README
¶
gocloak
golang keycloak client
This client is based on : go-keycloak
For Questions either raise an issue, or come to the gopher-slack into the channel #gocloak
If u are using the echo framework have a look at gocloak-echo
https://gopkg.in/nerzal/gocloak.v1
Contribution
(WIP) https://github.com/Nerzal/gocloak/wiki/Contribute
Usage
Importing
Since the version 3 you need to import the gocloak library using v3 suffix:
import "github.com/Nerzal/gocloak/v3"
Version 2:
go get gopkg.in/nerzal/gocloak@v2.1.0
import "github.com/Nerzal/gocloak"
Keycloak Version < 4.8
If you are using a Keycloak Server version <4.8 please use the V1.0 release of gocloak.
go get gopkg.in/nerzal/gocloak.v1
import "gopkg.in/nerzal/gocloak.v1"
Create New User
client := gocloak.NewClient("https://mycool.keycloak.instance")
token, err := client.LoginAdmin("user", "password", "realmName")
if err != nil {
panic("Something wrong with the credentials or url")
}
user := gocloak.User{
FirstName: "Bob",
LastName: "Uncle",
EMail: "something@really.wrong",
Enabled: true,
Username: "CoolGuy",
}
client.CreateUser(token.AccessToken, "realm", user)
if err != nil {
panic("Oh no!, failed to create user :(")
}
Introspect Token
client := gocloak.NewClient(hostname)
token, err := client.LoginClient(clientid, clientSecret, realm)
if err != nil {
panic("Login failed:"+ err.Error())
}
rptResult, err := client.RetrospectToken(token.AccessToken, clientid, clientSecret, realm)
if err != nil {
panic("Inspection failed:"+ err.Error())
}
if !rptResult.Active {
panic("Token is not active")
}
permissions := rptResult.Permissions
//Do something with the permissions ;)
Features
// GoCloak holds all methods a client should fullfill
type GoCloak interface {
Login(clientID string, clientSecret string, realm string, username string, password string) (*JWT, error)
Logout(clientID, clientSecret, realm, refreshToken string) error
LogoutPublicClient(clientID, realm, accessToken, refreshToken string) error
LoginClient(clientID, clientSecret, realm string) (*JWT, error)
LoginAdmin(username, password, realm string) (*JWT, error)
RequestPermission(clientID string, clientSecret string, realm string, username string, password string, permission string) (*JWT, error)
RefreshToken(refreshToken string, clientID, clientSecret, realm string) (*JWT, error)
DecodeAccessToken(accessToken string, realm string) (*jwt.Token, *jwt.MapClaims, error)
DecodeAccessTokenCustomClaims(accessToken string, realm string, claims jwt.Claims) (*jwt.Token, error)
RetrospectToken(accessToken string, clientID, clientSecret string, realm string) (*RetrospecTokenResult, error)
GetIssuer(realm string) (*IssuerResponse, error)
GetCerts(realm string) (*CertResponse, error)
GetServerInfo(accessToken string) (*ServerInfoRepesentation, error)
GetUserInfo(accessToken string, realm string) (*UserInfo, error)
SetPassword(token string, userID string, realm string, password string, temporary bool) error
ExecuteActionsEmail(token string, realm string, params ExecuteActionsEmail) error
CreateUser(token string, realm string, user User) (string, error)
CreateGroup(accessToken string, realm string, group Group) error
CreateClientRole(accessToken string, realm string, clientID string, role Role) error
CreateClient(accessToken string, realm string, clientID Client) error
CreateClientScope(accessToken string, realm string, scope ClientScope) error
CreateComponent(accessToken string, realm string, component Component) error
UpdateUser(accessToken string, realm string, user User) error
UpdateGroup(accessToken string, realm string, updatedGroup Group) error
UpdateRole(accessToken string, realm string, clientID string, role Role) error
UpdateClient(accessToken string, realm string, updatedClient Client) error
UpdateClientScope(accessToken string, realm string, scope ClientScope) error
DeleteUser(accessToken string, realm, userID string) error
DeleteComponent(accessToken string, realm, componentID string) error
DeleteGroup(accessToken string, realm, groupID string) error
DeleteClientRole(accessToken string, realm, clientID, roleName string) error
DeleteClient(accessToken string, realm, clientID string) error
DeleteClientScope(accessToken string, realm, scopeID string) error
GetClient(accessToken string, realm string, clientID string) (*Client, error)
GetClientsDefaultScopes(token string, realm string, clientID string) ([]*ClientScope, error)
AddDefaultScopeToClient(token string, realm string, clientID string, scopeID string) error
RemoveDefaultScopeFromClient(token string, realm string, clientID string, scopeID string) error
GetClientsOptionalScopes(token string, realm string, clientID string) ([]*ClientScope, error)
AddOptionalScopeToClient(token string, realm string, clientID string, scopeID string) error
RemoveOptionalScopeFromClient(token string, realm string, clientID string, scopeID string) error
GetDefaultOptionalClientScopes(token string, realm string) ([]*ClientScope, error)
GetDefaultDefaultClientScopes(token string, realm string) ([]*ClientScope, error)
GetClientScope(token string, realm string, scopeID string) (*ClientScope, error)
GetClientScopes(token string, realm string) ([]*ClientScope, error)
GetClientSecret(token string, realm string, clientID string) (*CredentialRepresentation, error)
GetClientServiceAccount(token string, realm string, clientID string) (*User, error)
RegenerateClientSecret(token string, realm string, clientID string) (*CredentialRepresentation, error)
GetKeyStoreConfig(accessToken string, realm string) (*KeyStoreConfig, error)
GetUserByID(accessToken string, realm string, userID string) (*User, error)
GetUserCount(accessToken string, realm string) (int, error)
GetUsers(accessToken string, realm string, params GetUsersParams) ([]*User, error)
GetUserGroups(accessToken string, realm string, userID string) ([]*UserGroup, error)
GetComponents(accessToken string, realm string) ([]*Component, error)
GetGroups(accessToken string, realm string, params GetGroupsParams) ([]*Group, error)
GetGroup(accessToken string, realm, groupID string) (*Group, error)
GetGroupMembers(accessToken string, realm, groupID string, params GetGroupsParams) ([]*User, error)
GetRoleMappingByGroupID(accessToken string, realm string, groupID string) (*MappingsRepresentation, error)
GetRoleMappingByUserID(accessToken string, realm string, userID string) (*MappingsRepresentation, error)
GetClientRoles(accessToken string, realm string, clientID string) ([]*Role, error)
GetClientRole(token string, realm string, clientID string, roleName string) (*Role, error)
GetClients(accessToken string, realm string, params GetClientsParams) ([]*Client, error)
GetUsersByRoleName(token string, realm string, roleName string) ([]*User, error)
UserAttributeContains(attributes map[string][]string, attribute string, value string) bool
CreateClientProtocolMapper(token, realm, clientID string, mapper ProtocolMapperRepresentation) error
DeleteClientProtocolMapper(token, realm, clientID, mapperID string) error
// *** Realm Roles ***
CreateRealmRole(token string, realm string, role Role) error
GetRealmRole(token string, realm string, roleName string) (*Role, error)
GetRealmRoles(accessToken string, realm string) ([]*Role, error)
GetRealmRolesByUserID(accessToken string, realm string, userID string) ([]*Role, error)
GetRealmRolesByGroupID(accessToken string, realm string, groupID string) ([]*Role, error)
UpdateRealmRole(token string, realm string, roleName string, role Role) error
DeleteRealmRole(token string, realm string, roleName string) error
AddRealmRoleToUser(token string, realm string, userID string, roles []Role) error
DeleteRealmRoleFromUser(token string, realm string, userID string, roles []Role) error
AddRealmRoleComposite(token string, realm string, roleName string, roles []Role) error
DeleteRealmRoleComposite(token string, realm string, roleName string, roles []Role) error
// *** Realm ***
GetRealm(token string, realm string) (*RealmRepresentation, error)
GetRealms(token string) ([]*RealmRepresentation, error)
CreateRealm(token string, realm RealmRepresentation) error
DeleteRealm(token string, realm string) error
ClearRealmCache(token string, realm string) error
GetClientUserSessions(token, realm, clientID string) ([]*UserSessionRepresentation, error)
GetClientOfflineSessions(token, realm, clientID string) ([]*UserSessionRepresentation, error)
GetUserSessions(token, realm, userID string) ([]*UserSessionRepresentation, error)
GetUserOfflineSessionsForClient(token, realm, userID, clientID string) ([]*UserSessionRepresentation, error)
}
developing & testing
For local testing you need to start a docker container. Simply run following commands prior to starting the tests:
docker pull quay.io/keycloak/keycloak
docker run -d \
-e KEYCLOAK_USER=admin \
-e KEYCLOAK_PASSWORD=secret \
-e KEYCLOAK_IMPORT=/tmp/gocloak-realm.json \
-v `pwd`/testdata/gocloak-realm.json:/tmp/gocloak-realm.json \
-p 8080:8080 \
--name gocloak-test \
quay.io/keycloak/keycloak
go test
Or you can run the tests on you own keycloak:
export GOCLOAK_TEST_CONFIG=/path/to/gocloak/config.json
All resources created as a result of unit tests will be deleted, except for the test user defined in the configuration file.
To remove running docker container after completion of tests:
docker stop gocloak-test
docker rm gocloak-test
License
Documentation
¶
Index ¶
- func GetQueryParams(s interface{}) (map[string]string, error)
- func IsObjectAlreadyExists(err error) bool
- type APIError
- type Access
- type ActiveKeys
- type Attributes
- type CertResponse
- type CertResponseKey
- type Client
- type ClientMappingsRepresentation
- type ClientScope
- type ClientScopeAttributes
- type Component
- type ComponentConfig
- type CredentialRepresentation
- type DecisionStrategy
- type ExecuteActionsEmail
- type GetClientsParams
- type GetGroupsParams
- type GetUsersParams
- type GoCloak
- type Group
- type HTTPErrorResponse
- type IssuerResponse
- type JWT
- type Key
- type KeyStoreConfig
- type Logic
- type MappingsRepresentation
- type MemoryInfoRepresentation
- type MultivaluedHashMap
- type ObjectAlreadyExists
- type PolicyEnforcementMode
- type PolicyRepresentation
- type ProtocolMapperRepresentation
- type ProtocolMappers
- type ProtocolMappersConfig
- type RealmRepresentation
- type ResourceRepresentation
- type ResourceServerRepresentation
- type RetrospecTokenResult
- type Role
- type ScopeRepresentation
- type ServerInfoRepesentation
- type SetPasswordRequest
- type StringOrArray
- type SystemInfoRepresentation
- type TokenOptions
- type User
- type UserGroup
- type UserInfo
- type UserSessionRepresentation
Constants ¶
Variables ¶
Functions ¶
func GetQueryParams ¶
GetQueryParams converts the struct to map[string]string The fields tags must have `json:"<name>,string,omitempty"` format for all types, except strings The string fields must have: `json:"<name>,omitempty"`. The `json:"<name>,string,omitempty"` tag for string field will add additional double quotes. "string" tag allows to convert the non-string fields of a structure to map[string]string. "omitempty" allows to skip the fields with default values.
func IsObjectAlreadyExists ¶
IsObjectAlreadyExists is a helper to verify tht the err is ObjectAlreadyExists
Types ¶
type Access ¶
type Access struct { ManageGroupMembership bool `json:"manageGroupMembership"` View bool `json:"view"` MapRoles bool `json:"mapRoles"` Impersonate bool `json:"impersonate"` Manage bool `json:"manage"` }
Access represents access
type ActiveKeys ¶
type ActiveKeys struct { HS256 string `json:"HS256,omitempty"` RS256 string `json:"RS256,omitempty"` AES string `json:"AES,omitempty"` }
ActiveKeys holds the active keys
type Attributes ¶
type Attributes struct { LDAPENTRYDN []string `json:"LDAP_ENTRY_DN,omitempty"` LDAPID []string `json:"LDAP_ID,omitempty"` }
Attributes holds Attributes
type CertResponse ¶
type CertResponse struct {
Keys []CertResponseKey `json:"keys,omitempty"`
}
CertResponse is returned by the certs endpoint
type CertResponseKey ¶
type CertResponseKey struct { Kid string `json:"kid,omitempty"` Kty string `json:"kty,omitempty"` Alg string `json:"alg,omitempty"` Use string `json:"use,omitempty"` N string `json:"n,omitempty"` E string `json:"e,omitempty"` }
CertResponseKey is returned by the certs endpoint
type Client ¶
type Client struct { Access map[string]interface{} `json:"access,omitempty"` AdminURL string `json:"adminUrl,omitempty"` Attributes map[string]string `json:"attributes,omitempty"` AuthenticationFlowBindingOverrides map[string]string `json:"authenticationFlowBindingOverrides,omitempty"` AuthorizationServicesEnabled bool `json:"authorizationServicesEnabled"` AuthorizationSettings *ResourceServerRepresentation `json:"authorizationSettings,omitempty"` BaseURL string `json:"baseUrl,omitempty"` BearerOnly bool `json:"bearerOnly"` ClientAuthenticatorType string `json:"clientAuthenticatorType,omitempty"` ClientID string `json:"clientId,omitempty"` ConsentRequired bool `json:"consentRequired"` DefaultClientScopes []string `json:"defaultClientScopes,omitempty"` DefaultRoles []string `json:"defaultRoles,omitempty"` Description string `json:"description,omitempty"` DirectAccessGrantsEnabled bool `json:"directAccessGrantsEnabled"` Enabled bool `json:"enabled"` FrontChannelLogout bool `json:"frontchannelLogout"` FullScopeAllowed bool `json:"fullScopeAllowed"` ID string `json:"id,omitempty"` ImplicitFlowEnabled bool `json:"implicitFlowEnabled"` Name string `json:"name,omitempty"` NodeReRegistrationTimeout int32 `json:"nodeReRegistrationTimeout,omitempty"` NotBefore int32 `json:"notBefore,omitempty"` OptionalClientScopes []string `json:"optionalClientScopes,omitempty"` Origin string `json:"origin,omitempty"` Protocol string `json:"protocol,omitempty"` ProtocolMappers []ProtocolMapperRepresentation `json:"protocolMappers,omitempty"` PublicClient bool `json:"publicClient"` RedirectURIs []string `json:"redirectUris,omitempty"` RegisteredNodes map[string]string `json:"registeredNodes,omitempty"` RegistrationAccessToken string `json:"registrationAccessToken,omitempty"` RootURL string `json:"rootUrl,omitempty"` Secret string `json:"secret,omitempty"` ServiceAccountsEnabled bool `json:"serviceAccountsEnabled"` StandardFlowEnabled bool `json:"standardFlowEnabled"` SurrogateAuthRequired bool `json:"surrogateAuthRequired"` WebOrigins []string `json:"webOrigins,omitempty"` }
Client is a ClientRepresentation
type ClientMappingsRepresentation ¶
type ClientMappingsRepresentation struct { ID string `json:"id,omitempty"` Client string `json:"client,omitempty"` Mappings []Role `json:"mappings,omitempty"` }
ClientMappingsRepresentation is a client role mappings
type ClientScope ¶
type ClientScope struct { ID string `json:"id,omitempty"` Name string `json:"name,omitempty"` Description string `json:"description,omitempty"` Protocol string `json:"protocol,omitempty"` ClientScopeAttributes *ClientScopeAttributes `json:"attributes,omitempty"` ProtocolMappers []ProtocolMappers `json:"protocolMappers,omitempty"` }
ClientScope is a ClientScope
type ClientScopeAttributes ¶
type ClientScopeAttributes struct { ConsentScreenText string `json:"consent.screen.text,omitempty"` DisplayOnConsentScreen string `json:"display.on.consent.screen,omitempty"` IncludeInTokenScope string `json:"include.in.token.scope,omitempty"` }
ClientScopeAttributes are attributes of client scopes
type Component ¶
type Component struct { ID string `json:"id,omitempty"` Name string `json:"name,omitempty"` ProviderID string `json:"providerId,omitempty"` ProviderType string `json:"providerType,omitempty"` ParentID string `json:"parentId,omitempty"` ComponentConfig ComponentConfig `json:"config,omitempty"` SubType string `json:"subType,omitempty"` }
Component is a component
type ComponentConfig ¶
type ComponentConfig struct { Priority []string `json:"priority,omitempty"` Algorithm []string `json:"algorithm,omitempty"` }
ComponentConfig is a componentconfig
type CredentialRepresentation ¶
type CredentialRepresentation struct { Algorithm string `json:"algorithm,omitempty"` Config MultivaluedHashMap `json:"config,omitempty"` Counter int32 `json:"counter,omitempty"` CreatedDate int64 `json:"createdDate,omitempty"` Device string `json:"device,omitempty"` Digits int32 `json:"digits,omitempty"` HashIterations int32 `json:"hashIterations,omitempty"` HashedSaltedValue string `json:"hashedSaltedValue,omitempty"` Period int32 `json:"period,omitempty"` Salt string `json:"salt,omitempty"` Temporary bool `json:"temporary"` Type string `json:"type,omitempty"` Value string `json:"value,omitempty"` }
CredentialRepresentation represents credentials
type DecisionStrategy ¶
type DecisionStrategy int
DecisionStrategy is an enum type for DecisionStrategy of PolicyRepresentation
const ( AFFIRMATIVE DecisionStrategy = iota UNANIMOUS CONSENSUS )
DecisionStrategy values
type ExecuteActionsEmail ¶
type ExecuteActionsEmail struct { UserID string `json:"-"` ClientID string `json:"client_id,omitempty"` Lifespan int `json:"lifespan,string,omitempty"` RedirectURI string `json:"redirect_uri,omitempty"` Actions []string `json:"-"` }
ExecuteActionsEmail represents parameters for executing action emails
type GetClientsParams ¶
type GetClientsParams struct { ClientID string `json:"clientId,omitempty"` ViewableOnly bool `json:"viewableOnly,string"` }
GetClientsParams represents the query parameters
type GetGroupsParams ¶
type GetGroupsParams struct { First int `json:"first,string,omitempty"` Max int `json:"max,string,omitempty"` Search string `json:"search,omitempty"` Full bool `json:"full,string,omitempty"` }
GetGroupsParams represents the optional parameters for getting groups
type GetUsersParams ¶
type GetUsersParams struct { BriefRepresentation bool `json:"briefRepresentation,string"` Email string `json:"email,omitempty"` First int `json:"first,string,omitempty"` FirstName string `json:"firstName,omitempty"` LastName string `json:"lastName,omitempty"` Max int `json:"max,string,omitempty"` Search string `json:"search,omitempty"` Username string `json:"username,omitempty"` }
GetUsersParams represents the optional parameters for getting users
type GoCloak ¶
type GoCloak interface { // RestyClient returns a resty client that gocloak uses RestyClient() *resty.Client // Sets the resty Client that gocloak uses SetRestyClient(restyClient resty.Client) // GetToken returns a token GetToken(realm string, options TokenOptions) (*JWT, error) // Login sends a request to the token endpoint using user and client credentials Login(clientID, clientSecret, realm, username, password string) (*JWT, error) // Logout sends a request to the logout endpoint using refresh token Logout(clientID, clientSecret, realm, refreshToken string) error // LogoutPublicClient sends a request to the logout endpoint using refresh token LogoutPublicClient(clientID, realm, accessToken, refreshToken string) error // LoginClient sends a request to the token endpoint using client credentials LoginClient(clientID, clientSecret, realm string) (*JWT, error) // LoginAdmin login as admin LoginAdmin(username, password, realm string) (*JWT, error) // RequestPermission sends a request to the token endpoint with permission parameter RequestPermission(clientID, clientSecret, realm, username, password, permission string) (*JWT, error) // RefreshToken used to refresh the token RefreshToken(refreshToken string, clientID, clientSecret, realm string) (*JWT, error) // DecodeAccessToken decodes the accessToken DecodeAccessToken(accessToken string, realm string) (*jwt.Token, *jwt.MapClaims, error) // DecodeAccessTokenCustomClaims decodes the accessToken and fills the given claims DecodeAccessTokenCustomClaims(accessToken string, realm string, claims jwt.Claims) (*jwt.Token, error) // DecodeAccessTokenCustomClaims calls the token introspection endpoint RetrospectToken(accessToken string, clientID, clientSecret string, realm string) (*RetrospecTokenResult, error) // GetIssuer calls the issuer endpoint for the given realm GetIssuer(realm string) (*IssuerResponse, error) // GetCerts gets the public keys for the given realm GetCerts(realm string) (*CertResponse, error) // GetServerInfo returns the server info GetServerInfo(accessToken string) (*ServerInfoRepesentation, error) // GetUserInfo gets the user info for the given realm GetUserInfo(accessToken string, realm string) (*UserInfo, error) // ExecuteActionsEmail executes an actions email ExecuteActionsEmail(token string, realm string, params ExecuteActionsEmail) error // CreateGroup creates a new group CreateGroup(accessToken string, realm string, group Group) error // CreateClient creates a new client CreateClient(accessToken string, realm string, clientID Client) error // CreateClientScope creates a new clientScope CreateClientScope(accessToken string, realm string, scope ClientScope) error // CreateComponent creates a new component CreateComponent(accessToken string, realm string, component Component) error // UpdateGroup updates the given group UpdateGroup(accessToken string, realm string, updatedGroup Group) error // UpdateRole updates the given role UpdateRole(accessToken string, realm string, clientID string, role Role) error // UpdateClient updates the given client UpdateClient(accessToken string, realm string, updatedClient Client) error // UpdateClientScope updates the given clientScope UpdateClientScope(accessToken string, realm string, scope ClientScope) error // DeleteComponent deletes the given component DeleteComponent(accessToken string, realm, componentID string) error // DeleteGroup deletes the given group DeleteGroup(accessToken string, realm, groupID string) error // DeleteClient deletes the given client DeleteClient(accessToken string, realm, clientID string) error // DeleteClientScope DeleteClientScope(accessToken string, realm, scopeID string) error // GetClient returns a client GetClient(accessToken string, realm string, clientID string) (*Client, error) // GetClientsDefaultScopes returns a list of the client's default scopes GetClientsDefaultScopes(token string, realm string, clientID string) ([]*ClientScope, error) // AddDefaultScopeToClient adds a client scope to the list of client's default scopes AddDefaultScopeToClient(token string, realm string, clientID string, scopeID string) error // RemoveDefaultScopeFromClient removes a client scope from the list of client's default scopes RemoveDefaultScopeFromClient(token string, realm string, clientID string, scopeID string) error // GetClientsOptionalScopes returns a list of the client's optional scopes GetClientsOptionalScopes(token string, realm string, clientID string) ([]*ClientScope, error) // AddOptionalScopeToClient adds a client scope to the list of client's optional scopes AddOptionalScopeToClient(token string, realm string, clientID string, scopeID string) error // RemoveOptionalScopeFromClient deletes a client scope from the list of client's optional scopes RemoveOptionalScopeFromClient(token string, realm string, clientID string, scopeID string) error // GetDefaultOptionalClientScopes returns a list of default realm optional scopes GetDefaultOptionalClientScopes(token string, realm string) ([]*ClientScope, error) // GetDefaultDefaultClientScopes returns a list of default realm default scopes GetDefaultDefaultClientScopes(token string, realm string) ([]*ClientScope, error) // GetClientScope returns a clientscope GetClientScope(token string, realm string, scopeID string) (*ClientScope, error) // GetClientScopes returns all client scopes GetClientScopes(token string, realm string) ([]*ClientScope, error) // GetClientSecret returns a client's secret GetClientSecret(token string, realm string, clientID string) (*CredentialRepresentation, error) // GetClientServiceAccount retrieves the service account "user" for a client if enabled GetClientServiceAccount(token string, realm string, clientID string) (*User, error) // RegenerateClientSecret creates a new client secret returning the updated CredentialRepresentation RegenerateClientSecret(token string, realm string, clientID string) (*CredentialRepresentation, error) // GetKeyStoreConfig gets the keyStoreConfig GetKeyStoreConfig(accessToken string, realm string) (*KeyStoreConfig, error) // GetComponents gets components of the given realm GetComponents(accessToken string, realm string) ([]*Component, error) // GetGroups gets all groups of the given realm GetGroups(accessToken string, realm string, params GetGroupsParams) ([]*Group, error) // GetGroup gets the given group GetGroup(accessToken string, realm, groupID string) (*Group, error) // GetGroupMembers get a list of users of group with id in realm GetGroupMembers(accessToken string, realm, groupID string, params GetGroupsParams) ([]*User, error) // GetRoleMappingByGroupID gets the rolemapping for the given group id GetRoleMappingByGroupID(accessToken string, realm string, groupID string) (*MappingsRepresentation, error) // GetRoleMappingByUserID gets the rolemapping for the given user id GetRoleMappingByUserID(accessToken string, realm string, userID string) (*MappingsRepresentation, error) // GetClients gets the clients in the realm GetClients(accessToken string, realm string, params GetClientsParams) ([]*Client, error) // GetClientOfflineSessions returns offline sessions associated with the client GetClientOfflineSessions(token, realm, clientID string) ([]*UserSessionRepresentation, error) // GetClientUserSessions returns user sessions associated with the client GetClientUserSessions(token, realm, clientID string) ([]*UserSessionRepresentation, error) // CreateClientProtocolMapper creates a protocol mapper in client scope CreateClientProtocolMapper(token, realm, clientID string, mapper ProtocolMapperRepresentation) error // DeleteClientProtocolMapper deletes a protocol mapper in client scope DeleteClientProtocolMapper(token, realm, clientID, mapperID string) error // UserAttributeContains checks if the given attribute has the given value UserAttributeContains(attributes map[string][]string, attribute string, value string) bool // CreateRealmRole creates a role in a realm CreateRealmRole(token string, realm string, role Role) error // GetRealmRole returns a role from a realm by role's name GetRealmRole(token string, realm string, roleName string) (*Role, error) // GetRealmRoles get all roles of the given realm. It's an alias for the GetRoles function GetRealmRoles(accessToken string, realm string) ([]*Role, error) // GetRealmRolesByUserID returns all roles assigned to the given user GetRealmRolesByUserID(accessToken string, realm string, userID string) ([]*Role, error) // GetRealmRolesByGroupID returns all roles assigned to the given group GetRealmRolesByGroupID(accessToken string, realm string, groupID string) ([]*Role, error) // UpdateRealmRole updates a role in a realm UpdateRealmRole(token string, realm string, roleName string, role Role) error // DeleteRealmRole deletes a role in a realm by role's name DeleteRealmRole(token string, realm string, roleName string) error // AddRealmRoleToUser adds realm-level role mappings AddRealmRoleToUser(token string, realm string, userID string, roles []Role) error // DeleteRealmRoleFromUser deletes realm-level role mappings DeleteRealmRoleFromUser(token string, realm string, userID string, roles []Role) error // AddRealmRoleComposite adds roles as composite AddRealmRoleComposite(token string, realm string, roleName string, roles []Role) error // AddRealmRoleComposite adds roles as composite DeleteRealmRoleComposite(token string, realm string, roleName string, roles []Role) error // AddClientRoleToUser adds a client role to the user AddClientRoleToUser(token string, realm string, clientID string, userID string, roles []Role) error // CreateClientRole creates a new role for a client CreateClientRole(accessToken string, realm string, clientID string, role Role) error // DeleteClientRole deletes the given role DeleteClientRole(accessToken string, realm, clientID, roleName string) error // DeleteClientRoleFromUser removes a client role from from the user DeleteClientRoleFromUser(token string, realm string, clientID string, userID string, roles []Role) error // GetClientRoles gets roles for the given client GetClientRoles(accessToken string, realm string, clientID string) ([]*Role, error) // GetClientRole get a role for the given client in a realm by role name GetClientRole(token string, realm string, clientID string, roleName string) (*Role, error) // GetRealm returns top-level representation of the realm GetRealm(token string, realm string) (*RealmRepresentation, error) // GetRealms returns top-level representation of all realms GetRealms(token string) ([]*RealmRepresentation, error) // CreateRealm creates a realm CreateRealm(token string, realm RealmRepresentation) error // DeleteRealm removes a realm DeleteRealm(token string, realm string) error // ClearRealmCache clears realm cache ClearRealmCache(token string, realm string) error // *** Users *** // CreateUser creates a new user CreateUser(token string, realm string, user User) (string, error) // DeleteUser deletes the given user DeleteUser(accessToken string, realm, userID string) error // GetUserByID gets the user with the given id GetUserByID(accessToken string, realm string, userID string) (*User, error) // GetUser count returns the userCount of the given realm GetUserCount(accessToken string, realm string) (int, error) // GetUsers gets all users of the given realm GetUsers(accessToken string, realm string, params GetUsersParams) ([]*User, error) // GetUserGroups gets the groups of the given user GetUserGroups(accessToken string, realm string, userID string) ([]*UserGroup, error) // GetUsersByRoleName returns all users have a given role GetUsersByRoleName(token string, realm string, roleName string) ([]*User, error) // SetPassword sets a new password for the user with the given id. Needs elevated privileges SetPassword(token string, userID string, realm string, password string, temporary bool) error // UpdateUser updates the given user UpdateUser(accessToken string, realm string, user User) error // AddUserToGroup puts given user to given group AddUserToGroup(token string, realm string, userID string, groupID string) error // DeleteUserFromGroup deletes given user from given group DeleteUserFromGroup(token string, realm string, userID string, groupID string) error // GetUserSessions returns user sessions associated with the user GetUserSessions(token, realm, userID string) ([]*UserSessionRepresentation, error) // GetUserOfflineSessionsForClient returns offline sessions associated with the user and client GetUserOfflineSessionsForClient(token, realm, userID, clientID string) ([]*UserSessionRepresentation, error) }
GoCloak holds all methods a client should fulfill
type Group ¶
type Group struct { ID string `json:"id,omitempty"` Name string `json:"name,omitempty"` Path string `json:"path,omitempty"` SubGroups []*Group `json:"subGroups,omitempty"` Attributes map[string][]string `json:"attributes,emitempty"` Access map[string]bool `json:"access,omitempty"` ClientRoles map[string][]string `json:"clientRoles,omitempty"` RealmRoles []string `json:"realmRoles,omitempty"` }
Group is a Group
type HTTPErrorResponse ¶
type HTTPErrorResponse struct { ErrorMessage string `json:"errorMessage,omitempty"` Error string `json:"error,omitempty"` }
HTTPErrorResponse is a model of an error response
type IssuerResponse ¶
type IssuerResponse struct { Realm string `json:"realm,omitempty"` PublicKey string `json:"public_key,omitempty"` TokenService string `json:"token-service,omitempty"` AccountService string `json:"account-service,omitempty"` TokensNotBefore int `json:"tokens-not-before,omitempty"` }
IssuerResponse is returned by the issuer endpoint
type JWT ¶
type JWT struct { AccessToken string `json:"access_token"` IDToken string `json:"id_token"` ExpiresIn int `json:"expires_in"` RefreshExpiresIn int `json:"refresh_expires_in"` RefreshToken string `json:"refresh_token"` TokenType string `json:"token_type"` NotBeforePolicy int `json:"not-before-policy"` SessionState string `json:"session_state"` Scope string `json:"scope"` }
JWT is a JWT
type Key ¶
type Key struct { ProviderID string `json:"providerId,omitempty"` ProviderPriority int `json:"providerPriority,omitempty"` Kid string `json:"kid,omitempty"` Status string `json:"status,omitempty"` Type string `json:"type,omitempty"` Algorithm string `json:"algorithm,omitempty"` PublicKey string `json:"publicKey,omitempty"` Certificate string `json:"certificate,omitempty"` }
Key is a key
type KeyStoreConfig ¶
type KeyStoreConfig struct { ActiveKeys ActiveKeys `json:"active,omitempty"` Key []Key `json:"keys,omitempty"` }
KeyStoreConfig holds the keyStoreConfig
type MappingsRepresentation ¶
type MappingsRepresentation struct { ClientMappings map[string]ClientMappingsRepresentation `json:"clientMappings,omitempty"` RealmMappings []Role `json:"realmMappings,omitempty"` }
MappingsRepresentation is a representation of role mappings
type MemoryInfoRepresentation ¶
type MemoryInfoRepresentation struct { Free int `json:"free,omitempty"` FreeFormated string `json:"freeFormated,omitempty"` FreePercentage int `json:"freePercentage,omitempty"` Total int `json:"total,omitempty"` TotalFormated string `json:"totalFormated,omitempty"` Used int `json:"used,omitempty"` UsedFormated string `json:"usedFormated,omitempty"` }
MemoryInfoRepresentation represents a memory info
type MultivaluedHashMap ¶
type MultivaluedHashMap struct { Empty bool `json:"empty"` LoadFactor float32 `json:"loadFactor,omitempty"` Threshold int32 `json:"threshold,omitempty"` }
MultivaluedHashMap represents something
type ObjectAlreadyExists ¶
type ObjectAlreadyExists struct {
ErrorMessage string
}
ObjectAlreadyExists is used when keycloak answers with 409
func (*ObjectAlreadyExists) Error ¶
func (e *ObjectAlreadyExists) Error() string
type PolicyEnforcementMode ¶
type PolicyEnforcementMode int
PolicyEnforcementMode is an enum type for PolicyEnforcementMode of ResourceServerRepresentation
const ( ENFORCING PolicyEnforcementMode = iota PERMISSIVE DISABLED )
PolicyEnforcementMode values
type PolicyRepresentation ¶
type PolicyRepresentation struct { Config map[string]string `json:"config,omitempty"` DecisionStrategy *DecisionStrategy `json:"decisionStrategy,omitempty"` Description string `json:"description,omitempty"` ID string `json:"id,omitempty"` Logic *Logic `json:"logic,omitempty"` Name string `json:"name,omitempty"` Owner string `json:"owner,omitempty"` Policies []string `json:"policies,omitempty"` Resources []string `json:"resources,omitempty"` Scopes []string `json:"scopes,omitempty"` Type string `json:"type,omitempty"` }
PolicyRepresentation is a representation of a Policy
type ProtocolMapperRepresentation ¶
type ProtocolMapperRepresentation struct { Config map[string]string `json:"config,omitempty"` ID string `json:"id,omitempty"` Name string `json:"name,omitempty"` Protocol string `json:"protocol,omitempty"` ProtocolMapper string `json:"protocolMapper,omitempty"` }
ProtocolMapperRepresentation represents....
type ProtocolMappers ¶
type ProtocolMappers struct { ID string `json:"id,omitempty"` Name string `json:"name,omitempty"` Protocol string `json:"protocol,omitempty"` ProtocolMapper string `json:"protocolMapper,omitempty"` ConsentRequired bool `json:"consentRequired"` ProtocolMappersConfig ProtocolMappersConfig `json:"config,omitempty"` }
ProtocolMappers are protocolmappers
type ProtocolMappersConfig ¶
type ProtocolMappersConfig struct { UserinfoTokenClaim string `json:"userinfo.token.claim,omitempty"` UserAttribute string `json:"user.attribute,omitempty"` IDTokenClaim string `json:"id.token.claim,omitempty"` AccessTokenClaim string `json:"access.token.claim,omitempty"` ClaimName string `json:"claim.name,omitempty"` ClaimValue string `json:"claim.value,omitempty"` JSONTypeLabel string `json:"jsonType.label,omitempty"` Multivalued string `json:"multivalued,omitempty"` UsermodelClientRoleMappingClientID string `json:"usermodel.clientRoleMapping.clientId,omitempty"` IncludedClientAudience string `json:"included.client.audience,omitempty"` }
ProtocolMappersConfig is a config of a protocol mapper
type RealmRepresentation ¶
type RealmRepresentation struct { AccessCodeLifespan int `json:"accessCodeLifespan,omitempty"` AccessCodeLifespanLogin int `json:"accessCodeLifespanLogin,omitempty"` AccessCodeLifespanUserAction int `json:"accessCodeLifespanUserAction,omitempty"` AccessTokenLifespan int `json:"accessTokenLifespan,omitempty"` AccessTokenLifespanForImplicitFlow int `json:"accessTokenLifespanForImplicitFlow,omitempty"` AccountTheme string `json:"accountTheme,omitempty"` ActionTokenGeneratedByAdminLifespan int `json:"actionTokenGeneratedByAdminLifespan,omitempty"` ActionTokenGeneratedByUserLifespan int `json:"actionTokenGeneratedByUserLifespan,omitempty"` AdminEventsDetailsEnabled bool `json:"adminEventsDetailsEnabled"` AdminEventsEnabled bool `json:"adminEventsEnabled"` AdminTheme string `json:"adminTheme,omitempty"` Attributes map[string]string `json:"attributes,omitempty"` AuthenticationFlows []interface{} `json:"authenticationFlows,omitempty"` AuthenticatorConfig []interface{} `json:"authenticatorConfig,omitempty"` BrowserFlow string `json:"browserFlow,omitempty"` BrowserSecurityHeaders map[string]string `json:"browserSecurityHeaders,omitempty"` BruteForceProtected bool `json:"bruteForceProtected"` ClientAuthenticationFlow string `json:"clientAuthenticationFlow,omitempty"` ClientScopeMappings map[string]string `json:"clientScopeMappings,omitempty"` ClientScopes []ClientScope `json:"clientScopes,omitempty"` Clients []Client `json:"clients,omitempty"` Components interface{} `json:"components,omitempty"` DefaultDefaultClientScopes []string `json:"defaultDefaultClientScopes,omitempty"` DefaultGroups []string `json:"defaultGroups,omitempty"` DefaultLocale string `json:"defaultLocale,omitempty"` DefaultOptionalClientScopes []string `json:"defaultOptionalClientScopes,omitempty"` DefaultRoles []string `json:"defaultRoles,omitempty"` DefaultSignatureAlgorithm string `json:"defaultSignatureAlgorithm,omitempty"` DirectGrantFlow string `json:"directGrantFlow,omitempty"` DisplayName string `json:"displayName,omitempty"` DisplayNameHTML string `json:"displayNameHtml,omitempty"` DockerAuthenticationFlow string `json:"dockerAuthenticationFlow,omitempty"` DuplicateEmailsAllowed bool `json:"duplicateEmailsAllowed"` EditUsernameAllowed bool `json:"editUsernameAllowed"` EmailTheme string `json:"emailTheme,omitempty"` Enabled bool `json:"enabled"` EnabledEventTypes []string `json:"enabledEventTypes,omitempty"` EventsEnabled bool `json:"eventsEnabled"` EventsExpiration int64 `json:"eventsExpiration,omitempty"` EventsListeners []string `json:"eventsListeners,omitempty"` FailureFactor int `json:"failureFactor,omitempty"` FederatedUsers []interface{} `json:"federatedUsers,omitempty"` Groups []interface{} `json:"groups,omitempty"` ID string `json:"id,omitempty"` IdentityProviderMappers []interface{} `json:"identityProviderMappers,omitempty"` IdentityProviders []interface{} `json:"identityProviders,omitempty"` InternationalizationEnabled bool `json:"internationalizationEnabled"` KeycloakVersion string `json:"keycloakVersion,omitempty"` LoginTheme string `json:"loginTheme,omitempty"` LoginWithEmailAllowed bool `json:"loginWithEmailAllowed"` MaxDeltaTimeSeconds int `json:"maxDeltaTimeSeconds,omitempty"` MaxFailureWaitSeconds int `json:"maxFailureWaitSeconds,omitempty"` MinimumQuickLoginWaitSeconds int `json:"minimumQuickLoginWaitSeconds,omitempty"` NotBefore int `json:"notBefore,omitempty"` OfflineSessionIdleTimeout int `json:"offlineSessionIdleTimeout,omitempty"` OfflineSessionMaxLifespan int `json:"offlineSessionMaxLifespan,omitempty"` OfflineSessionMaxLifespanEnabled bool `json:"offlineSessionMaxLifespanEnabled"` OtpPolicyAlgorithm string `json:"otpPolicyAlgorithm,omitempty"` OtpPolicyDigits int `json:"otpPolicyDigits,omitempty"` OtpPolicyInitialCounter int `json:"otpPolicyInitialCounter,omitempty"` OtpPolicyLookAheadWindow int `json:"otpPolicyLookAheadWindow,omitempty"` OtpPolicyPeriod int `json:"otpPolicyPeriod,omitempty"` OtpPolicyType string `json:"otpPolicyType,omitempty"` OtpSupportedApplications []string `json:"otpSupportedApplications,omitempty"` PasswordPolicy string `json:"passwordPolicy,omitempty"` PermanentLockout bool `json:"permanentLockout"` ProtocolMappers []interface{} `json:"protocolMappers,omitempty"` QuickLoginCheckMilliSeconds int64 `json:"quickLoginCheckMilliSeconds,omitempty"` Realm string `json:"realm,omitempty"` RefreshTokenMaxReuse int `json:"refreshTokenMaxReuse,omitempty"` RegistrationAllowed bool `json:"registrationAllowed"` RegistrationEmailAsUsername bool `json:"registrationEmailAsUsername"` RegistrationFlow string `json:"registrationFlow,omitempty"` RememberMe bool `json:"rememberMe"` RequiredActions []interface{} `json:"requiredActions,omitempty"` ResetCredentialsFlow string `json:"resetCredentialsFlow,omitempty"` ResetPasswordAllowed bool `json:"resetPasswordAllowed"` RevokeRefreshToken bool `json:"revokeRefreshToken"` Roles interface{} `json:"roles,omitempty"` ScopeMappings []interface{} `json:"scopeMappings,omitempty"` SMTPServer map[string]string `json:"smtpServer,omitempty"` SslRequired string `json:"sslRequired,omitempty"` SsoSessionIdleTimeout int `json:"ssoSessionIdleTimeout,omitempty"` SsoSessionIdleTimeoutRememberMe int `json:"ssoSessionIdleTimeoutRememberMe,omitempty"` SsoSessionMaxLifespan int `json:"ssoSessionMaxLifespan,omitempty"` SsoSessionMaxLifespanRememberMe int `json:"ssoSessionMaxLifespanRememberMe,omitempty"` SupportedLocales []string `json:"supportedLocales,omitempty"` UserFederationMappers []interface{} `json:"userFederationMappers,omitempty"` UserFederationProviders []interface{} `json:"userFederationProviders,omitempty"` UserManagedAccessAllowed bool `json:"userManagedAccessAllowed"` Users []User `json:"users,omitempty"` VerifyEmail bool `json:"verifyEmail"` WaitIncrementSeconds int `json:"waitIncrementSeconds,omitempty"` }
RealmRepresentation represent a realm
type ResourceRepresentation ¶
type ResourceRepresentation struct { ID string `json:"id,omitempty"` //TODO: is marked "_optional" in template, input error or deliberate? Attributes map[string]string `json:"attributes,omitempty"` DisplayName string `json:"displayName,omitempty"` IconURI string `json:"icon_uri,omitempty"` //TODO: With "_" because that's how it's written down in the template Name string `json:"name,omitempty"` OwnerManagedAccess bool `json:"ownerManagedAccess"` Scopes []ScopeRepresentation `json:"scopes,omitempty"` Type string `json:"type,omitempty"` URIs []string `json:"uris,omitempty"` }
ResourceRepresentation is a representation of a Resource
type ResourceServerRepresentation ¶
type ResourceServerRepresentation struct { AllowRemoteResourceManagement bool `json:"allowRemoteResourceManagement"` ClientID string `json:"clientId,omitempty"` ID string `json:"id,omitempty"` Name string `json:"name,omitempty"` Policies []PolicyRepresentation `json:"policies,omitempty"` PolicyEnforcementMode *PolicyEnforcementMode `json:"policyEnforcementMode,omitempty"` Resources []ResourceRepresentation `json:"resources,omitempty"` Scopes []ScopeRepresentation `json:"scopes,omitempty"` }
ResourceServerRepresentation represents the resources of a Server
type RetrospecTokenResult ¶
type RetrospecTokenResult struct { Permissions map[string]string `json:"permissions,omitempty"` Exp int `json:"exp,omitempty"` Nbf int `json:"nbf,omitempty"` Iat int `json:"iat,omitempty"` Aud StringOrArray `json:"aud,omitempty"` Active bool `json:"active"` AuthTime int `json:"auth_time,omitempty"` Jti string `json:"jti,omitempty"` Type string `json:"typ,omitempty"` }
RetrospecTokenResult is returned when a token was checked
type Role ¶
type Role struct { ID string `json:"id,omitempty"` Name string `json:"name,omitempty"` ScopeParamRequired bool `json:"scopeParamRequired"` Composite bool `json:"composite"` ClientRole bool `json:"clientRole"` ContainerID string `json:"containerId,omitempty"` Description string `json:"description,omitempty"` Attributes map[string][]string `json:"attributes,omitempty"` }
Role is a role
type ScopeRepresentation ¶
type ScopeRepresentation struct { DisplayName string `json:"displayName,omitempty"` IconURI string `json:"iconUri,omitempty"` ID string `json:"id,omitempty"` Name string `json:"name,omitempty"` Policies []PolicyRepresentation `json:"policies,omitempty"` Resources []ResourceRepresentation `json:"resources,omitempty"` }
ScopeRepresentation is a represents a Scope
type ServerInfoRepesentation ¶
type ServerInfoRepesentation struct { SystemInfo SystemInfoRepresentation `json:"systemInfo,omitempty"` MemoryInfo MemoryInfoRepresentation `json:"memoryInfo"` }
ServerInfoRepesentation represents a server info
type SetPasswordRequest ¶
type SetPasswordRequest struct { Type string `json:"type,omitempty"` Temporary bool `json:"temporary"` Password string `json:"value,omitempty"` }
SetPasswordRequest sets a new password
type StringOrArray ¶
type StringOrArray []string
StringOrArray represents a value that can either be a string or an array of strings
func (StringOrArray) MarshalJSON ¶
func (s StringOrArray) MarshalJSON() ([]byte, error)
MarshalJSON converts the array of strings to a JSON array or JSON string if there is only one item in the array
func (*StringOrArray) UnmarshalJSON ¶
func (s *StringOrArray) UnmarshalJSON(data []byte) error
UnmarshalJSON unmarshals a string or an array object from a JSON array or a JSON string
type SystemInfoRepresentation ¶
type SystemInfoRepresentation struct { FileEncoding string `json:"fileEncoding"` JavaHome string `json:"javaHome"` JavaRuntime string `json:"javaRuntime,omitempty"` JavaVendor string `json:"javaVendor,omitempty"` JavaVersion string `json:"javaVersion,omitempty"` JavaVM string `json:"javaVm,omitempty"` JavaVMVersion string `json:"javaVmVersion,omitempty"` OSArchitecture string `json:"osArchitecture,omitempty"` OSName string `json:"osName,omitempty"` OSVersion string `json:"osVersion,omitempty"` ServerTime string `json:"serverTime,omitempty"` Uptime string `json:"uptime,omitempty"` UptimeMillis int `json:"uptimeMillis,omitempty"` UserDir string `json:"userDir,omitempty"` UserLocale string `json:"userLocale,omitempty"` UserName string `json:"userName,omitempty"` UserTimezone string `json:"userTimezone,omitempty"` Version string `json:"version,omitempty"` }
SystemInfoRepresentation represents a system info
type TokenOptions ¶
type TokenOptions struct { ClientID string `json:"client_id"` ClientSecret string `json:"-"` GrantType string `json:"grant_type"` RefreshToken string `json:"refresh_token,omitempty"` Scopes []string `json:"-"` Scope string `json:"scope,omitempty"` ResponseTypes []string `json:"-"` ResponseType string `json:"response_type,omitempty"` Permission string `json:"permission,omitempty"` Username string `json:"username,omitempty"` Password string `json:"password,omitempty"` }
TokenOptions represents the options to obtain a token
func (*TokenOptions) FormData ¶
func (t *TokenOptions) FormData() map[string]string
FormData returns a map of options to be used in SetFormData function
type User ¶
type User struct { ID string `json:"id,omitempty"` CreatedTimestamp int64 `json:"createdTimestamp,omitempty"` Username string `json:"username,omitempty"` Enabled bool `json:"enabled"` Totp bool `json:"totp"` EmailVerified bool `json:"emailVerified"` FirstName string `json:"firstName,omitempty"` LastName string `json:"lastName,omitempty"` Email string `json:"email,omitempty"` FederationLink string `json:"federationLink,omitempty"` Attributes map[string][]string `json:"attributes,omitempty"` DisableableCredentialTypes []interface{} `json:"disableableCredentialTypes,omitempty"` RequiredActions []string `json:"requiredActions,omitempty"` Access map[string]bool `json:"access"` ClientRoles map[string][]string `json:"clientRoles,omitempty"` RealmRoles []string `json:"realmRoles,omitempty"` ServiceAccountClientID string `json:"serviceAccountClientId,omitempty"` Credentials []*CredentialRepresentation `json:"credentials,omitempty"` }
User represents the Keycloak User Structure
type UserGroup ¶
type UserGroup struct { ID string `json:"id,omitempty"` Name string `json:"name,omitempty"` Path string `json:"path,omitempty"` }
UserGroup is a UserGroup
type UserInfo ¶
type UserInfo struct { Sub string `json:"sub,omitempty"` EmailVerified bool `json:"email_verified"` Address interface{} `json:"address,omitempty"` PreferredUsername string `json:"preferred_username,omitempty"` Email string `json:"email,omitempty"` }
UserInfo is returned by the userinfo endpoint
type UserSessionRepresentation ¶
type UserSessionRepresentation struct { Clients map[string]string `json:"clients,omitempty"` ID string `json:"id,omitempty"` IPAddress string `json:"ipAddress,omitempty"` LastAccess int64 `json:"lastAccess,omitempty"` Start int64 `json:"start,omitempty"` UserID string `json:"userId,omitempty"` Username string `json:"username,omitempty"` }
UserSessionRepresentation represents a list of user's sessions