_raw, KeycloakGetError)

4
keycloak/urls_patterns.py

@ -36,5 +36,9 @@ URL_ADMIN_GET_SESSIONS = "admin/realms/{realm-name}/users/{id}/sessions"
URL_ADMIN_SERVER_INFO = "admin/serverinfo" URL_ADMIN_SERVER_INFO = "admin/serverinfo"
URL_ADMIN_CLIENTS = "admin/realms/{realm-name}/clients" URL_ADMIN_CLIENTS = "admin/realms/{realm-name}/clients"
URL_ADMIN_CLIENT = "admin/realms/{realm-name}/clients/{id}"
URL_ADMIN_CLIENT_ROLES = "admin/realms/{realm-name}/clients/{id}/roles"
URL_ADMIN_REALM_ROLES = "admin/realms/{realm-name}/roles"
Loading…
Cancel
Save