From fd00b7f9bdcb483982bbf35eece1c017db1d7b0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Santos?= Date: Sun, 28 May 2023 14:09:47 +0100 Subject: [PATCH] refactor: Exchange token method MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * refactor: Refactor exchange_token method Add missing arguments: - subject_token_type - subject_issuer - requested_issuer Remove client_id argument. The client_id should come from self. Add None defaults * 🔥 chore(test_keycloak_openid.py): remove unused client_id parameter Refactored the exchange_token method test to match the new interface BREAKING CHANGE: Changes the exchange token API --- src/keycloak/keycloak_openid.py | 20 +++++++++++++++----- tests/test_keycloak_openid.py | 1 - 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/src/keycloak/keycloak_openid.py b/src/keycloak/keycloak_openid.py index 25610ba..f689c37 100644 --- a/src/keycloak/keycloak_openid.py +++ b/src/keycloak/keycloak_openid.py @@ -28,6 +28,7 @@ class to handle authentication and token manipulation. """ import json +from typing import Optional from jose import jwt @@ -342,9 +343,11 @@ class KeycloakOpenID: def exchange_token( self, token: str, - client_id: str, audience: str, - subject: str, + subject: Optional[str] = None, + subject_token_type: Optional[str] = None, + subject_issuer: Optional[str] = None, + requested_issuer: Optional[str] = None, requested_token_type: str = "urn:ietf:params:oauth:token-type:refresh_token", scope: str = "openid", ) -> dict: @@ -355,12 +358,16 @@ class KeycloakOpenID: :param token: Access token :type token: str - :param client_id: Client id - :type client_id: str :param audience: Audience :type audience: str :param subject: Subject :type subject: str + :param subject_token_type: Token Type specification + :type subject_token_type: Optional[str] + :param subject_issuer: Issuer + :type subject_issuer: Optional[str] + :param requested_issuer: Issuer + :type requested_issuer: Optional[str] :param requested_token_type: Token type specification :type requested_token_type: str :param scope: Scope, defaults to openid @@ -371,11 +378,14 @@ class KeycloakOpenID: params_path = {"realm-name": self.realm_name} payload = { "grant_type": ["urn:ietf:params:oauth:grant-type:token-exchange"], - "client_id": client_id, + "client_id": self.client_id, "subject_token": token, + "subject_token_type": subject_token_type, + "subject_issuer": subject_issuer, "requested_token_type": requested_token_type, "audience": audience, "requested_subject": subject, + "requested_issuer": requested_issuer, "scope": scope, } payload = self._add_secret_key(payload) diff --git a/tests/test_keycloak_openid.py b/tests/test_keycloak_openid.py index 8f3825a..712c4bc 100644 --- a/tests/test_keycloak_openid.py +++ b/tests/test_keycloak_openid.py @@ -209,7 +209,6 @@ def test_exchange_token( # Exchange token with the new user new_token = oid.exchange_token( token=token["access_token"], - client_id=oid.client_id, audience=oid.client_id, subject=username, )