gocloak

package module
v0.0.0-...-2af0c0f Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 14, 2019 License: Apache-2.0 Imports: 9 Imported by: 0

README

gocloak

codebeat badge Go Report Card Go Doc Build Status codecov

golang keycloak client

This client is based on : go-keycloak

For Questions either raise an issue, or come to the gopher-slack into the channel #gocloak

If u are using the echo framework have a look at gocloak-echo

Keycloak Version < 4.8

If you are using a Keycloak Server version <4.8 please use the V1.0 release of gocloak.

	go get gopkg.in/nerzal/gocloak.v1
	import "gopkg.in/nerzal/gocloak.v1"

https://gopkg.in/nerzal/gocloak.v1

Usage

Create New User
	gocloak := gocloak.NewClient("https://mycool.keycloak.instance")
	token, err := gocloak.LoginAdmin("user", "password", "realmName")
	if err != nil {
		panic("Something wrong with the credentials or url")
	}
	user := gocloak.User{
		FirstName: "Bob",
		LastName:  "Uncle",
		EMail:     "something@really.wrong",
		Enabled:   true,
		Username:  "CoolGuy",
	}
	gocloak.CreateUser(token.AccessToken, "realm", user)
	if err != nil {
		panic("Oh no!, failed to create user :(")
	}
Introspect Token
	client := NewClient(hostname)
	token, err := client.LoginClient(clientid, clientSecret, realm)
	if err != nil {
		panic("Login failed:"+ err.Error())
	}

	rptResult, err := client.RetrospectToken(token.AccessToken, clientid, clientSecret, realm)
	if err != nil {
		panic("Inspection failed:"+ err.Error())
	}

	if !rptResult.Active {
		panic("Token is not active")
	}

	permissions := rptResult.Permissions
	//Do something with the permissions ;) 

Features

// GoCloak holds all methods a client should fullfill
type GoCloak interface {
	Login(clientID string, clientSecret string, realm string, username string, password string) (*JWT, error)
	Logout(clientID, clientSecret, realm, refreshToken string) error
	LoginClient(clientID, clientSecret, realm string) (*JWT, error)
	LoginAdmin(username, password, realm string) (*JWT, error)
	RequestPermission(clientID string, clientSecret string, realm string, username string, password string, permission string) (*JWT, error)
	RefreshToken(refreshToken string, clientID, clientSecret, realm string) (*JWT, error)
	DecodeAccessToken(accessToken string, realm string) (*jwt.Token, *jwt.MapClaims, error)
	DecodeAccessTokenCustomClaims(accessToken string, realm string, claims jwt.Claims) (*jwt.Token, error)
	RetrospectToken(accessToken string, clientID, clientSecret string, realm string) (*RetrospecTokenResult, error)
	GetIssuer(realm string) (*IssuerResponse, error)
	GetCerts(realm string) (*CertResponse, error)
	GetUserInfo(accessToken string, realm string) (*UserInfo, error)
	SetPassword(token string, userID string, realm string, password string, temporary bool) error
	ExecuteActionsEmail(token string, realm string, params ExecuteActionsEmail) error

	CreateUser(token string, realm string, user User) (*string, error)
	CreateGroup(accessToken string, realm string, group Group) error
	CreateClientRole(accessToken string, realm string, clientID string, role Role) error
	CreateClient(accessToken string, realm string, clientID Client) error
	CreateClientScope(accessToken string, realm string, scope ClientScope) error
	CreateComponent(accessToken string, realm string, component Component) error

	UpdateUser(accessToken string, realm string, user User) error
	UpdateGroup(accessToken string, realm string, group Group) error
	UpdateRole(accessToken string, realm string, clientID string, role Role) error
	UpdateClient(accessToken string, realm string, clientID Client) error
	UpdateClientScope(accessToken string, realm string, scope ClientScope) error

	DeleteUser(accessToken string, realm, userID string) error
	DeleteComponent(accessToken string, realm, componentID string) error
	DeleteGroup(accessToken string, realm, groupID string) error
	DeleteClientRole(accessToken string, realm, clientID, roleName string) error
	DeleteClient(accessToken string, realm, clientID string) error
	DeleteClientScope(accessToken string, realm, scopeID string) error

	GetClient(accessToken string, realm string, clientID string) (*Client, error)
	GetClientSecret(token string, realm string, clientID string) (*CredentialRepresentation, error)
	GetKeyStoreConfig(accessToken string, realm string) (*KeyStoreConfig, error)
	GetUserByID(accessToken string, realm string, userID string) (*User, error)
	GetUserCount(accessToken string, realm string) (int, error)
	GetUsers(accessToken string, realm string, params GetUsersParams) (*[]User, error)
	GetUserGroups(accessToken string, realm string, userID string) (*[]UserGroup, error)
	GetComponents(accessToken string, realm string) (*[]Component, error)
	GetGroups(accessToken string, realm string, params GetGroupsParams) (*[]Group, error)
	GetGroup(accessToken string, realm, groupID string) (*Group, error)
	GetRoleMappingByGroupID(accessToken string, realm string, groupID string) (*MappingsRepresentation, error)
	GetRoleMappingByUserID(accessToken string, realm string, userID string) (*MappingsRepresentation, error)
	GetClientRoles(accessToken string, realm string, clientID string) (*[]Role, error)
	GetClientRole(token string, realm string, clientID string, roleName string) (*Role, error)
	GetClients(accessToken string, realm string, params GetClientsParams) (*[]Client, error)
	GetUsersByRoleName(token string, realm string, roleName string) (*[]User, error)
	UserAttributeContains(attributes map[string][]string, attribute string, value string) bool

	// *** Realm Roles ***

	CreateRealmRole(token string, realm string, role Role) error
	GetRealmRole(token string, realm string, roleName string) (*Role, error)
	GetRealmRoles(accessToken string, realm string) (*[]Role, error)
	GetRealmRolesByUserID(accessToken string, realm string, userID string) (*[]Role, error)
	GetRealmRolesByGroupID(accessToken string, realm string, groupID string) (*[]Role, error)
	UpdateRealmRole(token string, realm string, roleName string, role Role) error
	DeleteRealmRole(token string, realm string, roleName string) error
	AddRealmRoleToUser(token string, realm string, userID string, roles []Role) error
	DeleteRealmRoleFromUser(token string, realm string, userID string, roles []Role) error
	AddRealmRoleComposite(token string, realm string, roleName string, roles []Role) error
	DeleteRealmRoleComposite(token string, realm string, roleName string, roles []Role) error

	// *** Realm ***

	GetRealm(token string, realm string) (*RealmRepresentation, error)
	CreateRealm(token string, realm RealmRepresentation) error
}

developing & testing

For local testing you need to start a docker container. Simply run following commands prior to starting the tests:

docker pull jboss/keycloak
docker run -d -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=secret -e KEYCLOAK_IMPORT=/tmp/gocloak-realm.json -v `pwd`/testdata/gocloak-realm.json:/tmp/gocloak-realm.json -p 8080:8080 --name keycloak jboss/keycloak
go test

Or you can run the tests on you own keycloak:

export GOCLOAK_TEST_CONFIG=/path/to/gocloak/config.json

All resources created as a result of unit tests will be deleted, except for the test user defined in the configuration file.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type APIError

type APIError struct {
	Code    int
	Message string
}

APIError represents an api error

func (APIError) Error

func (apiError APIError) Error() string

Error stringifies the APIError

type Access

type Access struct {
	ManageGroupMembership bool `json:"manageGroupMembership"`
	View                  bool `json:"view"`
	MapRoles              bool `json:"mapRoles"`
	Impersonate           bool `json:"impersonate"`
	Manage                bool `json:"manage"`
}

Access represents access

type ActiveKeys

type ActiveKeys struct {
	HS256 string `json:"HS256"`
	RS256 string `json:"RS256"`
	AES   string `json:"AES"`
}

ActiveKeys holds the active keys

type Attributes

type Attributes struct {
	LDAPENTRYDN []string `json:"LDAP_ENTRY_DN"`
	LDAPID      []string `json:"LDAP_ID"`
}

Attributes holds Attributes

type BaseParams

type BaseParams struct{}

BaseParams provides basic functionality for all QueryParams structures. The fields tags must have `json:"<name>,string,omitempty"` format. "string" tag allows to convert the structure to map[string]string. "omitempty" allows to skip the fields with default values.

func (BaseParams) GetQueryParams

func (s BaseParams) GetQueryParams() (map[string]string, error)

GetQueryParams converts the struct to map[string]string

type CertResponse

type CertResponse struct {
	Keys []CertResponseKey `json:"keys"`
}

CertResponse is returned by the certs endpoint

type CertResponseKey

type CertResponseKey struct {
	Kid string `json:"kid"`
	Kty string `json:"kty"`
	Alg string `json:"alg"`
	Use string `json:"use"`
	N   string `json:"n"`
	E   string `json:"e"`
}

CertResponseKey is returned by the certs endpoint

type Client

type Client struct {
	ID       string `json:"id"`
	ClientID string `json:"clientId"`
}

Client is a Client

type ClientMappingsRepresentation

type ClientMappingsRepresentation struct {
	ID       string `json:"id"`
	Client   string `json:"client"`
	Mappings []Role `json:"mappings"`
}

ClientMappingsRepresentation is a client role mappings

type ClientScope

type ClientScope struct {
	ID                    string                `json:"id"`
	Name                  string                `json:"name"`
	Description           string                `json:"description"`
	Protocol              string                `json:"protocol"`
	ClientScopeAttributes ClientScopeAttributes `json:"attributes"`
	ProtocolMappers       ProtocolMappers       `json:"protocolMappers,omitempty"`
}

ClientScope is a ClientScope

type ClientScopeAttributes

type ClientScopeAttributes struct {
	ConsentScreenText      string `json:"consent.screen.text"`
	DisplayOnConsentScreen string `json:"display.on.consent.screen"`
}

ClientScopeAttributes are attributes of client scopes

type Component

type Component struct {
	ID              string          `json:"id"`
	Name            string          `json:"name"`
	ProviderID      string          `json:"providerId"`
	ProviderType    string          `json:"providerType"`
	ParentID        string          `json:"parentId"`
	ComponentConfig ComponentConfig `json:"config"`
	SubType         string          `json:"subType,omitempty"`
}

Component is a component

type ComponentConfig

type ComponentConfig struct {
	Priority  []string `json:"priority"`
	Algorithm []string `json:"algorithm"`
}

ComponentConfig is a componentconfig

type CredentialRepresentation

type CredentialRepresentation struct {
	Algorithm         string             `json:"algorithm"`
	Config            MultivaluedHashMap `json:"config"`
	Counter           int32              `json:"counter"`
	CreatedDate       int64              `json:"createdDate"`
	Device            string             `json:"device"`
	Digits            int32              `json:"digits"`
	HashIterations    int32              `json:"hashIterations"`
	HashedSaltedValue string             `json:"hashedSaltedValue"`
	Period            int32              `json:"period"`
	Salt              string             `json:"salt"`
	Temporary         bool               `json:"temporary"`
	Type              string             `json:"type"`
	Value             string             `json:"value"`
}

CredentialRepresentation represents credentials

type ExecuteActionsEmail

type ExecuteActionsEmail struct {
	BaseParams
	UserID      string   `json:"-"`
	ClientID    string   `json:"clientId,omitempty"`
	Lifespan    int      `json:"lifespan,string,omitempty"`
	RedirectURI string   `json:"redirect_uri,omitempty"`
	Actions     []string `json:"-"`
}

ExecuteActionsEmail represents parameters for executing action emails

func (ExecuteActionsEmail) GetQueryParams

func (s ExecuteActionsEmail) GetQueryParams() (map[string]string, error)

GetQueryParams converts the struct to map[string]string

type GetClientsParams

type GetClientsParams struct {
	BaseParams
	ClientID     string `json:"clientId,omitempty"`
	ViewableOnly bool   `json:"viewableOnly,string,omitempty"`
}

GetClientsParams represents the query parameters

func (GetClientsParams) GetQueryParams

func (s GetClientsParams) GetQueryParams() (map[string]string, error)

GetQueryParams converts the struct to map[string]string

type GetGroupsParams

type GetGroupsParams struct {
	BaseParams
	First  int    `json:"first,string,omitempty"`
	Max    int    `json:"max,string,omitempty"`
	Search string `json:"search,omitempty"`
}

GetGroupsParams represents the optional parameters for getting groups

func (GetGroupsParams) GetQueryParams

func (s GetGroupsParams) GetQueryParams() (map[string]string, error)

GetQueryParams converts the struct to map[string]string

type GetUsersParams

type GetUsersParams struct {
	BaseParams
	BriefRepresentation *bool  `json:"briefRepresentation,string,omitempty"`
	Email               string `json:"email,omitempty"`
	First               int    `json:"first,string,omitempty"`
	FirstName           string `json:"firstName,omitempty"`
	LastName            string `json:"lastName,omitempty"`
	Max                 int    `json:"max,string,omitempty"`
	Search              string `json:"search,omitempty"`
	Username            string `json:"username,omitempty"`
}

GetUsersParams represents the optional parameters for getting users

func (GetUsersParams) GetQueryParams

func (s GetUsersParams) GetQueryParams() (map[string]string, error)

GetQueryParams converts the struct to map[string]string

type GoCloak

type GoCloak interface {
	// Login sends a request to the token endpoint using user and client credentials
	Login(clientID string, clientSecret string, realm string, username string, password string) (*JWT, error)
	// Logout sends a request to the logout endpoint using refresh token
	Logout(clientID, clientSecret, realm, refreshToken string) error
	// LoginClient sends a request to the token endpoint using client credentials
	LoginClient(clientID, clientSecret, realm string) (*JWT, error)
	// LoginAdmin login as admin
	LoginAdmin(username, password, realm string) (*JWT, error)
	// RequestPermisssion sends a request to the token endpoint with permission parameter
	RequestPermission(clientID string, clientSecret string, realm string, username string, password string, permission string) (*JWT, error)
	// RefreshToken used to refresh the token
	RefreshToken(refreshToken string, clientID, clientSecret, realm string) (*JWT, error)
	// DecodeAccessToken decodes the accessToken
	DecodeAccessToken(accessToken string, realm string) (*jwt.Token, *jwt.MapClaims, error)
	// DecodeAccessTokenCustomClaims decodes the accessToken and fills the given claims
	DecodeAccessTokenCustomClaims(accessToken string, realm string, claims jwt.Claims) (*jwt.Token, error)
	// DecodeAccessTokenCustomClaims calls the token introspection endpoint
	RetrospectToken(accessToken string, clientID, clientSecret string, realm string) (*RetrospecTokenResult, error)
	// GetIssuer calls the issuer endpoint for the given realm
	GetIssuer(realm string) (*IssuerResponse, error)
	// GetCerts gets the public keys for the given realm
	GetCerts(realm string) (*CertResponse, error)
	// GetUserInfo gets the user info for the given realm
	GetUserInfo(accessToken string, realm string) (*UserInfo, error)

	// SetPassword sets a new password for the user with the given id. Needs elevated privileges
	SetPassword(token string, userID string, realm string, password string, temporary bool) error

	// ExecuteActionsEmail executes an actions email
	ExecuteActionsEmail(token string, realm string, params ExecuteActionsEmail) error

	// CreateUser creates a new user
	CreateUser(token string, realm string, user User) (*string, error)
	// CreateGroup creates a new group
	CreateGroup(accessToken string, realm string, group Group) error
	// CreateClientRole creates a new role for a client
	CreateClientRole(accessToken string, realm string, clientID string, role Role) error
	// CreateClient creates a new client
	CreateClient(accessToken string, realm string, clientID Client) error
	// CreateClientScope creates a new clientScope
	CreateClientScope(accessToken string, realm string, scope ClientScope) error
	// CreateComponent creates a new component
	CreateComponent(accessToken string, realm string, component Component) error

	// UpdateUser updates the given user
	UpdateUser(accessToken string, realm string, user User) error
	// UpdateGroup updates the given group
	UpdateGroup(accessToken string, realm string, group Group) error
	// UpdateRole updates the given role
	UpdateRole(accessToken string, realm string, clientID string, role Role) error
	// UpdateClient updates the given client
	UpdateClient(accessToken string, realm string, clientID Client) error
	// UpdateClientScope updates the given clientScope
	UpdateClientScope(accessToken string, realm string, scope ClientScope) error

	// DeleteUser deletes the given user
	DeleteUser(accessToken string, realm, userID string) error
	// DeleteComponent deletes the given component
	DeleteComponent(accessToken string, realm, componentID string) error
	// DeleteGroup deletes the given group
	DeleteGroup(accessToken string, realm, groupID string) error
	// DeleteClientRole deletes the given role
	DeleteClientRole(accessToken string, realm, clientID, roleName string) error
	// DeleteClient deletes the given client
	DeleteClient(accessToken string, realm, clientID string) error
	// DeleteClientScope
	DeleteClientScope(accessToken string, realm, scopeID string) error

	// GetClient returns a client
	GetClient(accessToken string, realm string, clientID string) (*Client, error)
	// GetClientSecret returns a client's secret
	GetClientSecret(token string, realm string, clientID string) (*CredentialRepresentation, error)
	// GetKeyStoreConfig gets the keyStoreConfig
	GetKeyStoreConfig(accessToken string, realm string) (*KeyStoreConfig, error)
	// GetUserByID gets the user with the given id
	GetUserByID(accessToken string, realm string, userID string) (*User, error)
	// GetUser count returns the userCount of the given realm
	GetUserCount(accessToken string, realm string) (int, error)
	// GetUsers gets all users of the given realm
	GetUsers(accessToken string, realm string, params GetUsersParams) (*[]User, error)
	// GetUserGroups gets the groups of the given user
	GetUserGroups(accessToken string, realm string, userID string) (*[]UserGroup, error)
	// GetComponents gets components of the given realm
	GetComponents(accessToken string, realm string) (*[]Component, error)
	// GetGroups gets all groups of the given realm
	GetGroups(accessToken string, realm string, params GetGroupsParams) (*[]Group, error)
	// GetGroup gets the given group
	GetGroup(accessToken string, realm, groupID string) (*Group, error)
	// GetRoleMappingByGroupID gets the rolemapping for the given group id
	GetRoleMappingByGroupID(accessToken string, realm string, groupID string) (*MappingsRepresentation, error)
	// GetRoleMappingByUserID gets the rolemapping for the given user id
	GetRoleMappingByUserID(accessToken string, realm string, userID string) (*MappingsRepresentation, error)
	// GetClientRoles gets roles for the given client
	GetClientRoles(accessToken string, realm string, clientID string) (*[]Role, error)
	// GetClientRole get a role for the given client in a realm by role name
	GetClientRole(token string, realm string, clientID string, roleName string) (*Role, error)
	// GetClients gets the clients in the realm
	GetClients(accessToken string, realm string, params GetClientsParams) (*[]Client, error)
	// GetUsersByRoleName returns all users have a given role
	GetUsersByRoleName(token string, realm string, roleName string) (*[]User, error)

	// UserAttributeContains checks if the given attribute has the given value
	UserAttributeContains(attributes map[string][]string, attribute string, value string) bool

	// CreateRealmRole creates a role in a realm
	CreateRealmRole(token string, realm string, role Role) error
	// GetRealmRole returns a role from a realm by role's name
	GetRealmRole(token string, realm string, roleName string) (*Role, error)
	// GetRealmRoles get all roles of the given realm. It's an alias for the GetRoles function
	GetRealmRoles(accessToken string, realm string) (*[]Role, error)
	// GetRealmRolesByUserID returns all roles assigned to the given user
	GetRealmRolesByUserID(accessToken string, realm string, userID string) (*[]Role, error)
	// GetRealmRolesByGroupID returns all roles assigned to the given group
	GetRealmRolesByGroupID(accessToken string, realm string, groupID string) (*[]Role, error)
	// UpdateRealmRole updates a role in a realm
	UpdateRealmRole(token string, realm string, roleName string, role Role) error
	// DeleteRealmRole deletes a role in a realm by role's name
	DeleteRealmRole(token string, realm string, roleName string) error
	// AddRealmRoleToUser adds realm-level role mappings
	AddRealmRoleToUser(token string, realm string, userID string, roles []Role) error
	// DeleteRealmRoleFromUser deletes realm-level role mappings
	DeleteRealmRoleFromUser(token string, realm string, userID string, roles []Role) error
	// AddRealmRoleComposite adds roles as composite
	AddRealmRoleComposite(token string, realm string, roleName string, roles []Role) error
	// AddRealmRoleComposite adds roles as composite
	DeleteRealmRoleComposite(token string, realm string, roleName string, roles []Role) error

	// GetRealm returns top-level representation of the realm
	GetRealm(token string, realm string) (*RealmRepresentation, error)
	// CreateRealm creates a realm
	CreateRealm(token string, realm RealmRepresentation) error
}

GoCloak holds all methods a client should fulfill

func NewClient

func NewClient(basePath string) GoCloak

NewClient creates a new Client

type Group

type Group struct {
	ID        string        `json:"id,omitempty"`
	Name      string        `json:"name,omitempty"`
	Path      string        `json:"path,omitempty"`
	SubGroups []interface{} `json:"subGroups,omitempty"`
}

Group is a Group

type IssuerResponse

type IssuerResponse struct {
	Realm           string `json:"realm"`
	PublicKey       string `json:"public_key"`
	TokenService    string `json:"token-service"`
	AccountService  string `json:"account-service"`
	TokensNotBefore int    `json:"tokens-not-before"`
}

IssuerResponse is returned by the issuer endpoint

type JWT

type JWT struct {
	AccessToken      string `json:"access_token"`
	ExpiresIn        int    `json:"expires_in"`
	RefreshExpiresIn int    `json:"refresh_expires_in"`
	RefreshToken     string `json:"refresh_token"`
	TokenType        string `json:"token_type"`
	NotBeforePolicy  int    `json:"not-before-policy"`
	SessionState     string `json:"session_state"`
	Scope            string `json:"scope"`
}

JWT is a JWT

type Key

type Key struct {
	ProviderID       string `json:"providerId"`
	ProviderPriority int    `json:"providerPriority"`
	Kid              string `json:"kid"`
	Status           string `json:"status"`
	Type             string `json:"type"`
	Algorithm        string `json:"algorithm"`
	PublicKey        string `json:"publicKey,omitempty"`
	Certificate      string `json:"certificate,omitempty"`
}

Key is a key

type KeyStoreConfig

type KeyStoreConfig struct {
	ActiveKeys ActiveKeys `json:"active"`
	Key        []Key      `json:"keys"`
}

KeyStoreConfig holds the keyStoreConfig

type MappingsRepresentation

type MappingsRepresentation struct {
	ClientMappings map[string]ClientMappingsRepresentation `json:"clientMappings,omitempty"`
	RealmMappings  []Role                                  `json:"realmMappings,omitempty"`
}

MappingsRepresentation is a representation of role mappings

type MultivaluedHashMap

type MultivaluedHashMap struct {
	Empty      bool    `json:"empty"`
	LoadFactor float32 `json:"loadFactor"`
	Threshold  int32   `json:"threshold"`
}

MultivaluedHashMap represents something

type ObjectAlreadyExists

type ObjectAlreadyExists struct{}

ObjectAlreadyExists is used when keycloak answers with 409

func (*ObjectAlreadyExists) Error

func (o *ObjectAlreadyExists) Error() string

type ProtocolMappers

type ProtocolMappers struct {
	ID                    string                `json:"id"`
	Name                  string                `json:"name"`
	Protocol              string                `json:"protocol"`
	ProtocolMapper        string                `json:"protocolMapper"`
	ConsentRequired       bool                  `json:"consentRequired"`
	ProtocolMappersConfig ProtocolMappersConfig `json:"config"`
}

ProtocolMappers are protocolmappers

type ProtocolMappersConfig

type ProtocolMappersConfig struct {
	UserinfoTokenClaim string `json:"userinfo.token.claim"`
	UserAttribute      string `json:"user.attribute"`
	IDTokenClaim       string `json:"id.token.claim"`
	AccessTokenClaim   string `json:"access.token.claim"`
	ClaimName          string `json:"claim.name"`
	JSONTypeLabel      string `json:"jsonType.label"`
}

ProtocolMappersConfig is a config of a protocol mapper

type RealmRepresentation

type RealmRepresentation struct {
	AccessCodeLifespan                  int               `json:"accessCodeLifespan"`
	AccessCodeLifespanLogin             int               `json:"accessCodeLifespanLogin"`
	AccessCodeLifespanUserAction        int               `json:"accessCodeLifespanUserAction"`
	AccessTokenLifespan                 int               `json:"accessTokenLifespan"`
	AccessTokenLifespanForImplicitFlow  int               `json:"accessTokenLifespanForImplicitFlow"`
	AccountTheme                        string            `json:"accountTheme"`
	ActionTokenGeneratedByAdminLifespan int               `json:"actionTokenGeneratedByAdminLifespan"`
	ActionTokenGeneratedByUserLifespan  int               `json:"actionTokenGeneratedByUserLifespan"`
	AdminEventsDetailsEnabled           bool              `json:"adminEventsDetailsEnabled"`
	AdminEventsEnabled                  bool              `json:"adminEventsEnabled"`
	AdminTheme                          string            `json:"adminTheme"`
	Attributes                          map[string]string `json:"attributes"`
	AuthenticationFlows                 []interface{}     `json:"authenticationFlows"`
	AuthenticatorConfig                 []interface{}     `json:"authenticatorConfig"`
	BrowserFlow                         string            `json:"browserFlow"`
	BrowserSecurityHeaders              map[string]string `json:"browserSecurityHeaders"`
	BruteForceProtected                 bool              `json:"bruteForceProtected"`
	ClientAuthenticationFlow            string            `json:"clientAuthenticationFlow"`
	ClientScopeMappings                 map[string]string `json:"clientScopeMappings"`
	ClientScopes                        []interface{}     `json:"clientScopes"`
	Clients                             []interface{}     `json:"clients"`
	Components                          interface{}       `json:"components"`
	DefaultDefaultClientScopes          []string          `json:"defaultDefaultClientScopes"`
	DefaultGroups                       []string          `json:"defaultGroups"`
	DefaultLocale                       string            `json:"defaultLocale"`
	DefaultOptionalClientScopes         []string          `json:"defaultOptionalClientScopes"`
	DefaultRoles                        []string          `json:"defaultRoles"`
	DefaultSignatureAlgorithm           string            `json:"defaultSignatureAlgorithm"`
	DirectGrantFlow                     string            `json:"directGrantFlow"`
	DisplayName                         string            `json:"displayName"`
	DisplayNameHTML                     string            `json:"displayNameHtml"`
	DockerAuthenticationFlow            string            `json:"dockerAuthenticationFlow"`
	DuplicateEmailsAllowed              bool              `json:"duplicateEmailsAllowed"`
	EditUsernameAllowed                 bool              `json:"editUsernameAllowed"`
	EmailTheme                          string            `json:"emailTheme"`
	Enabled                             bool              `json:"enabled"`
	EnabledEventTypes                   []string          `json:"enabledEventTypes"`
	EventsEnabled                       bool              `json:"eventsEnabled"`
	EventsExpiration                    int64             `json:"eventsExpiration"`
	EventsListeners                     []string          `json:"eventsListeners"`
	FailureFactor                       int               `json:"failureFactor"`
	FederatedUsers                      []interface{}     `json:"federatedUsers"`
	Groups                              []interface{}     `json:"groups"`
	ID                                  string            `json:"id"`
	IdentityProviderMappers             []interface{}     `json:"identityProviderMappers"`
	IdentityProviders                   []interface{}     `json:"identityProviders"`
	InternationalizationEnabled         bool              `json:"internationalizationEnabled"`
	KeycloakVersion                     string            `json:"keycloakVersion"`
	LoginTheme                          string            `json:"loginTheme"`
	LoginWithEmailAllowed               bool              `json:"loginWithEmailAllowed"`
	MaxDeltaTimeSeconds                 int               `json:"maxDeltaTimeSeconds"`
	MaxFailureWaitSeconds               int               `json:"maxFailureWaitSeconds"`
	MinimumQuickLoginWaitSeconds        int               `json:"minimumQuickLoginWaitSeconds"`
	NotBefore                           int               `json:"notBefore"`
	OfflineSessionIdleTimeout           int               `json:"offlineSessionIdleTimeout"`
	OfflineSessionMaxLifespan           int               `json:"offlineSessionMaxLifespan"`
	OfflineSessionMaxLifespanEnabled    bool              `json:"offlineSessionMaxLifespanEnabled"`
	OtpPolicyAlgorithm                  string            `json:"otpPolicyAlgorithm"`
	OtpPolicyDigits                     int               `json:"otpPolicyDigits"`
	OtpPolicyInitialCounter             int               `json:"otpPolicyInitialCounter"`
	OtpPolicyLookAheadWindow            int               `json:"otpPolicyLookAheadWindow"`
	OtpPolicyPeriod                     int               `json:"otpPolicyPeriod"`
	OtpPolicyType                       string            `json:"otpPolicyType"`
	OtpSupportedApplications            []string          `json:"otpSupportedApplications"`
	PasswordPolicy                      string            `json:"passwordPolicy"`
	PermanentLockout                    bool              `json:"permanentLockout"`
	ProtocolMappers                     []interface{}     `json:"protocolMappers"`
	QuickLoginCheckMilliSeconds         int64             `json:"quickLoginCheckMilliSeconds"`
	Realm                               string            `json:"realm"`
	RefreshTokenMaxReuse                int               `json:"refreshTokenMaxReuse"`
	RegistrationAllowed                 bool              `json:"registrationAllowed"`
	RegistrationEmailAsUsername         bool              `json:"registrationEmailAsUsername"`
	RegistrationFlow                    string            `json:"registrationFlow"`
	RememberMe                          bool              `json:"rememberMe"`
	RequiredActions                     []interface{}     `json:"requiredActions"`
	ResetCredentialsFlow                string            `json:"resetCredentialsFlow"`
	ResetPasswordAllowed                bool              `json:"resetPasswordAllowed"`
	RevokeRefreshToken                  bool              `json:"revokeRefreshToken"`
	Roles                               interface{}       `json:"roles"`
	ScopeMappings                       []interface{}     `json:"scopeMappings"`
	SMTPServer                          map[string]string `json:"smtpServer"`
	SslRequired                         string            `json:"sslRequired"`
	SsoSessionIdleTimeout               int               `json:"ssoSessionIdleTimeout"`
	SsoSessionIdleTimeoutRememberMe     int               `json:"ssoSessionIdleTimeoutRememberMe"`
	SsoSessionMaxLifespan               int               `json:"ssoSessionMaxLifespan"`
	SsoSessionMaxLifespanRememberMe     int               `json:"ssoSessionMaxLifespanRememberMe"`
	SupportedLocales                    []string          `json:"supportedLocales"`
	UserFederationMappers               []interface{}     `json:"userFederationMappers"`
	UserFederationProviders             []interface{}     `json:"userFederationProviders"`
	UserManagedAccessAllowed            bool              `json:"userManagedAccessAllowed"`
	Users                               []interface{}     `json:"users"`
	VerifyEmail                         bool              `json:"verifyEmail"`
	WaitIncrementSeconds                int               `json:"waitIncrementSeconds"`
}

RealmRepresentation represent a realm

type RetrospecTokenResult

type RetrospecTokenResult struct {
	Permissions map[string]string `json:"permissions,omitempty"`
	Exp         int               `json:"exp,omitempty"`
	Nbf         int               `json:"nbf,omitempty"`
	Iat         int               `json:"iat,omitempty"`
	Aud         string            `json:"aud,omitempty"`
	Active      bool              `json:"active,omitempty"`
	AuthTime    int               `json:"auth_time,omitempty"`
	Jti         string            `json:"jti,omitempty"`
	Type        string            `json:"typ,omitempty"`
}

RetrospecTokenResult is returned when a token was checked

type Role

type Role struct {
	ID                 string              `json:"id,omitempty"`
	Name               string              `json:"name,omitempty"`
	ScopeParamRequired bool                `json:"scopeParamRequired,omitempty"`
	Composite          bool                `json:"composite,omitempty"`
	ClientRole         bool                `json:"clientRole,omitempty"`
	ContainerID        string              `json:"containerId,omitempty"`
	Description        string              `json:"description,omitempty"`
	Attributes         map[string][]string `json:"attributes,omitempty"`
}

Role is a role

type SetPasswordRequest

type SetPasswordRequest struct {
	Type      string `json:"type"`
	Temporary bool   `json:"temporary"`
	Password  string `json:"value"`
}

SetPasswordRequest sets a new password

type User

type User struct {
	ID                         string              `json:"id,omitempty"`
	CreatedTimestamp           int64               `json:"createdTimestamp,omitempty"`
	Username                   string              `json:"username,omitempty"`
	Enabled                    bool                `json:"enabled,omitempty"`
	Totp                       bool                `json:"totp,omitempty"`
	EmailVerified              bool                `json:"emailVerified,omitempty"`
	FirstName                  string              `json:"firstName,omitempty"`
	LastName                   string              `json:"lastName,omitempty"`
	Email                      string              `json:"email,omitempty"`
	FederationLink             string              `json:"federationLink,omitempty"`
	Attributes                 map[string][]string `json:"attributes,omitempty"`
	DisableableCredentialTypes []interface{}       `json:"disableableCredentialTypes,omitempty"`
	RequiredActions            []interface{}       `json:"requiredActions,omitempty"`
	Access                     map[string]bool     `json:"access,omitempty"`
}

User represents the Keycloak User Structure

type UserGroup

type UserGroup struct {
	ID   string `json:"id,omitempty"`
	Name string `json:"name,omitempty"`
	Path string `json:"path,omitempty"`
}

UserGroup is a UserGroup

type UserInfo

type UserInfo struct {
	Sub               string      `json:"sub"`
	EmailVerified     bool        `json:"email_verified"`
	Address           interface{} `json:"address"`
	PreferredUsername string      `json:"preferred_username"`
	Email             string      `json:"email"`
}

UserInfo is returned by the userinfo endpoint

Directories

Path Synopsis
pkg
jwx

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL