def load_user_from_request(request):
if request.path != "/" and not app.config.get('is_local') and os.environ.get("TESTING") is None:
try:
api_key = request.headers.get('Authorization')
bearer_token = api_key.replace('Bearer ', '', 1)
keycloak_openid = KeycloakOpenID(
server_url=app.config.get('authentication', {}).get('url'),
client_id=app.config.get('authentication', {}).get('clientid'),
realm_name=app.config.get('authentication', {}).get('realm')
)
keycloak_public_key = "-----BEGIN PUBLIC KEY-----\n" + keycloak_openid.public_key() + "\n-----END PUBLIC KEY-----"
options = {"verify_signature": True, "verify_aud": True, "verify_exp": True}
token_info = keycloak_openid.decode_token(bearer_token, key=keycloak_public_key, options=options)
return Auth.authenticate_user(token_info, app.config.get('authentication'))
except Exception as e:
logging.exception(e)
return make_response("Error occured while authentication: ", str(e), 500)
else:
return User(is_authenticated=True)
# authorizationUrl=f"{keycloak_url}realms/{realm}/protocol/openid-connect/auth",
# tokenUrl=f"{keycloak_url}realms/{realm}/protocol/openid-connect/token",
# )
oauth2_scheme = OAuth2PasswordBearer(
# authorizationUrl=f"{keycloak_url}realms/{realm}/protocol/openid-connect/auth",
tokenUrl=f"{KEYCLOAK_URL}realms/{REALM}/protocol/openid-connect/token")
kind_oauth2_scheme = OAuth2PasswordBearer(
# authorizationUrl=f"{keycloak_url}realms/{realm}/protocol/openid-connect/auth",
tokenUrl=f"{KEYCLOAK_URL}realms/{REALM}/protocol/openid-connect/token",
auto_error=False,
)
KEYCLOAK_PUBLIC_KEY = ("-----BEGIN PUBLIC KEY-----\n" +
keycloak_openid.public_key() +
"\n-----END PUBLIC KEY-----")
KEYCLOAK_PUBLIC_KEY = ("-----BEGIN PUBLIC KEY-----\n" +
keycloak_openid.public_key() +
"\n-----END PUBLIC KEY-----")
async def get_current_user(token: str = Depends(kind_oauth2_scheme)):
try:
return keycloak_openid.decode_token(
token,
key=KEYCLOAK_PUBLIC_KEY,
options={
"verify_signature": True,
"verify_aud": False,
import random
import urllib.request
import json
import python_jwt as jwt, jwcrypto.jwk as jwk
import datetime
from keycloak import KeycloakOpenID
app = Flask(__name__)
api = Api(app)
keycloak_openid = KeycloakOpenID(server_url="http://localhost:8180/auth/",
client_id="poc-front-end",
realm_name="master")
certs = keycloak_openid.certs()
print('certs={}'.format(certs))
KEYCLOAK_PUBLIC_KEY = '-----BEGIN PUBLIC KEY-----\n' + keycloak_openid.public_key(
) + '\n-----END PUBLIC KEY-----'
print('KEYCLOAK_PUBLIC_KEY={}'.format(KEYCLOAK_PUBLIC_KEY))
FORTUNES = [
{
'text': 'There are no manifestos like cannon and musketry.',
'author': 'The Duke of Wellington'
},
{
'text':
'"The fundamental principle of science, the definition almost, is this: the sole test of the validity of any idea is experiment."',
'author': 'Richard P. Feynman'
},
{
'text': 'There is no sin but ignorance.',
'author': 'Christopher Marlowe'
# Get Certs
certs = keycloak_openid.certs()
# Get RPT (Entitlement)
token = keycloak_openid.token("user", "password")
rpt = keycloak_openid.entitlement(token['access_token'], "resource_id")
# Instropect RPT
token_rpt_info = keycloak_openid.introspect(keycloak_openid.introspect(token['access_token'], rpt=rpt['rpt'],
token_type_hint="requesting_party_token"))
# Introspect Token
token_info = keycloak_openid.introspect(token['access_token']))
# Decode Token
KEYCLOAK_PUBLIC_KEY = keycloak_openid.public_key()
options = {"verify_signature": True, "verify_aud": True, "exp": True}
token_info = keycloak_openid.decode_token(token['access_token'], key=KEYCLOAK_PUBLIC_KEY, options=options)
# Get permissions by token
token = keycloak_openid.token("user", "password")
keycloak_openid.load_authorization_config("example-authz-config.json")
policies = keycloak_openid.get_policies(token['access_token'], method_token_info='decode', key=KEYCLOAK_PUBLIC_KEY)
permissions = keycloak_openid.get_permissions(token['access_token'], method_token_info='introspect')
# KEYCLOAK ADMIN
from keycloak import KeycloakAdmin
keycloak_admin = KeycloakAdmin(server_url="http://localhost:8080/auth/",
username='******',
