def load_user_from_request(request): if request.path != "/" and not app.config.get('is_local') and os.environ.get("TESTING") is None: try: api_key = request.headers.get('Authorization') bearer_token = api_key.replace('Bearer ', '', 1) keycloak_openid = KeycloakOpenID( server_url=app.config.get('authentication', {}).get('url'), client_id=app.config.get('authentication', {}).get('clientid'), realm_name=app.config.get('authentication', {}).get('realm') ) keycloak_public_key = "-----BEGIN PUBLIC KEY-----\n" + keycloak_openid.public_key() + "\n-----END PUBLIC KEY-----" options = {"verify_signature": True, "verify_aud": True, "verify_exp": True} token_info = keycloak_openid.decode_token(bearer_token, key=keycloak_public_key, options=options) return Auth.authenticate_user(token_info, app.config.get('authentication')) except Exception as e: logging.exception(e) return make_response("Error occured while authentication: ", str(e), 500) else: return User(is_authenticated=True)
# authorizationUrl=f"{keycloak_url}realms/{realm}/protocol/openid-connect/auth", # tokenUrl=f"{keycloak_url}realms/{realm}/protocol/openid-connect/token", # ) oauth2_scheme = OAuth2PasswordBearer( # authorizationUrl=f"{keycloak_url}realms/{realm}/protocol/openid-connect/auth", tokenUrl=f"{KEYCLOAK_URL}realms/{REALM}/protocol/openid-connect/token") kind_oauth2_scheme = OAuth2PasswordBearer( # authorizationUrl=f"{keycloak_url}realms/{realm}/protocol/openid-connect/auth", tokenUrl=f"{KEYCLOAK_URL}realms/{REALM}/protocol/openid-connect/token", auto_error=False, ) KEYCLOAK_PUBLIC_KEY = ("-----BEGIN PUBLIC KEY-----\n" + keycloak_openid.public_key() + "\n-----END PUBLIC KEY-----") KEYCLOAK_PUBLIC_KEY = ("-----BEGIN PUBLIC KEY-----\n" + keycloak_openid.public_key() + "\n-----END PUBLIC KEY-----") async def get_current_user(token: str = Depends(kind_oauth2_scheme)): try: return keycloak_openid.decode_token( token, key=KEYCLOAK_PUBLIC_KEY, options={ "verify_signature": True, "verify_aud": False,
import random import urllib.request import json import python_jwt as jwt, jwcrypto.jwk as jwk import datetime from keycloak import KeycloakOpenID app = Flask(__name__) api = Api(app) keycloak_openid = KeycloakOpenID(server_url="http://localhost:8180/auth/", client_id="poc-front-end", realm_name="master") certs = keycloak_openid.certs() print('certs={}'.format(certs)) KEYCLOAK_PUBLIC_KEY = '-----BEGIN PUBLIC KEY-----\n' + keycloak_openid.public_key( ) + '\n-----END PUBLIC KEY-----' print('KEYCLOAK_PUBLIC_KEY={}'.format(KEYCLOAK_PUBLIC_KEY)) FORTUNES = [ { 'text': 'There are no manifestos like cannon and musketry.', 'author': 'The Duke of Wellington' }, { 'text': '"The fundamental principle of science, the definition almost, is this: the sole test of the validity of any idea is experiment."', 'author': 'Richard P. Feynman' }, { 'text': 'There is no sin but ignorance.', 'author': 'Christopher Marlowe'
# Get Certs certs = keycloak_openid.certs() # Get RPT (Entitlement) token = keycloak_openid.token("user", "password") rpt = keycloak_openid.entitlement(token['access_token'], "resource_id") # Instropect RPT token_rpt_info = keycloak_openid.introspect(keycloak_openid.introspect(token['access_token'], rpt=rpt['rpt'], token_type_hint="requesting_party_token")) # Introspect Token token_info = keycloak_openid.introspect(token['access_token'])) # Decode Token KEYCLOAK_PUBLIC_KEY = keycloak_openid.public_key() options = {"verify_signature": True, "verify_aud": True, "exp": True} token_info = keycloak_openid.decode_token(token['access_token'], key=KEYCLOAK_PUBLIC_KEY, options=options) # Get permissions by token token = keycloak_openid.token("user", "password") keycloak_openid.load_authorization_config("example-authz-config.json") policies = keycloak_openid.get_policies(token['access_token'], method_token_info='decode', key=KEYCLOAK_PUBLIC_KEY) permissions = keycloak_openid.get_permissions(token['access_token'], method_token_info='introspect') # KEYCLOAK ADMIN from keycloak import KeycloakAdmin keycloak_admin = KeycloakAdmin(server_url="http://localhost:8080/auth/", username='******',