* refactor: incorporate custom headers into default header setup
Modify the default headers construction to merge in custom headers if provided. This change ensures that custom headers, such as Cloudflare access tokens, are included in the request before self.get_token() is called and without overwriting the default headers like 'Authorization' and 'Content-Type'.
* refactor: Fixing linting issue
Fixing linting issue by adding trailing comma to key in dict
* refactor: adding custom headers to KeycloakOpenID
Adding `custom_headers` to KeycloakOpenID instantiation.
When both user credentials and client credentials are supplied, this
library used the grant_type=client_credentials. This fix will instead
retrieve the token with grant_type=password, similar to the Keycloak
admin CLI kcadm.sh.
Most of the methods rely on the role name within python keycloak, which for the vast majority is fine, however there are some role names which cannot be used by the API endpoint as they contain characters that cannot be encoded properly. Therefore this change is to allow the use of the role's id to get, update and delete roles by their id instead.'
* feat: added support for Admin Events api
* test: fix auth_flow test and authentication_configs based on KC 22 pre-settings
* docs: update readme
* revert: "test: fix auth_flow test and authentication_configs based on KC 22 pre-settings"
This reverts commit 392b71b351.
* test: trying to support old and new Keycloak versions for test_auth_flows & test_authentication_configs
test: trying to support old and new Keycloak versions for test_auth_flows & test_authentication_configs
https://github.com/keycloak/keycloak/issues/20497
* chore: revert Update tox.ini
These tools should be coming from the poetry virtual env
---------
Co-authored-by: Simone Ferrigno <simone.ferrigno@vorwerk.de>
Co-authored-by: Richard Nemeth <ryshoooo@gmail.com>
* feat: add missing get_realm_role_by_id to KeycloakAdmin
* fix: test was using role_name instead role_id
---------
Co-authored-by: Cainã S. G <p-caina.galante@pd.tec.br>
* feat(api): add api url
* feat(api): add create permission function
* feat(api): add testcases for create permission function
* fix: linting
* fix: linting
* feat(api): add testcases for create permission function
* feat(api): add testcases for create permission function
* feat(api): apply formating
* feat(api): fix testing
* feat(api): fix testing
* feat(api): fix testing for create client_authz_scope_permission
* feat(api): add scope id for get client_authz_scope_permission
* fix create_client_authz_scope_permission test case
* fix: create_client_authz_scope_permission test case
* fix: add id in create client authz scope permissions
* fix: linting
* fix: test case of create client authz scope permissions
* fix: test case of create client authz scope permissions
---------
Co-authored-by: Richard Nemeth <ryshoooo@gmail.com>
* fix: remove internal use of deprecated methods
* fix: missing keycloak_openid during refresh (#431)
Error occurs when token is set so refresh_token is called before call
to get_token.
* feat: Add client update method
* fix: keycloak 22.0 dropped http challenge support
* fix: keycloak 22 changes default authenticator providers
* feat: add an optional search criteria to the get_realm_roles function
* style: reformat code to fix linting error
* test: add unit test for get_realm_roles function with search_text param
* feat: added KeycloakAdmin.update_client_authz_resource()
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: linting
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: test expecting and different anwser from server
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: test expecting and different anwser from server
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
---------
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
Co-authored-by: Cainã S. G <p-caina.galante@pd.tec.br>
* feat: add create_client_authz_scope_permission and create_client_authz_policy to keycloak_admin
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: fixed create_client_authz_policy url
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: fixed test expect number of policies
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: fixed typo in test for create_client_authz_scope_based_permission
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: removed duplicated test
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: chenge url to use existing variables
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: linting
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
* fix: linting
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
---------
Signed-off-by: Cainã S. G <p-caina.galante@pd.tec.br>
Co-authored-by: Cainã S. G <p-caina.galante@pd.tec.br>
* refactor: Refactor exchange_token method
Add missing arguments:
- subject_token_type
- subject_issuer
- requested_issuer
Remove client_id argument. The client_id should come from self.
Add None defaults
* 🔥 chore(test_keycloak_openid.py): remove unused client_id parameter
Refactored the exchange_token method test to match the new interface
BREAKING CHANGE: Changes the exchange token API
* fix: initializing KeycloakAdmin without server_url
According to the project readme, we could initialize a KeycloakAdmin object with a KeycloakOpenIDConnection object without other arguments but, server_url is required.
I made server_url optional and wrote a test for it.
* Revert "fix: initializing KeycloakAdmin without server_url"
This reverts commit 09cf503415.
* fix: initializing KeycloakAdmin without server_url
According to the project readme, we could initialize a KeycloakAdmin object with a KeycloakOpenIDConnection object without other arguments but, server_url is required.
I made server_url optional and wrote a test for it.
* fix: check linting, formatting
---------
Co-authored-by: Armin Shoughi <a.shoughi@hesaba.co>
* feat: add tests and logic for deleting client authz resource
* feat: add tests and logic for getting client authz resource
* fix: update return type of get_client_authz_resource from bytes to dict
* fix: update return type of get_client_authz_resources admin method
* refactor: Factor our OpenIdConnectionManager class and deprecate old methods
* refactor: Refactor keycloak uma client to use openid connection manager
* fix: Perform token renewal at 90% of lifetime
* refactor: Add optional openid connection constructor param to keycloak admin
* refactor: Remove auto_refresh_token in favour of automatic refresh on expiry
* refactor: move KeycloakOpenIDConnectionManager to a separate file
* docs: uma additions and fixes
* refactor: rename token_renewal_fraction->token_lifetime_fraction
* refactor: shorten KeycloakOpenIDConnectionManager->KeycloakOpenIDConnection
* docs: incorporate review comments
Keycloak provides an API endpoint to directly load a group by its path.
This commit changes get_group_by_path to not filter the groups locally
and instead uses the API endpoint.