Browse Source

refactor: Exchange token method

* refactor: Refactor exchange_token method

Add missing arguments:
  - subject_token_type
  - subject_issuer
  - requested_issuer

Remove client_id argument. The client_id should come from self.

Add None defaults

* 🔥 chore(test_keycloak_openid.py): remove unused client_id parameter

Refactored the exchange_token method test to match the new interface

BREAKING CHANGE: Changes the exchange token API
pull/452/head v3.0.0
André Santos 2 years ago
committed by Richard Nemeth
parent
commit
fd00b7f9bd
  1. 20
      src/keycloak/keycloak_openid.py
  2. 1
      tests/test_keycloak_openid.py

20
src/keycloak/keycloak_openid.py

@ -28,6 +28,7 @@ class to handle authentication and token manipulation.
""" """
import json import json
from typing import Optional
from jose import jwt from jose import jwt
@ -342,9 +343,11 @@ class KeycloakOpenID:
def exchange_token( def exchange_token(
self, self,
token: str, token: str,
client_id: str,
audience: str, audience: str,
subject: str,
subject: Optional[str] = None,
subject_token_type: Optional[str] = None,
subject_issuer: Optional[str] = None,
requested_issuer: Optional[str] = None,
requested_token_type: str = "urn:ietf:params:oauth:token-type:refresh_token", requested_token_type: str = "urn:ietf:params:oauth:token-type:refresh_token",
scope: str = "openid", scope: str = "openid",
) -> dict: ) -> dict:
@ -355,12 +358,16 @@ class KeycloakOpenID:
:param token: Access token :param token: Access token
:type token: str :type token: str
:param client_id: Client id
:type client_id: str
:param audience: Audience :param audience: Audience
:type audience: str :type audience: str
:param subject: Subject :param subject: Subject
:type subject: str :type subject: str
:param subject_token_type: Token Type specification
:type subject_token_type: Optional[str]
:param subject_issuer: Issuer
:type subject_issuer: Optional[str]
:param requested_issuer: Issuer
:type requested_issuer: Optional[str]
:param requested_token_type: Token type specification :param requested_token_type: Token type specification
:type requested_token_type: str :type requested_token_type: str
:param scope: Scope, defaults to openid :param scope: Scope, defaults to openid
@ -371,11 +378,14 @@ class KeycloakOpenID:
params_path = {"realm-name": self.realm_name} params_path = {"realm-name": self.realm_name}
payload = { payload = {
"grant_type": ["urn:ietf:params:oauth:grant-type:token-exchange"], "grant_type": ["urn:ietf:params:oauth:grant-type:token-exchange"],
"client_id": client_id,
"client_id": self.client_id,
"subject_token": token, "subject_token": token,
"subject_token_type": subject_token_type,
"subject_issuer": subject_issuer,
"requested_token_type": requested_token_type, "requested_token_type": requested_token_type,
"audience": audience, "audience": audience,
"requested_subject": subject, "requested_subject": subject,
"requested_issuer": requested_issuer,
"scope": scope, "scope": scope,
} }
payload = self._add_secret_key(payload) payload = self._add_secret_key(payload)

1
tests/test_keycloak_openid.py

@ -209,7 +209,6 @@ def test_exchange_token(
# Exchange token with the new user # Exchange token with the new user
new_token = oid.exchange_token( new_token = oid.exchange_token(
token=token["access_token"], token=token["access_token"],
client_id=oid.client_id,
audience=oid.client_id, audience=oid.client_id,
subject=username, subject=username,
) )

Loading…
Cancel
Save