diff --git a/src/keycloak/keycloak_admin.py b/src/keycloak/keycloak_admin.py index 3b1b00a9..7af64abd 100644 --- a/src/keycloak/keycloak_admin.py +++ b/src/keycloak/keycloak_admin.py @@ -86,6 +86,7 @@ class KeycloakAdmin: def __init__( self, server_url=None, + grant_type=None, username=None, password=None, token=None, @@ -104,6 +105,8 @@ def __init__( :param server_url: Keycloak server url :type server_url: str + :param grant_type: grant type for authn + :type grant_type: str :param username: admin username :type username: str :param password: admin password @@ -136,6 +139,7 @@ def __init__( """ self.connection = connection or KeycloakOpenIDConnection( server_url=server_url, + grant_type=grant_type, username=username, password=password, token=token, diff --git a/src/keycloak/keycloak_openid.py b/src/keycloak/keycloak_openid.py index 7c0a5584..a4453eb4 100644 --- a/src/keycloak/keycloak_openid.py +++ b/src/keycloak/keycloak_openid.py @@ -276,7 +276,7 @@ def token( self, username="", password="", - grant_type=["password"], + grant_type="password", code="", redirect_uri="", totp=None, @@ -338,7 +338,7 @@ def token( ) return raise_error_from_response(data_raw, KeycloakPostError) - def refresh_token(self, refresh_token, grant_type=["refresh_token"]): + def refresh_token(self, refresh_token, grant_type="refresh_token"): """Refresh the user token. The token endpoint is used to obtain tokens. Tokens can either be obtained by @@ -409,7 +409,7 @@ def exchange_token( """ params_path = {"realm-name": self.realm_name} payload = { - "grant_type": ["urn:ietf:params:oauth:grant-type:token-exchange"], + "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange", "client_id": self.client_id, "subject_token": token, "subject_token_type": subject_token_type, @@ -920,7 +920,7 @@ async def a_token( self, username="", password="", - grant_type=["password"], + grant_type="password", code="", redirect_uri="", totp=None, @@ -982,7 +982,7 @@ async def a_token( ) return raise_error_from_response(data_raw, KeycloakPostError) - async def a_refresh_token(self, refresh_token, grant_type=["refresh_token"]): + async def a_refresh_token(self, refresh_token, grant_type="refresh_token"): """Refresh the user token asynchronously. The token endpoint is used to obtain tokens. Tokens can either be obtained by @@ -1053,7 +1053,7 @@ async def a_exchange_token( """ params_path = {"realm-name": self.realm_name} payload = { - "grant_type": ["urn:ietf:params:oauth:grant-type:token-exchange"], + "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange", "client_id": self.client_id, "subject_token": token, "subject_token_type": subject_token_type, diff --git a/src/keycloak/openid_connection.py b/src/keycloak/openid_connection.py index 15d2cb95..73ab9d89 100644 --- a/src/keycloak/openid_connection.py +++ b/src/keycloak/openid_connection.py @@ -43,6 +43,7 @@ class KeycloakOpenIDConnection(ConnectionManager): """ _server_url = None + _grant_type = None _username = None _password = None _totp = None @@ -59,6 +60,7 @@ class KeycloakOpenIDConnection(ConnectionManager): def __init__( self, server_url, + grant_type=None, username=None, password=None, token=None, @@ -76,6 +78,8 @@ def __init__( :param server_url: Keycloak server url :type server_url: str + :param grant_type: grant type for authn + :type grant_type: str :param username: admin username :type username: str :param password: admin password @@ -110,6 +114,7 @@ def __init__( self.token_lifetime_fraction = 0.9 self.headers = {} self.server_url = server_url + self.grant_type = grant_type self.username = username self.password = password self.token = token @@ -124,6 +129,12 @@ def __init__( self.headers = {**self.headers, "Content-Type": "application/json"} self.cert = cert + if not self.grant_type: + if username and password: + self.grant_type = "password" + elif client_secret_key: + self.grant_type = "client_credentials" + super().__init__( base_url=self.server_url, headers=self.headers, @@ -145,6 +156,19 @@ def server_url(self): def server_url(self, value): self.base_url = value + @property + def grant_type(self): + """Get grant type. + + :returns: Grant type + :rtype: str + """ + return self._grant_type + + @grant_type.setter + def grant_type(self, value): + self._grant_type = value + @property def realm_name(self): """Get realm name. @@ -314,15 +338,9 @@ def get_token(self): The admin token is then set in the `token` attribute. """ - grant_type = [] - if self.username and self.password: - grant_type.append("password") - elif self.client_secret_key: - grant_type.append("client_credentials") - - if grant_type: + if self.grant_type: self.token = self.keycloak_openid.token( - self.username, self.password, grant_type=grant_type, totp=self.totp + self.username, self.password, grant_type=self.grant_type, totp=self.totp ) else: self.token = None @@ -426,15 +444,9 @@ async def a_get_token(self): The admin token is then set in the `token` attribute. """ - grant_type = [] - if self.username and self.password: - grant_type.append("password") - elif self.client_secret_key: - grant_type.append("client_credentials") - - if grant_type: + if self.grant_type: self.token = await self.keycloak_openid.a_token( - self.username, self.password, grant_type=grant_type, totp=self.totp + self.username, self.password, grant_type=self.grant_type, totp=self.totp ) else: self.token = None