def get_token(url): if config_file_valid: config.read(_config_file_name()) keycloak_openid = KeycloakOpenID( server_url=f'https://{url}/auth/', client_id="admin-cli", realm_name="master", ) return keycloak_openid.refresh_token( config[url]['refresh_token'])['access_token']
class KeycloakClient: """Wrapper for Keycloak OpenID and admin clients.""" def __init__(self, server, resource, realm, secret, admin_user, admin_pass): self.openid = KeycloakOpenID( server_url=server, client_id=resource, realm_name=realm, client_secret_key=secret, ) self.admin = _KeycloakAdmin( server_url=server, client_id=resource, realm_name=realm, client_secret_key=secret, username=admin_user, password=admin_pass, auto_refresh_token=['get', 'put', 'post', 'delete'], ) def login(self, username, password): return self.openid.token(username, password, totp=None) def token_refresh(self, refresh_token): return self.openid.refresh_token(refresh_token) def token_info(self, token): return self.openid.introspect(token) def user_list(self, query=None): return self.admin.get_users(query) def user_get(self, user_id): return self.admin.get_user(user_id) def user_create(self, data): data = data.copy() data.setdefault('enabled', True) if 'password' in data: data['credentials'] = [ { 'type': 'password', 'value': data['password'] }, ] del data['password'] return self.admin.create_user(data) def user_update(self, user_id, data): data = data.copy() if 'password' in data: data['credentials'] = [ { 'type': 'password', 'value': data['password'] }, ] del data['password'] self.admin.update_user(user_id, data) def user_delete(self, user_id): self.admin.delete_user(user_id) def user_group_list(self, user_id): """Get list of groups user belongs to.""" return self.admin.get_user_groups(user_id) def user_role_list(self, user_id): """ Get set of all user roles (**role names**), directly assigned and also inherited from a group. """ roles = set() # directly assigned roles roles = { i['name'] for i in self.admin.get_realm_roles_of_user(user_id) } # iherited roles from group for group in self.user_group_list(user_id): roles |= { i['name'] for i in self.admin.get_group_realm_roles(group['id']) } return roles def user_check_group(self, user_id, group_id): """Check if user belongs to the given group.""" return self.user_check_group_any(user_id, [group_id]) def user_check_group_any(self, user_id, group_id_list): """Check if user belongs to any of the given groups.""" return any(group['id'] in group_id_list for group in self.user_group_list(user_id)) def user_check_role(self, user_id, role_name): """Check if user has role.""" return role_name in self.user_role_list(user_id) def group_list(self): return self.admin.get_groups() def group_get(self, group_id): return self.admin.get_group(group_id) def group_create(self, data): # `create_group` always returns b'' self.admin.create_group(data) for group in self.group_list(): if group['name'] == data['name']: return group['id'] def group_update(self, group_id, data): self.admin.update_group(group_id, data) def group_delete(self, group_id): self.admin.delete_group(group_id) def group_user_list(self, group_id): """Get list of users in group.""" return self.admin.get_group_members(group_id) def group_user_add(self, user_id, group_id): """Add user to group.""" self.admin.group_user_add(user_id, group_id) def group_user_remove(self, user_id, group_id): """Remove user from group.""" self.admin.group_user_remove(user_id, group_id) def group_role_list(self, group_id): return self.admin.get_group_realm_roles(group_id) def group_role_add(self, role_name, group_id): """Add role to group. **Role NAME, not ID.**""" role = self.role_get(role_name) self.admin.assign_group_realm_roles(group_id, [role]) def group_role_remove(self, role_name, group_id): """Remove role from group. **Role NAME, not ID.**""" role = self.role_get(role_name) self.admin.delete_group_realm_roles(group_id, [role]) def role_list(self): return self.admin.get_realm_roles() def role_get(self, role_name): """Get role by name. **NAME, not ID.**""" return self.admin.get_realm_role(role_name) def role_create(self, data): # `create_role` always returns b'' self.admin.create_realm_role(data) for role in self.role_list(): if role['name'] == data['name']: return role['name'] def role_update(self, role_id, data): self.admin.update_realm_role(role_id, data) def role_delete(self, role_id): self.admin.delete_realm_role(role_id)
from keycloak import KeycloakOpenID # Configure client keycloak_openid = KeycloakOpenID(server_url="http://localhost:7501/auth/", client_id="oidc-native-app-client", realm_name="realm0") # Get WellKnow config_well_know = keycloak_openid.well_know() # Get Token token = keycloak_openid.token("user0", "password0") print (token['access_token']) # Get Userinfo userinfo = keycloak_openid.userinfo(token['access_token']) print(userinfo) # Refresh token token = keycloak_openid.refresh_token(token['refresh_token']) # Logout keycloak_openid.logout(token['refresh_token'])