.. _openid_client: OpenID Client ======================== Configure client OpenID ------------------------- .. code-block:: python from keycloak import KeycloakOpenID # Configure client # For versions older than 18 /auth/ must be added at the end of the server_url. keycloak_openid = KeycloakOpenID(server_url="http://localhost:8080/", client_id="example_client", realm_name="example_realm", client_secret_key="secret") Get .well_know ----------------------- .. code-block:: python config_well_known = keycloak_openid.well_known() Get code with OAuth authorization request ---------------------------------------------- .. code-block:: python auth_url = keycloak_openid.auth_url( redirect_uri="your_call_back_url", scope="email", state="your_state_info") Get access token with code ---------------------------------------------- .. code-block:: python access_token = keycloak_openid.token( grant_type='authorization_code', code='the_code_you_get_from_auth_url_callback', redirect_uri="your_call_back_url") Get access token with user and password ---------------------------------------------- .. code-block:: python token = keycloak_openid.token("user", "password") token = keycloak_openid.token("user", "password", totp="012345") Get token using Token Exchange ---------------------------------------------- .. code-block:: python token = keycloak_openid.exchange_token(token['access_token'], "my_client", "other_client", "some_user") Refresh token ---------------------------------------------- .. code-block:: python token = keycloak_openid.refresh_token(token['refresh_token']) Get UserInfo ---------------------------------------------- .. code-block:: python userinfo = keycloak_openid.userinfo(token['access_token']) Logout ---------------------------------------------- .. code-block:: python keycloak_openid.logout(token['refresh_token']) Get certs ---------------------------------------------- .. code-block:: python certs = keycloak_openid.certs() Introspect RPT ---------------------------------------------- .. code-block:: python token_rpt_info = keycloak_openid.introspect(keycloak_openid.introspect(token['access_token'], rpt=rpt['rpt'], token_type_hint="requesting_party_token")) Introspect token ---------------------------------------------- .. code-block:: python token_info = keycloak_openid.introspect(token['access_token']) Decode token ---------------------------------------------- .. code-block:: python token_info = keycloak_openid.decode_token(token['access_token']) # Without validation token_info = keycloak_openid.decode_token(token['access_token'], validate=False) Get UMA-permissions by token ---------------------------------------------- .. code-block:: python token = keycloak_openid.token("user", "password") permissions = keycloak_openid.uma_permissions(token['access_token']) Get UMA-permissions by token with specific resource and scope requested -------------------------------------------------------------------------- .. code-block:: python token = keycloak_openid.token("user", "password") permissions = keycloak_openid.uma_permissions(token['access_token'], permissions="Resource#Scope") Get auth status for a specific resource and scope by token -------------------------------------------------------------------------- .. code-block:: python token = keycloak_openid.token("user", "password") auth_status = keycloak_openid.has_uma_access(token['access_token'], "Resource#Scope")