* feat: add create_client_authz_scope_permission and create_client_authz_policy to keycloak_admin
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: fixed create_client_authz_policy url
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: fixed test expect number of policies
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: fixed typo in test for create_client_authz_scope_based_permission
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: removed duplicated test
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: chenge url to use existing variables
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: linting
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: linting
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
---------
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
Co-authored-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: initializing KeycloakAdmin without server_url
According to the project readme, we could initialize a KeycloakAdmin object with a KeycloakOpenIDConnection object without other arguments but, server_url is required.
I made server_url optional and wrote a test for it.
* Revert "fix: initializing KeycloakAdmin without server_url"
This reverts commit 09cf503415.
* fix: initializing KeycloakAdmin without server_url
According to the project readme, we could initialize a KeycloakAdmin object with a KeycloakOpenIDConnection object without other arguments but, server_url is required.
I made server_url optional and wrote a test for it.
* fix: check linting, formatting
---------
Co-authored-by: Armin Shoughi <a.shoughi@hesaba.co>
* feat: add tests and logic for deleting client authz resource
* feat: add tests and logic for getting client authz resource
* fix: update return type of get_client_authz_resource from bytes to dict
* fix: update return type of get_client_authz_resources admin method
* refactor: Factor our OpenIdConnectionManager class and deprecate old methods
* refactor: Refactor keycloak uma client to use openid connection manager
* fix: Perform token renewal at 90% of lifetime
* refactor: Add optional openid connection constructor param to keycloak admin
* refactor: Remove auto_refresh_token in favour of automatic refresh on expiry
* refactor: move KeycloakOpenIDConnectionManager to a separate file
* docs: uma additions and fixes
* refactor: rename token_renewal_fraction->token_lifetime_fraction
* refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection
* docs: incorporate review comments
Keycloak provides an API endpoint to directly load a group by its path.
This commit changes get_group_by_path to not filter the groups locally
and instead uses the API endpoint.
Remove the necessity for supplying client name for create a new client
request, also don't check existing clients based on client name as those
can be duplicate
BREAKING CHANGE: Renamed parameter client_name to client_id in get_client_id method
Closes#351
This adds support for the basic endpoints necessary to configure client-to-client token exchange.
The /authz API is lacking official documentation. Basic docs added to docstrings instead.