keycloak

package module

v0.0.0-...-ad1c04b Latest Latest Go to latest Published: Oct 21, 2018 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hugocortes/go-keycloak

Links

Open Source Insights

README ¶

go-keycloak

go-keycloak is a Go client library for accessing the Keycloak API

Usage

import "github.com/hugocortes/go-keycloak"

Constructing the Keycloak client depends on the client that will be used to make requests and if that user or client has offline access to disable the SSO idle timeout. This provides flexibiliy in creating more than one Keycloak client to authenticate against different realms and/or clients.

Using a Service Account will require the client ID, client name, and the client secret

// Creates a service account
serviceAccount := keycloak.NewServiceAccount(
	httpClient, // httpClient or use default if nil
	"BASE_URL", // base keycloak url
	"REALM", // target realm
	hasOfflineAccess, // If offline_access role is assigned
	"CLIENT_ID", // target client id
	"CLIENT_NAME", // target client name
	"CLIENT_SECRET", // target client secret
)

Using a user to authenticate using a confidential client will require client ID, client name, client secret, admin, and admin password

// Creates a service account
serviceAccount := keycloak.NewConfidentialAdmin(
	httpClient, // httpClient or use default if nil
	"BASE_URL", // base keycloak url
	"REALM", // target realm
	hasOfflineAccess, // If offline_access role is assigned
	"CLIENT_ID", // target client id
	"CLIENT_NAME", // target client name
	"CLIENT_SECRET", // target client secret
	"ADMION_USER", // target admin username
	"ADMIN_PASS", // target admin password
)

User a user to authenticate using a public client will require client ID, client name, admin, and admin password

// Creates a service account
serviceAccount := keycloak.NewPublicAdmin(
	httpClient, // httpClient or use default if nil
	"BASE_URL", // base keycloak url
	"REALM", // target realm
	hasOfflineAccess, // If offline_access role is assigned
	"CLIENT_ID", // target client id
	"CLIENT_NAME", // target client name
	"ADMION_USER", // target admin username
	"ADMIN_PASS", // target admin password
)

Note: Depending on the type of request, the library will require the Client (if full scope mapping is disbled) and Admin User and/or Service Account to have the appropriate role(s) or 403 errors will be returned.

Documentation ¶

Index ¶

type AccessGrantRequest
type AdminUserService
- func (c *AdminUserService) GetUserByID(ctx context.Context, ID string) (*User, *Response, error)
type AuthenticationService
- func (c *AuthenticationService) GetOIDCToken(ctx context.Context, grantReq *AccessGrantRequest) (*OIDCToken, *Response, error)
type Client
type Credential
type ErrorResponse
- func (r *ErrorResponse) Error() string
type FederatedIdentity
type MultivaluedHashMap
type OIDCToken
type Response
type UMAService
- func (c *UMAService) GetUMAUser(ctx context.Context, token string, v interface{}) (interface{}, *Response, error)
type User
type UserConsent

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AccessGrantRequest ¶

type AccessGrantRequest struct {
	GrantType    string `url:"grant_type"`
	Scope        string `url:"scope,omitempty"`
	Username     string `url:"username,omitempty"`
	Password     string `url:"password,omitempty"`
	ClientID     string `url:"client_id"`
	ClientSecret string `url:"client_secret,omitempty"`
}

AccessGrantRequest represents a request for grant type authentication

type AdminUserService ¶

type AdminUserService service

AdminUserService handles communication with keycloak user management

func (*AdminUserService) GetUserByID ¶

func (c *AdminUserService) GetUserByID(
	ctx context.Context,
	ID string,
) (*User, *Response, error)

GetUserByID retrieves a user by ID

type AuthenticationService ¶

type AuthenticationService service

AuthenticationService handles communication with Keyloak authentication

func (*AuthenticationService) GetOIDCToken ¶

func (c *AuthenticationService) GetOIDCToken(
	ctx context.Context,
	grantReq *AccessGrantRequest,
) (*OIDCToken, *Response, error)

GetOIDCToken authenticates the access grant request

type Client ¶

type Client struct {

	// Services
	Authentication *AuthenticationService
	AdminUser      *AdminUserService
	UMA            *UMAService
	// contains filtered or unexported fields
}

Client manages communication to Keycloak

func NewConfidentialAdmin ¶

func NewConfidentialAdmin(
	httpClient *http.Client,

	baseURL string,
	realm string,
	hasOfflineAccess bool,

	clientID string,
	clientSecret string,

	adminAccount string,
	adminPass string,
) *Client

NewConfidentialAdmin is targeted at users with elevated privileges who will be using a confidential client to authenticate against.

func NewPublicAdmin ¶

func NewPublicAdmin(
	httpClient *http.Client,

	baseURL string,
	realm string,
	hasOfflineAccess bool,

	clientID string,

	adminAccount string,
	adminPass string,
) *Client

NewPublicAdmin is targeted at users with elevated privileges who will be using a public client to authenticate against.

func NewServiceAccount ¶

func NewServiceAccount(
	httpClient *http.Client,

	baseURL string,
	realm string,
	hasOfflineAccess bool,

	clientID string,
	clientSecret string,
) *Client

NewServiceAccount is targeted at Service Accounts with elevated privileges

func (Client) AdminAccount ¶

func (c Client) AdminAccount() string

AdminAccount returns the adminAccount value

func (Client) AdminOIDC ¶

func (c Client) AdminOIDC() *OIDCToken

AdminOIDC returns the admin access token

func (Client) AdminPass ¶

func (c Client) AdminPass() string

AdminPass returns the adminPass value

func (Client) BaseURL ¶

func (c Client) BaseURL() string

BaseURL returns the baseURL value

func (Client) ClientID ¶

func (c Client) ClientID() string

ClientID returns the clientID value

func (Client) ClientSecret ¶

func (c Client) ClientSecret() string

ClientSecret returns the clientSecret value

func (Client) Realm ¶

func (c Client) Realm() string

Realm returns the realm value

type Credential ¶

type Credential struct {
	Algorithm         *string             `json:"algorithm,omitempty"`
	Config            *MultivaluedHashMap `json:"config,omitempty"`
	Counter           *int32              `json:"counter,omitempty"`
	CreatedDate       *int64              `json:"createdDate,omitempty"`
	Device            *string             `json:"device,omitempty"`
	Digits            *int32              `json:"digits,omitempty"`
	HashIterations    *int32              `json:"hashIterations,omitempty"`
	HashedSaltedValue *string             `json:"hashedSaltedValue,omitempty"`
	Period            *int32              `json:"period,omitempty"`
	Salt              *string             `json:"salt,omitempty"`
	Temporary         *bool               `json:"temporary,omitempty"`
	Type              *string             `json:"type,omitempty"`
	Value             *string             `json:"value,omitempty"`
}

Credential represents the user's credentials type

type ErrorResponse ¶

type ErrorResponse struct {
	Response *http.Response
	Message  string `json:"error_description"`
}

ErrorResponse returns the error response from Keycloak

func (*ErrorResponse) Error ¶

func (r *ErrorResponse) Error() string

type FederatedIdentity ¶

type FederatedIdentity struct {
	IdentityProvider *string `json:"identityProvider,omitempty"`
	UserID           *string `json:"userId,omitempty"`
	UserName         *string `json:"userName,omitempty"`
}

FederatedIdentity represents third party signups

type MultivaluedHashMap ¶

type MultivaluedHashMap struct {
	Empty      *bool  `json:"empty,omitempty"`
	LoadFactor *int32 `json:"loadFactor,omitempty"`
	Threshold  *int32 `json:"threshold,omitempty"`
}

MultivaluedHashMap ...

type OIDCToken ¶

type OIDCToken struct {
	AccessToken      string `json:"access_token"`
	ExpiresIn        int    `json:"expires_in"`
	RefreshExpiresIn int    `json:"refresh_expires_in"`
	RefreshToken     string `json:"refresh_token"`
	TokenType        string `json:"token_type"`
	NotBeforePolicy  int    `json:"not_before_policy"`
	SessionState     string `json:"session_state"`
	Scope            string `json:"scope"`
}

OIDCToken represents a credential token to access keycloak

type Response ¶

type Response struct {
	Response *http.Response
}

Response is the Keycloak response.

type UMAService ¶

type UMAService service

UMAService handles communication with Keycloak UMA

func (*UMAService) GetUMAUser ¶

func (c *UMAService) GetUMAUser(
	ctx context.Context,
	token string,
	v interface{},
) (interface{}, *Response, error)

GetUMAUser allows user to view their token mappings. The provided interface is returned to be decoded on success.

type User ¶

type User struct {
	Access                     *map[string]interface{} `json:"access,omitempty"`
	Attributes                 *map[string]interface{} `json:"attributes,omitempty"`
	ClientConsents             *[]UserConsent          `json:"clientConsents,omitempty"`
	ClientRoles                *map[string]interface{} `json:"clientRoles,omitempty"`
	CreatedTimestamp           *int64                  `json:"createdTimestamp,omitempty"`
	Credentials                *[]Credential           `json:"credentials,omitempty"`
	DisableableCredentialTypes *[]string               `json:"disableableCredentialTypes,omitempty"`
	Email                      *string                 `json:"email,omitempty"`
	EmailVerified              *bool                   `json:"emailVerified,omitempty"`
	Enabled                    *bool                   `json:"enabled,omitempty"`
	FederatedIdentities        *[]FederatedIdentity    `json:"federatedIdentities,omitempty"`
	FederationLink             *string                 `json:"federationLink,omitempty"`
	FirstName                  *string                 `json:"firstName,omitempty"`
	Groups                     *[]string               `json:"groups,omitempty"`
	ID                         *string                 `json:"id,omitempty"`
	LastName                   *string                 `json:"lastName,omitempty"`
	NotBefore                  *int32                  `json:"notBefore,omitempty"`
	Origin                     *string                 `json:"origin,omitempty"`
	RealmRoles                 *[]string               `json:"realmRoles,omitempty"`
	RequiredActions            *[]string               `json:"requiredActions,omitempty"`
	Self                       *string                 `json:"self,omitempty"`
	ServiceAccountClientID     *string                 `json:"serviceAccountClientId,omitempty"`
	Username                   *string                 `json:"username,omitempty"`
}

User represents the Keycloak user

type UserConsent ¶

type UserConsent struct {
	ClientID               *string                 `json:"clientId,omitempty"`
	CreatedDate            *int64                  `json:"createdDate,omitempty"`
	GrantedClientRoles     *map[string]interface{} `json:"grantedClientRoles,omitempty"`
	GrantedProtocolMappers *map[string]interface{} `json:"grantedProtocolMappers,omitempty"`
	GrantedRealmRoles      *[]string               `json:"grantedRealmRoles,omitempty"`
	LastUpdatedDate        *int64                  `json:"lastUpdatedDate,omitempty"`
}

UserConsent represents scopes that have been consented

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
examples
access-grants Package main provides an example for using an admin account or a service account to authorize against a client and query a user provided a 'query-users' role	Package main provides an example for using an admin account or a service account to authorize against a client and query a user provided a 'query-users' role

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL