Skip to content

Commit

Permalink
fix: Set client_credentials as grant_type also when x509 certificate …
Browse files Browse the repository at this point in the history 
…is given (#597)

* fix: Added grant type as openid_connection optional attribute

* fix: Add getter and setter for grant_type

---------

Co-authored-by: Alex Rohozneanu <aro@bigbrother.nl>
  • Loading branch information
@alexrohozneanu
alexrohozneanu and Alex Rohozneanu authored Oct 2, 2024
1 parent 034a075 commit 41d2047
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 22 deletions.
4 changes: 4 additions & 0 deletions src/keycloak/keycloak_admin.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,7 @@ class KeycloakAdmin:
def __init__(
self,
server_url=None,
grant_type=None,
username=None,
password=None,
token=None,
Expand All @@ -104,6 +105,8 @@ def __init__(
:param server_url: Keycloak server url
:type server_url: str
:param grant_type: grant type for authn
:type grant_type: str
:param username: admin username
:type username: str
:param password: admin password
Expand Down Expand Up @@ -136,6 +139,7 @@ def __init__(
"""
self.connection = connection or KeycloakOpenIDConnection(
server_url=server_url,
grant_type=grant_type,
username=username,
password=password,
token=token,
Expand Down
12 changes: 6 additions & 6 deletions src/keycloak/keycloak_openid.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -276,7 +276,7 @@ def token(
self,
username="",
password="",
grant_type=["password"],
grant_type="password",
code="",
redirect_uri="",
totp=None,
Expand Down Expand Up @@ -338,7 +338,7 @@ def token(
)
return raise_error_from_response(data_raw, KeycloakPostError)

def refresh_token(self, refresh_token, grant_type=["refresh_token"]):
def refresh_token(self, refresh_token, grant_type="refresh_token"):
"""Refresh the user token.
The token endpoint is used to obtain tokens. Tokens can either be obtained by
Expand Down Expand Up @@ -409,7 +409,7 @@ def exchange_token(
"""
params_path = {"realm-name": self.realm_name}
payload = {
"grant_type": ["urn:ietf:params:oauth:grant-type:token-exchange"],
"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
"client_id": self.client_id,
"subject_token": token,
"subject_token_type": subject_token_type,
Expand Down Expand Up @@ -920,7 +920,7 @@ async def a_token(
self,
username="",
password="",
grant_type=["password"],
grant_type="password",
code="",
redirect_uri="",
totp=None,
Expand Down Expand Up @@ -982,7 +982,7 @@ async def a_token(
)
return raise_error_from_response(data_raw, KeycloakPostError)

async def a_refresh_token(self, refresh_token, grant_type=["refresh_token"]):
async def a_refresh_token(self, refresh_token, grant_type="refresh_token"):
"""Refresh the user token asynchronously.
The token endpoint is used to obtain tokens. Tokens can either be obtained by
Expand Down Expand Up @@ -1053,7 +1053,7 @@ async def a_exchange_token(
"""
params_path = {"realm-name": self.realm_name}
payload = {
"grant_type": ["urn:ietf:params:oauth:grant-type:token-exchange"],
"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
"client_id": self.client_id,
"subject_token": token,
"subject_token_type": subject_token_type,
Expand Down
44 changes: 28 additions & 16 deletions src/keycloak/openid_connection.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ class KeycloakOpenIDConnection(ConnectionManager):
"""

_server_url = None
_grant_type = None
_username = None
_password = None
_totp = None
Expand All @@ -59,6 +60,7 @@ class KeycloakOpenIDConnection(ConnectionManager):
def __init__(
self,
server_url,
grant_type=None,
username=None,
password=None,
token=None,
Expand All @@ -76,6 +78,8 @@ def __init__(
:param server_url: Keycloak server url
:type server_url: str
:param grant_type: grant type for authn
:type grant_type: str
:param username: admin username
:type username: str
:param password: admin password
Expand Down Expand Up @@ -110,6 +114,7 @@ def __init__(
self.token_lifetime_fraction = 0.9
self.headers = {}
self.server_url = server_url
self.grant_type = grant_type
self.username = username
self.password = password
self.token = token
Expand All @@ -124,6 +129,12 @@ def __init__(
self.headers = {**self.headers, "Content-Type": "application/json"}
self.cert = cert

if not self.grant_type:
if username and password:
self.grant_type = "password"
elif client_secret_key:
self.grant_type = "client_credentials"

super().__init__(
base_url=self.server_url,
headers=self.headers,
Expand All @@ -145,6 +156,19 @@ def server_url(self):
def server_url(self, value):
self.base_url = value

@property
def grant_type(self):
"""Get grant type.
:returns: Grant type
:rtype: str
"""
return self._grant_type

@grant_type.setter
def grant_type(self, value):
self._grant_type = value

@property
def realm_name(self):
"""Get realm name.
Expand Down Expand Up @@ -314,15 +338,9 @@ def get_token(self):
The admin token is then set in the `token` attribute.
"""
grant_type = []
if self.username and self.password:
grant_type.append("password")
elif self.client_secret_key:
grant_type.append("client_credentials")

if grant_type:
if self.grant_type:
self.token = self.keycloak_openid.token(
self.username, self.password, grant_type=grant_type, totp=self.totp
self.username, self.password, grant_type=self.grant_type, totp=self.totp
)
else:
self.token = None
Expand Down Expand Up @@ -426,15 +444,9 @@ async def a_get_token(self):
The admin token is then set in the `token` attribute.
"""
grant_type = []
if self.username and self.password:
grant_type.append("password")
elif self.client_secret_key:
grant_type.append("client_credentials")

if grant_type:
if self.grant_type:
self.token = await self.keycloak_openid.a_token(
self.username, self.password, grant_type=grant_type, totp=self.totp
self.username, self.password, grant_type=self.grant_type, totp=self.totp
)
else:
self.token = None
Expand Down

0 comments on commit 41d2047

Please sign in to comment.