keycloak

package module
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 28, 2020 License: MPL-2.0 Imports: 27 Imported by: 0

README

go-keycloak

Keycloak API client written in Golang

Documentation

Index

Constants

View Source 
const (
	// API Context value keys
	ContextKeyIssuerAddress = "issuer_address"
	ContextKeyToken         = "token"
	ContextKeyRealm         = "keycloak_realm"

	// config defaults
	DefaultPathPrefix        = "auth"
	DefaultPublicKeyCacheTTL = 24 * time.Hour

	// grant type values
	GrantTypeUMATicket         = "urn:ietf:params:oauth:grant-type:uma-ticket"
	GrantTypeClientCredentials = "client_credentials"
)
View Source 
const (
	ParameterDestinationQuery  = "query"
	ParameterDestinationHeader = "header"
)
View Source 
const (
	// DefaultTokenExpirationMargin will be used if you do not specify your own ExpiryMargin key in the config
	DefaultTokenExpirationMargin = 2 * time.Second
)

Variables

This section is empty.

Functions

func BackgroundRealmContext 

func BackgroundRealmContext(realm string) context.Context

BackgroundRealmContext will return a context with a background parent, adding the appropriate realm key

func BackgroundRealmTokenContext 

func BackgroundRealmTokenContext(realm, token string) context.Context

BackgroundRealmTokenContext will return a context with a background parent, adding the appropriate realm and token keys

func BackgroundTokenContext 

func BackgroundTokenContext(token string) context.Context

BackgroundTokenContext will return a context with a background parent, adding the appropriate token key

func ContextIssuerAddress 

func ContextIssuerAddress(ctx context.Context) (string, bool)

ContextIssuerAddress attempts to extract and return the provided context's issuer address. This is rarely used.

func ContextRealm 

func ContextRealm(ctx context.Context) (string, bool)

ContextRealm attempts to extract and return the provided context's realm key value

func ContextToken 

func ContextToken(ctx context.Context) (string, bool)

ContextToken attempts to extract and return the provided context's token key value

func DefaultValuedParameterFormatter 

func DefaultValuedParameterFormatter(_, _ string, v interface{}) (string, bool)

DefaultValuedParameterFormatter provides some baseline value-to-string conversions, skipping zero-vals.

func DefaultZerologLogger 

func DefaultZerologLogger() zerolog.Logger

DefaultZerologLogger returns a default logger to be used with this package. No guarantee is made of consistency between releases.

func FlushGlobalPublicKeyCache 

func FlushGlobalPublicKeyCache()

FlushGlobalPublicKeyCache will immediately flush all entries in the global public key cache, blocking until they have been successfully flushed.

func IssuerAddressContext 

func IssuerAddressContext(parent context.Context, issuerAddress string) context.Context

IssuerAddressContext will return a new context chained from the provided parent with the appropriate issuer address key set

func ParseAddr 

func ParseAddr(addr string, insecure bool) (string, error)

func RealmContext 

func RealmContext(parent context.Context, realm string) context.Context

RealmContext will create a new context chained from the provided parent with the appropriate realm key set

func RealmContextWithTimeout 

func RealmContextWithTimeout(parent context.Context, realm string, ttl time.Duration) (context.Context, context.CancelFunc)

RealmContextWithTimeout will return a new context and cancel func with the realm value key defined and the provided ttl set as the timeout

func RealmTokenContext 

func RealmTokenContext(parent context.Context, realm, token string) context.Context

RealmTokenContext will return a new context chained from the provided parent with both realm and token keys set

func RealmTokenContextWithTimeout 

func RealmTokenContextWithTimeout(parent context.Context, realm, token string, ttl time.Duration) (context.Context, context.CancelFunc)

RealmTokenContextWithTimeout will return a new context and cancel func with the realm and token value keys defined, and the provided ttl set as the timeout

func RequestBearerToken 

func RequestBearerToken(request *http.Request) (string, bool)

RequestBearerToken attempts to extract the encoded "Bearer" token from the provided requests "Authorization" header

func SetGlobalPublicKeyCacheLogger 

func SetGlobalPublicKeyCacheLogger(log zerolog.Logger)

SetGlobalPublicKeyCacheLogger allows you to specify a different logger for the global public key cache instance

func TokenContext 

func TokenContext(parent context.Context, token string) context.Context

TokenContext will create a new context chained from the provided parent with the appropriate token key set

func TokenContextWithTimeout 

func TokenContextWithTimeout(parent context.Context, token string, ttl time.Duration) (context.Context, context.CancelFunc)

TokenContextWithTimeout will return a new context and cancel func with the token value key defined and the provided ttl set as the timeout

Types

type APIClient 

type APIClient struct {
	// contains filtered or unexported fields
}

APIClient

The APIClient is the root of the entire package.

func NewAPIClient 

func NewAPIClient(config *APIClientConfig, mutators ...ConfigMutator) (*APIClient, error)

NewAPIClient will attempt to construct and return a APIClient to you

func NewAPIClientWithIssuerAddress 

func NewAPIClientWithIssuerAddress(issuerAddress string, mutators ...ConfigMutator) (*APIClient, error)

NewAPIClientWithIssuerAddress is a shortcut constructor that only requires you provide the address of the keycloak instance this client will be executing calls against

func (*APIClient) AdminService 

func (c *APIClient) AdminService() *AdminService

AdminService contains modeled api calls for admin API requests

func (*APIClient) AuthService 

func (c *APIClient) AuthService() *AuthService

AuthService contains modeled api calls for auth API requests

func (*APIClient) Call 

func (c *APIClient) Call(ctx context.Context, method, requestPath string, body interface{}, mutators ...RequestMutator) (*http.Response, error)

Call will attempt to execute an arbitrary request against the issuer provided at client creation

All API requests flow through this method.

It does the following in this order:

  1. Compiles full URL against client issuer with provided request path

  2. Constructs *http.Request from provided variables

  3. Executes, in order, any and all provided RequestMutators

  4. Executes request using internal *http.APIClient instance

    Parameters: - ctx: This must be provided by you. This call only directly optionally requires token values - method: This must be an HTTP request method (GET, POST, PUT, etc.) - requestPath: This must be the API request path relative to the root of the IssuerHostname provided at client construction (i.e. "/auth/admin/realms/customer/groups/") - body: This must either be nil, an io.Reader implementation, or a json-serializable type that will be set as the body of the constructed *http.Request - mutators: This may be zero or more funcs adhering to the RequestMutator type. These funcs will be executed in order provided.

    Response: - *http.Response: The raw HTTP response seen. Body will NOT have been read by this point. - error: Any error seen during the execution of this func.

func (*APIClient) CallRequireOK 

func (c *APIClient) CallRequireOK(ctx context.Context, method, requestPath string, body interface{}, mutators ...RequestMutator) (*http.Response, error)

CallRequireOK is a convenience method that will return an error if the seen response code was anything other than 200 OK. If the response was OK and the "model" parameter was defined, it will attempt to json.Unmarshal the response body into this model.

func (*APIClient) IssuerAddress 

func (c *APIClient) IssuerAddress() string

IssuerAddress will return the address of the issuer this client is targeting

func (*APIClient) PathPrefix 

func (c *APIClient) PathPrefix() string

func (*APIClient) RealmProvider 

func (c *APIClient) RealmProvider() RealmProvider

RealmProvider will return the RealmProvider defined at client construction

func (*APIClient) RequestAccessToken 

func (c *APIClient) RequestAccessToken(ctx context.Context, request *http.Request, claimsType jwt.Claims, parserOpts ...jwt.ParserOption) (*jwt.Token, error)

RequestAccessToken attempts to extract the encoded bearer token from the provided request and parse it into a modeled access token type

func (*APIClient) RequireAllContextValues 

func (c *APIClient) RequireAllContextValues(ctx context.Context) (context.Context, error)

func (*APIClient) RequireRealm 

func (c *APIClient) RequireRealm(ctx context.Context) (context.Context, error)

func (*APIClient) RequireToken 

func (c *APIClient) RequireToken(ctx context.Context) (context.Context, error)

func (*APIClient) TokenParser 

func (c *APIClient) TokenParser() TokenParser

TokenParser will return the token parser defined at client construction

func (*APIClient) TokenProvider 

func (c *APIClient) TokenProvider() TokenProvider

TokenProvider will return the TokenProvider defined at client construction

type APIClientConfig 

type APIClientConfig struct {
	// IssuerProvider [optional]
	//
	// The IssuerProvider is called ONCE during client construction to determine the address of the  instance
	// to connect to.  It is never called again, and no reference to it is kept in the client.
	//
	// If left blank, a provider will be created that will attempt to fetch the issuer address from Consul via the kv
	// path defined by the DefaultTokenIssuer constant in this package.
	//
	// See "provider_issuer.go" for available providers.
	IssuerProvider IssuerProvider

	// RealmProvider [optional]
	//
	// The RealmProvider will be called on a per-request basis, depending on if that request needs to have the realm
	// injected into the context.
	//
	// This is used in a few key ways:
	// -  Public Key retrieval and caching
	// -  URL construction (i.e. /auth/realms/{realm}/.well-known/openid-configuration)
	// -  Token validation
	//
	// The above is not a comprehensive list, but generally speaking the overwhelming majority of requests require the
	// realm value to defined.
	//
	// See "provider_realm.go" for implementation details.  If you construct a config using DefaultAPIClientConfig(),
	// you will be expected to provide a context with the realm already defined with each request
	RealmProvider RealmProvider

	// TokenProvider [optional]
	//
	// The TokenProvider will be called on a per-request basis, as it is needed.  Not all requests require a bearer
	// token.  For example, the OpenID Configuration and Realm Issuer Configuration endpoints are open and simply
	// require a Realm value.
	//
	// As a general rule, however, all  "admin" endpoints (i.e. /auth/admin/realms/{realm}/users) will require
	// a token.
	//
	// See "token_provider.go" for implementation details.  If you construct a config using DefaultAPIClientConfig(),
	// you will be expected to provide a context with a token already defined with each request
	TokenProvider TokenProvider

	// TokenParser [optional]
	//
	// The TokenParser will be called any time the client needs a realm's public key.  This is primarily used to
	// validate access and bearer tokens
	TokenParser TokenParser

	// PathPrefix [optional]
	//
	// URL Path prefix.  Defaults to value of DefaultPathPrefix.
	PathPrefix string

	// HTTPClient [optional]
	//
	// Set if you wish to use a specific http client configuration.  Otherwise, one will be created using
	// cleanhttp.DefaultClient()
	HTTPClient *http.Client

	// Logger [optional]
	//
	// Optionally provide a logger instance to use
	Logger zerolog.Logger

	// Debug [optional]
	//
	// Optional configurations aimed to ease debugging
	Debug *DebugConfig
}

APIClientConfig

This is the configuration container for a APIClient. See individual comments on fields for more details.

func DefaultAPIClientConfig 

func DefaultAPIClientConfig() *APIClientConfig

DefaultAPIClientConfig will return a config populated with useful default values where the realm and token are expected to be manually defined in the context provided to each request.

func DefaultAPIClientConfigWithRealm 

func DefaultAPIClientConfigWithRealm(realm string) *APIClientConfig

DefaultAPIClientConfigWithRealm returns a new config with all defaults except that the RealmProvider is replaced with a StaticRealmProvider

type AdminClientRoleCompositesService 

type AdminClientRoleCompositesService struct {
	// contains filtered or unexported fields
}

func NewAdminClientRoleCompositesService 

func NewAdminClientRoleCompositesService(kas *AdminService, clientID, roleName string) *AdminClientRoleCompositesService

func (*AdminClientRoleCompositesService) Add 

func (crs *AdminClientRoleCompositesService) Add(ctx context.Context, roles Roles) error

Add attempts to add the specified role to the provided composite roles

func (*AdminClientRoleCompositesService) List 

func (crs *AdminClientRoleCompositesService) List(ctx context.Context) (Roles, error)

List attempts to return all composite roles that the specified role is a member of

func (*AdminClientRoleCompositesService) Remove 

func (crs *AdminClientRoleCompositesService) Remove(ctx context.Context, roles Roles) error

Remove attempts to remove the provided role from the specified composite roles

type AdminClientRolesService 

type AdminClientRolesService struct {
	// contains filtered or unexported fields
}

AdminClientRolesService contains all the methods needed to manage roles associated with a given client

func NewAdminClientRolesService 

func NewAdminClientRolesService(kas *AdminService, clientID string) *AdminClientRolesService

NewAdminClientRolesService returns a new AdminClientRolesService use to manage roles associated with the provided client id

func (*AdminClientRolesService) CompositesService 

func (rs *AdminClientRolesService) CompositesService(roleName string) *AdminClientRoleCompositesService

func (*AdminClientRolesService) Create 

func (rs *AdminClientRolesService) Create(ctx context.Context, role *Role) ([]string, error)

Create attempts to create a new role for the provided client

func (*AdminClientRolesService) Delete 

func (rs *AdminClientRolesService) Delete(ctx context.Context, roleName string) error

Delete attempts to delete the specified role

func (*AdminClientRolesService) Get 

func (rs *AdminClientRolesService) Get(ctx context.Context, roleName string) (*Role, error)

Get attempts to locate a single role on a client by the role's name

func (*AdminClientRolesService) List 

func (rs *AdminClientRolesService) List(ctx context.Context) (Roles, error)

List attempts to return all the roles defined with the provided client id

func (*AdminClientRolesService) Update 

func (rs *AdminClientRolesService) Update(ctx context.Context, roleName string, role *Role) error

Update attempts to update the provided role within

func (*AdminClientRolesService) Users 

func (rs *AdminClientRolesService) Users(ctx context.Context, roleName string, first, max int) (Users, error)

Users attempts to return a list of all the users who have the specified role within the keycloak realm

type AdminClientsService 

type AdminClientsService struct {
	// contains filtered or unexported fields
}

func NewAdminClientsService 

func NewAdminClientsService(kas *AdminService) *AdminClientsService

func (*AdminClientsService) Create 

func (cs *AdminClientsService) Create(ctx context.Context, client *ClientCreate) ([]string, error)

Create attempts to create a new client within

func (*AdminClientsService) Delete 

func (cs *AdminClientsService) Delete(ctx context.Context, clientID string) error

Delete attempts to delete a client from the Realm this client was created with

func (*AdminClientsService) Get 

func (cs *AdminClientsService) Get(ctx context.Context, clientID string) (*Client, error)

Get attempts to return details about a specific Get in the Realm this client was created with

func (*AdminClientsService) List 

func (cs *AdminClientsService) List(ctx context.Context, clientID string, viewableOnly bool) (Clients, error)

List attempts to return a list of all clients available in the Realm this client was created with

func (*AdminClientsService) RolesService 

func (cs *AdminClientsService) RolesService(clientID string) *AdminClientRolesService

RolesService returns a new AdminClientRolesService use to manage roles associated with the provided client id

func (*AdminClientsService) Update 

func (cs *AdminClientsService) Update(ctx context.Context, clientID string, client *Client) error

Update attempts to update a client in the Realm this client was created with

type AdminGroupsService 

type AdminGroupsService struct {
	// contains filtered or unexported fields
}

func NewAdminGroupsService 

func NewAdminGroupsService(kas *AdminService) *AdminGroupsService

func (*AdminGroupsService) Count 

func (gs *AdminGroupsService) Count(ctx context.Context, search string, top bool) (int, error)

Count attempts to return a count of the total number of groups present in

func (*AdminGroupsService) Create 

func (gs *AdminGroupsService) Create(ctx context.Context, group GroupCreate) ([]string, error)

Create attempts to push a new group into , returning to you the ID of the newly created group.

func (*AdminGroupsService) Delete 

func (gs *AdminGroupsService) Delete(ctx context.Context, groupID string) error

Delete attempts to delete a group from

func (*AdminGroupsService) Get 

func (gs *AdminGroupsService) Get(ctx context.Context, groupID string) (*Group, error)

Get attempts to retrieve details of a specific group within the realm this client was created with

func (*AdminGroupsService) List 

func (gs *AdminGroupsService) List(ctx context.Context, search string, first, max int) (Groups, error)

List attempts to return to you a list of all the groups within the Realm this client was created with

func (*AdminGroupsService) Members 

func (gs *AdminGroupsService) Members(ctx context.Context, groupID string) (Users, error)

Members attempts to return to you a list of all the Users present in the group specified within the realm this client was created with

func (*AdminGroupsService) Update 

func (gs *AdminGroupsService) Update(ctx context.Context, groupID string, group Group) error

Update attempts to push updated values for a specific group to

type AdminRoleCompositesService 

type AdminRoleCompositesService struct {
	// contains filtered or unexported fields
}

func NewAdminRoleCompositesService 

func NewAdminRoleCompositesService(kas *AdminService, roleName string) *AdminRoleCompositesService

func (*AdminRoleCompositesService) Add 

func (rcs *AdminRoleCompositesService) Add(ctx context.Context, roles Roles) error

func (*AdminRoleCompositesService) ClientRoles 

func (rcs *AdminRoleCompositesService) ClientRoles(ctx context.Context, clientName string) (Roles, error)

func (*AdminRoleCompositesService) List 

func (rcs *AdminRoleCompositesService) List(ctx context.Context) (Roles, error)

func (*AdminRoleCompositesService) RealmRoles 

func (rcs *AdminRoleCompositesService) RealmRoles(ctx context.Context) (Roles, error)

func (*AdminRoleCompositesService) Remove 

func (rcs *AdminRoleCompositesService) Remove(ctx context.Context, roles Roles) error

type AdminRolesService 

type AdminRolesService struct {
	// contains filtered or unexported fields
}

func NewAdminRolesService 

func NewAdminRolesService(kas *AdminService) *AdminRolesService

func (*AdminRolesService) CompositesService 

func (rs *AdminRolesService) CompositesService(roleName string) *AdminRoleCompositesService

func (*AdminRolesService) Create 

func (rs *AdminRolesService) Create(ctx context.Context, role *Role) ([]string, error)

func (*AdminRolesService) Delete 

func (rs *AdminRolesService) Delete(ctx context.Context, roleName string) error

func (*AdminRolesService) Get 

func (rs *AdminRolesService) Get(ctx context.Context, roleName string) (*Role, error)

func (*AdminRolesService) List 

func (rs *AdminRolesService) List(ctx context.Context) (Roles, error)

func (*AdminRolesService) Update 

func (rs *AdminRolesService) Update(ctx context.Context, roleName string, role *Role) error

type AdminService 

type AdminService struct {
	// contains filtered or unexported fields
}

AdminService is the container for all modeled API calls that hit the /admin/{realm}/... series of endpoints in

func NewAdminService 

func NewAdminService(c *APIClient) *AdminService

NewAdminService will return to you a new realm admin service that also contains base modeled api calls.

func (AdminService) ClientEntitlement 

func (k AdminService) ClientEntitlement(ctx context.Context, clientID string, claimsType jwt.Claims, parserOpts ...jwt.ParserOption) (*jwt.Token, error)

ClientEntitlement will attempt to call the pre-uma2 entitlement endpoint to return a Requesting Party Token containing details about what aspects of the provided clientID the token for this request has access to, if any. DEPRECATED: use the newer introspection workflow for instances newer than 3.4

func (*AdminService) ClientRoleCompositesService 

func (k *AdminService) ClientRoleCompositesService(clientID, roleName string) *AdminClientRoleCompositesService

func (*AdminService) ClientRolesService 

func (k *AdminService) ClientRolesService(clientID string) *AdminClientRolesService

func (*AdminService) ClientsService 

func (k *AdminService) ClientsService() *AdminClientsService

List returns a new admin clients service instance

func (*AdminService) GroupsService 

func (k *AdminService) GroupsService() *AdminGroupsService

func (AdminService) IntrospectRequestingPartyToken added in v1.1.1 

func (k AdminService) IntrospectRequestingPartyToken(ctx context.Context, rawRPT string) (*TokenIntrospectionResults, error)

func (AdminService) OpenIDConfiguration 

func (k AdminService) OpenIDConfiguration(ctx context.Context) (*OpenIDConfiguration, error)

OpenIDConfiguration returns OpenID Configuration metadata about a realm in the instance being connected to. This endpoint exists across both 3.4 and newer versions of .

func (AdminService) OpenIDConnectToken 

func (k AdminService) OpenIDConnectToken(ctx context.Context, req OpenIDConnectTokenRequest) (*OpenIDConnectToken, error)

OpenIDConnectToken is the starting point for all authorization requests

func (AdminService) ParseToken 

func (k AdminService) ParseToken(ctx context.Context, rawToken string, claimsType jwt.Claims, parserOpts ...jwt.ParserOption) (*jwt.Token, error)

ParseToken will attempt to parse and validate a raw token into a modeled type. If this method does not return an error, you can safely assume the provided raw token is safe for use.

func (AdminService) RealmIssuerConfiguration 

func (k AdminService) RealmIssuerConfiguration(ctx context.Context) (*RealmIssuerConfiguration, error)

RealmIssuerConfiguration returns metadata about the instance being connected to, such as the public key for token signing

func (*AdminService) RoleCompositesService 

func (k *AdminService) RoleCompositesService(roleName string) *AdminRoleCompositesService

func (*AdminService) RolesService 

func (k *AdminService) RolesService() *AdminRolesService

func (AdminService) UMA2Configuration 

func (k AdminService) UMA2Configuration(ctx context.Context) (*UMA2Configuration, error)

UMA2Configuration returns UMA2 configuration metadata about a realm in the instance being connected to. This endpoint only exists in versions of newer than 4

func (*AdminService) UserGroupsService 

func (k *AdminService) UserGroupsService(userID string) *AdminUserGroupsService

func (*AdminService) UserRoleMappingRealmsService 

func (k *AdminService) UserRoleMappingRealmsService(userID string) *AdminUserRoleMappingRealmsService

func (*AdminService) UserRoleMappingsService 

func (k *AdminService) UserRoleMappingsService(userID string) *AdminUserRoleMappingsService

func (*AdminService) UsersService 

func (k *AdminService) UsersService() *AdminUsersService

type AdminUserGroupsService 

type AdminUserGroupsService struct {
	// contains filtered or unexported fields
}

func NewAdminUserGroupsService 

func NewAdminUserGroupsService(kas *AdminService, userID string) *AdminUserGroupsService

func (*AdminUserGroupsService) Add 

func (gs *AdminUserGroupsService) Add(ctx context.Context, groupID string) error

Add attempts to add the service user to the specified group

func (*AdminUserGroupsService) List 

func (gs *AdminUserGroupsService) List(ctx context.Context) (Groups, error)

List attempts to return the list of groups the provided User is a member of

func (*AdminUserGroupsService) Remove 

func (gs *AdminUserGroupsService) Remove(ctx context.Context, groupID string) error

Remove attempts to remove the service user from the specified group

type AdminUserRoleMappingRealmsService 

type AdminUserRoleMappingRealmsService struct {
	// contains filtered or unexported fields
}

func NewAdminUserRoleMappingRealmsService 

func NewAdminUserRoleMappingRealmsService(kas *AdminService, userID string) *AdminUserRoleMappingRealmsService

func (*AdminUserRoleMappingRealmsService) Available 

func (rms *AdminUserRoleMappingRealmsService) Available(ctx context.Context) (Roles, error)

func (*AdminUserRoleMappingRealmsService) List 

func (rms *AdminUserRoleMappingRealmsService) List(ctx context.Context) (Roles, error)

type AdminUserRoleMappingsService 

type AdminUserRoleMappingsService struct {
	// contains filtered or unexported fields
}

func NewAdminUserRoleMappingsService 

func NewAdminUserRoleMappingsService(kas *AdminService, userID string) *AdminUserRoleMappingsService

func (*AdminUserRoleMappingsService) Get 

func (rms *AdminUserRoleMappingsService) Get(ctx context.Context) (*RoleMapping, error)

func (*AdminUserRoleMappingsService) RealmsService 

func (rms *AdminUserRoleMappingsService) RealmsService() *AdminUserRoleMappingRealmsService

type AdminUsersService 

type AdminUsersService struct {
	// contains filtered or unexported fields
}

func NewAdminUsersService 

func NewAdminUsersService(kas *AdminService) *AdminUsersService

func (*AdminUsersService) Count 

func (us *AdminUsersService) Count(ctx context.Context) (int, error)

Count attempts to get a count of all users currently in a keycloak realm

func (*AdminUsersService) Create 

func (us *AdminUsersService) Create(ctx context.Context, user *UserCreate) ([]string, error)

Create attempts to add a user to a keycloak realm

func (*AdminUsersService) Delete 

func (us *AdminUsersService) Delete(ctx context.Context, userID string) error

Delete attempts to delete a user from the keycloak realm

func (*AdminUsersService) Get 

func (us *AdminUsersService) Get(ctx context.Context, userID string) (*User, error)

Get attempts to query for a specific user based on their ID

func (*AdminUsersService) GroupsService 

func (us *AdminUsersService) GroupsService(userID string) *AdminUserGroupsService

func (*AdminUsersService) List 

func (us *AdminUsersService) List(ctx context.Context, email, firstName, lastName, username, search string, first, max int) (Users, error)

List attempts to retrieve a list of users from

func (*AdminUsersService) RoleMappingService 

func (us *AdminUsersService) RoleMappingService(userID string) *AdminUserRoleMappingsService

func (*AdminUsersService) Update 

func (us *AdminUsersService) Update(ctx context.Context, userID string, user *User) error

Update attempts to push an updated user definition

type AuthService 

type AuthService struct {
	// contains filtered or unexported fields
}

func NewAuthService 

func NewAuthService(client *APIClient) *AuthService

func (AuthService) ClientEntitlement 

func (k AuthService) ClientEntitlement(ctx context.Context, clientID string, claimsType jwt.Claims, parserOpts ...jwt.ParserOption) (*jwt.Token, error)

ClientEntitlement will attempt to call the pre-uma2 entitlement endpoint to return a Requesting Party Token containing details about what aspects of the provided clientID the token for this request has access to, if any. DEPRECATED: use the newer introspection workflow for instances newer than 3.4

func (AuthService) IntrospectRequestingPartyToken added in v1.1.1 

func (k AuthService) IntrospectRequestingPartyToken(ctx context.Context, rawRPT string) (*TokenIntrospectionResults, error)

func (AuthService) OpenIDConfiguration 

func (k AuthService) OpenIDConfiguration(ctx context.Context) (*OpenIDConfiguration, error)

OpenIDConfiguration returns OpenID Configuration metadata about a realm in the instance being connected to. This endpoint exists across both 3.4 and newer versions of .

func (AuthService) OpenIDConnectToken 

func (k AuthService) OpenIDConnectToken(ctx context.Context, req OpenIDConnectTokenRequest) (*OpenIDConnectToken, error)

OpenIDConnectToken is the starting point for all authorization requests

func (AuthService) ParseToken 

func (k AuthService) ParseToken(ctx context.Context, rawToken string, claimsType jwt.Claims, parserOpts ...jwt.ParserOption) (*jwt.Token, error)

ParseToken will attempt to parse and validate a raw token into a modeled type. If this method does not return an error, you can safely assume the provided raw token is safe for use.

func (AuthService) RealmIssuerConfiguration 

func (k AuthService) RealmIssuerConfiguration(ctx context.Context) (*RealmIssuerConfiguration, error)

RealmIssuerConfiguration returns metadata about the instance being connected to, such as the public key for token signing

func (AuthService) UMA2Configuration 

func (k AuthService) UMA2Configuration(ctx context.Context) (*UMA2Configuration, error)

UMA2Configuration returns UMA2 configuration metadata about a realm in the instance being connected to. This endpoint only exists in versions of newer than 4

type Client 

type Client struct {
	ID                           string                  `json:"id"`
	ClientID                     string                  `json:"clientId"`
	Name                         string                  `json:"name"`
	Description                  string                  `json:"description"`
	SurrogateAuthRequired        bool                    `json:"surrogateAuthRequired"`
	Enabled                      bool                    `json:"enabled"`
	ClientAuthenticatorType      string                  `json:"clientAuthenticatorType"`
	RedirectUris                 []string                `json:"redirectUris"`
	WebOrigins                   []string                `json:"webOrigins"`
	NotBefore                    int                     `json:"notBefore"`
	BearerOnly                   bool                    `json:"bearerOnly"`
	ConsentRequired              bool                    `json:"consentRequired"`
	StandardFlowEnabled          bool                    `json:"standardFlowEnabled"`
	ImplicitFlowEnabled          bool                    `json:"implicitFlowEnabled"`
	DirectAccessGrantsEnabled    bool                    `json:"directAccessGrantsEnabled"`
	ServiceAccountsEnabled       bool                    `json:"serviceAccountsEnabled"`
	AuthorizationServicesEnabled bool                    `json:"authorizationServicesEnabled"`
	PublicClient                 bool                    `json:"publicClient"`
	FrontchannelLogout           bool                    `json:"frontchannelLogout"`
	Protocol                     string                  `json:"protocol"`
	Attributes                   ClientAttributes        `json:"attributes"`
	FullScopeAllowed             bool                    `json:"fullScopeAllowed"`
	NodeReRegistrationTimeout    int                     `json:"nodeReRegistrationTimeout"`
	ProtocolMappers              []*ClientProtocolMapper `json:"protocolMappers"`
	UseTemplateConfig            bool                    `json:"useTemplateConfig"`
	UseTemplateScope             bool                    `json:"useTemplateScope"`
	UseTemplateMappers           bool                    `json:"useTemplateMappers"`
	Access                       *ClientAccess           `json:"access"`
}

type ClientAccess 

type ClientAccess struct {
	View      bool `json:"view,omitempty"`
	Configure bool `json:"configure,omitempty"`
	Manage    bool `json:"manage,omitempty"`
}

type ClientAttributes 

type ClientAttributes map[string]string // TODO: is this actually just a {"key":"value"}?  not a {"key":["values"]}?

type ClientCreate 

type ClientCreate struct {
	Attributes   ClientAttributes `json:"attributes"`
	ClientID     string           `json:"clientId"`
	Enabled      bool             `json:"enabled"`
	Protocol     string           `json:"protocol"`
	RedirectUris []string         `json:"redirectUris"`
}

type ClientProtocolMapper 

type ClientProtocolMapper struct {
	Config          *ClientProtocolMapperConfig `json:"config"`
	ConsentRequired bool                        `json:"consentRequired"`
	ConsentText     string                      `json:"consentText"`
	ID              string                      `json:"id"`
	Name            string                      `json:"name"`
	Protocol        string                      `json:"protocol"`
	ProtocolMapper  string                      `json:"protocolMapper"`
}

type ClientProtocolMapperConfig 

type ClientProtocolMapperConfig struct {
	AccessTokenClaim   string `json:"access.token.claim"`
	ClaimName          string `json:"claim.name"`
	IDTokenClaim       string `json:"id.token.claim"`
	JSONTypeLabel      string `json:"jsonType.label"`
	UserAttribute      string `json:"user.attribute"`
	UserInfoTokenClaim string `json:"userinfo.token.claim"`
}

type Clients 

type Clients []*Client

type ConfidentialClientTokenProvider 

type ConfidentialClientTokenProvider struct {
	// contains filtered or unexported fields
}

ConfidentialClientTokenProvider

This provider implements the TokenProviderClientAware interface, and is designed to take care of the complexity of managing a confidential client token for you.

Easiest way to implement would be the following: 

conf := keycloak.ConfidentialClientTokenProviderConfig {
	ID: {id document}
}
tp, err := keycloak.NewConfidentialClientTokenProvider(&conf)
if err != nil {
	panic(err.Error())
}
apiClient, err := keycloak.NewAPIClient(&keycloak.APIClientConfig{TokenProvider: tp})

Now, every request called off of the APIClient will be automatically decorated with the correct bearer token, assuming your install document is valid.

func NewConfidentialClientTokenProvider 

func NewConfidentialClientTokenProvider(conf *ConfidentialClientTokenProviderConfig) (*ConfidentialClientTokenProvider, error)

NewConfidentialClientTokenProvider will attempt to construct a new ConfidentialClientTokenProvider for you based on the provided configuration.

func (*ConfidentialClientTokenProvider) Expired 

func (tp *ConfidentialClientTokenProvider) Expired() bool

Expired will return true if the currently stored token has expired

func (*ConfidentialClientTokenProvider) Expiry 

func (tp *ConfidentialClientTokenProvider) Expiry() int64

Expiry returns a unix nano timestamp of when the current token, if defined, expires.

func (*ConfidentialClientTokenProvider) LastRefreshed 

func (tp *ConfidentialClientTokenProvider) LastRefreshed() int64

LastRefreshed returns a unix nano timestamp of the last time this client's bearer token was refreshed.

func (*ConfidentialClientTokenProvider) RefreshToken 

func (tp *ConfidentialClientTokenProvider) RefreshToken(ctx context.Context, client *APIClient) error

RefreshToken will try to do just that.

func (*ConfidentialClientTokenProvider) SetTokenValue 

func (tp *ConfidentialClientTokenProvider) SetTokenValue(ctx context.Context, client *APIClient) (context.Context, error)

SetTokenValue will first attempt to use the locally cached last-known-good token. If not defined or beyond the expiration window, it will call RefreshToken before attempting to set the context token value.

type ConfidentialClientTokenProviderConfig 

type ConfidentialClientTokenProviderConfig struct {
	// ID [optional] (required if IDKey left blank)
	//
	// If you already have a confidential client install document handy, you may pass it in here.
	ID *InstallDocument `json:"id"`

	// ExpiryMargin [optional]
	//
	// The margin of safety prior to the actual deadline of the internal token to go ahead and execute a refresh
	ExpiryMargin time.Duration `json:"expiryMargin"`
}

ConfidentialClientTokenProviderConfig must be provided to a new ConfidentialClientTokenProvider upon construction

type ConfigMutator 

type ConfigMutator func(*APIClientConfig)

ConfigMutator

ConfigMutator provides some flexibility when constructing a client

type DebugConfig 

type DebugConfig struct {
	// BaseRequestMutators [optional]
	//
	// Optional list of request mutators that will always be run before any other mutators
	BaseRequestMutators []RequestMutator

	// FinalRequestMutators [optional]
	//
	// Optional list of request mutators that will always be run after any other mutators
	FinalRequestMutators []RequestMutator
}

DebugConfig

This type contains configuration options that provide additional utility during testing or development, but should not be configured when in production use.

type EnvironmentIssuerProvider 

type EnvironmentIssuerProvider struct {
	// contains filtered or unexported fields
}

func NewEnvironmentIssuerProvider 

func NewEnvironmentIssuerProvider(varName string, insecure bool) *EnvironmentIssuerProvider

NewEnvironmentIssuerProvider will attempt to read the specified variable from the environment

func (*EnvironmentIssuerProvider) IssuerAddress 

func (ip *EnvironmentIssuerProvider) IssuerAddress() (string, error)

IssuerAddress will attempt to locate the environment variable set at construction time. If found, the value will be parsed as a url. Errors will be returned if the env var is not defined, is empty, or contains a non-url-parseable value.

type EventsResponse 

type EventsResponse struct {
	ClientID  string                 `json:"clientId,omitempty"`
	Details   *EventsResponseDetails `json:"details,omitempty"`
	Error     string                 `json:"error,omitempty"`
	IPAddress string                 `json:"ipAddress,omitempty"`
	RealmID   string                 `json:"realmId,omitempty"`
	Time      int                    `json:"time,omitempty"`
	Type      string                 `json:"type,omitempty"`
	UserID    string                 `json:"userId,omitempty"`
}

type EventsResponseDetails 

type EventsResponseDetails struct {
	AuthMethod  string `json:"auth_method,omitempty"`
	AuthType    string `json:"auth_type,omitempty"`
	CodeID      string `json:"code_id,omitempty"`
	RedirectURI string `json:"redirect_uri,omitempty"`
	Username    string `json:"username,omitempty"`
}

type Group 

type Group struct {
	Access      GroupAccess  `json:"access"`
	Attributes  KeyValuesMap `json:"attributes"`
	ClientRoles KeyValuesMap `json:"clientRoles"`
	ID          string       `json:"id"`
	Name        string       `json:"name"`
	Path        string       `json:"path"`
	RealmRoles  []string     `json:"realmRoles"`
	SubGroups   []*Group     `json:"subGroups"`
}

type GroupAccess 

type GroupAccess struct {
	Manage           bool `json:"manage"`
	ManageMembership bool `json:"manageMembership"`
	View             bool `json:"view"`
}

type GroupCreate 

type GroupCreate struct {
	Name string `json:"name"`
}

type Groups 

type Groups []*Group

type ImpersonationRequest 

type ImpersonationRequest struct {
	Realm string `json:"realm"`
	User  string `json:"user"`
}

type ImpersonationResponse 

type ImpersonationResponse struct {
	Redirect  string `json:"redirect"`
	SameRealm bool   `json:"sameRealm"`
}

type InstallDocument 

type InstallDocument struct {
	Realm         string            `json:"realm"`
	AuthServerURL string            `json:"auth-server-url"`
	SSLRequired   string            `json:"ssl-required"`
	Resource      string            `json:"resource"`
	Credentials   map[string]string `json:"credentials"`
}

Expect configuration in the json format offered from ks > client > installation

type IssuerProvider 

type IssuerProvider interface {
	// IssuerAddress must set the key defined by ContextKeyIssuerAddress in the context, returning a descriptive
	// error if it was unable to do so
	IssuerAddress() (string, error)
}

IssuerProvider defines a single-use provider that is used during the APIClient construction process and then discarded. It must return a usable HTTP address to execute API calls against or an error describing why it couldn't.

This provider is used once, and no references to it are kept around in the resulting client instance.

type KeyValuesMap 

type KeyValuesMap map[string][]string

type OpenIDConfiguration 

type OpenIDConfiguration struct {
	Issuer                                     string   `json:"issuer"`
	AuthorizationEndpoint                      string   `json:"authorization_endpoint"`
	TokenEndpoint                              string   `json:"token_endpoint"`
	TokenIntrospectionEndpoint                 string   `json:"token_introspection_endpoint"`
	UserinfoEndpoint                           string   `json:"userinfo_endpoint"`
	EndSessionEndpoint                         string   `json:"end_session_endpoint"`
	JwksURI                                    string   `json:"jwks_uri"`
	CheckSessionIframe                         string   `json:"check_session_iframe"`
	GrantTypesSupported                        []string `json:"grant_types_supported"`
	ResponseTypesSupported                     []string `json:"response_types_supported"`
	SubjectTypesSupported                      []string `json:"subject_types_supported"`
	IDTokenSigningAlgValuesSupported           []string `json:"id_token_signing_alg_values_supported"`
	UserinfoSigningAlgValuesSupported          []string `json:"userinfo_signing_alg_values_supported"`
	RequestObjectSigningAlgValuesSupported     []string `json:"request_object_signing_alg_values_supported"`
	ResponseModesSupported                     []string `json:"response_modes_supported"`
	RegistrationEndpoint                       string   `json:"registration_endpoint"`
	TokenEndpointAuthMethodsSupported          []string `json:"token_endpoint_auth_methods_supported"`
	TokenEndpointAuthSigningAlgValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported"`
	ClaimsSupported                            []string `json:"claims_supported"`
	ClaimTypesSupported                        []string `json:"claim_types_supported"`
	ClaimsParameterSupported                   bool     `json:"claims_parameter_supported"`
	ScopesSupported                            []string `json:"scopes_supported"`
	RequestParameterSupported                  bool     `json:"request_parameter_supported"`
	RequestURIParameterSupported               bool     `json:"request_uri_parameter_supported"`
}

type OpenIDConnectToken 

type OpenIDConnectToken struct {
	AccessToken      string `json:"access_token"`
	ExpiresIn        int    `json:"expires_in"`
	RefreshExpiresIn int    `json:"refresh_expires_in"`
	RefreshToken     string `json:"refresh_token"`
	TokenType        string `json:"token_type"`
	IdToken          string `json:"id_token"`
	NotBeforePolicy  int    `json:"not_before_policy"`
	SessionState     string `json:"session_state"`
}

Token payload returned from the TokenEndpoint

type OpenIDConnectTokenPermission added in v1.1.1 

type OpenIDConnectTokenPermission struct {
	Resource string
	Scope    string
}

func NewOpenIDConnectTokenPermission added in v1.1.1 

func NewOpenIDConnectTokenPermission(resource, scope string) OpenIDConnectTokenPermission

func (OpenIDConnectTokenPermission) MarshalText added in v1.1.1 

func (p OpenIDConnectTokenPermission) MarshalText() ([]byte, error)

func (*OpenIDConnectTokenPermission) UnmarshalText added in v1.1.1 

func (p *OpenIDConnectTokenPermission) UnmarshalText(b []byte) error

type OpenIDConnectTokenRequest 

type OpenIDConnectTokenRequest struct {
	// GrantType [required]
	GrantType string `json:"grant_type,omitempty" url:"grant_type,omitempty"`

	// Permission [optional] - Request specific access to "Resource#scope[,scope...]"
	Permissions []OpenIDConnectTokenPermission `json:"permission,omitempty" url:"permission,omitempty"`

	ClientID     string `json:"client_id,omitempty" url:"client_id,omitempty"`
	ClientSecret string `json:"client_secret,omitempty" url:"client_secret,omitempty"`

	ClientAssertionType string `json:"client_assertion_type,omitempty" url:"client_assertion_type,omitempty"`
	ClientAssertion     string `json:"client_assertion,omitempty" url:"client_assertion,omitempty"`

	SubjectToken     string `json:"subject_token,omitempty" url:"subject_token,omitempty"`
	SubjectIssuer    string `json:"subject_issuer,omitempty" url:"subject_issuer,omitempty"`
	SubjectTokenType string `json:"subject_token_type,omitempty" url:"subject_token_type,omitempty"`

	RequestedTokenType string `json:"requested_token_type,omitempty" url:"requested_token_type,omitempty"`

	Audience string `json:"audience,omitempty" url:"audience,omitempty"`

	RequestedIssuer  string `json:"requested_issuer,omitempty" url:"requested_issuer,omitempty"`
	RequestedSubject string `json:"requested_subject,omitempty" url:"requested_subject,omitempty"`

	// RequestingPartyToken - todo: what exactly does this look like...
	RequestingPartyToken string `json:"rpt,omitempty" url:"rpt,omitempty"`

	ResponseIncludeResourceName *bool `json:"response_include_resource_name,omitempty" url:"response_include_resource_name,omitempty"`

	ResponsePermissionsLimit *int `json:"response_permissions_limit,omitempty" url:"response_permissions_limit,omitempty"`

	// ResponseMode [optional] - Allowed values: ["decision", "permissions"]
	ResponseMode string `json:"response_mode,omitempty" url:"response_mode,omitempty"`

	SubmitRequest *bool `json:"submit_request,omitempty" url:"submit_request,omitempty"`
}

func NewOpenIDConnectTokenRequest added in v1.1.1 

func NewOpenIDConnectTokenRequest(grantType string, permissions ...OpenIDConnectTokenPermission) *OpenIDConnectTokenRequest

func (*OpenIDConnectTokenRequest) AddPermission added in v1.1.1 

func (r *OpenIDConnectTokenRequest) AddPermission(resource, scope string) *OpenIDConnectTokenRequest

AddPermission is a helper method to add a permission to the request. There is no concurrency protection, so use at your own risk.

type Permission 

type Permission struct {
	ID               string           `json:"id"`
	Name             string           `json:"name"`
	Type             string           `json:"type"`
	Logic            string           `json:"logic"`
	DecisionStrategy string           `json:"decisionStrategy"`
	Config           PermissionConfig `json:"config"`
	Description      string           `json:"description,omitempty"`
}

Permission is returned by the "PermissionPath" overview call

type PermissionConfig 

type PermissionConfig map[string]interface{}

TODO: Model this

type PermissionMap 

type PermissionMap map[string]*Permission

type PermissionScope 

type PermissionScope struct {
	ID               string   `json:"id,omitempty"`
	Name             string   `json:"name,omitempty"`
	Description      string   `json:"description,omitempty"`
	Type             string   `json:"type,omitempty"`
	Policies         []string `json:"policies,omitempty"`
	Resources        []string `json:"resources,omitempty"`
	Scopes           []string `json:"scopes,omitempty"`
	Logic            string   `json:"logic,omitempty"`
	DecisionStrategy string   `json:"decisionStrategy,omitempty"`
}

type Policies 

type Policies []*Policy

func (Policies) Len 

func (list Policies) Len() int

Implement sort.Interface for Policies

func (Policies) Less 

func (list Policies) Less(i, j int) bool

func (Policies) Swap 

func (list Policies) Swap(i, j int)

type Policy 

type Policy struct {
	ID               string       `json:"id,omitempty"`
	Name             string       `json:"name,omitempty"`
	Type             string       `json:"type,omitempty"`
	Logic            string       `json:"logic,omitempty"`
	DecisionStrategy string       `json:"decisionStrategy,omitempty"`
	Config           PolicyConfig `json:"config,omitempty"`
	Description      string       `json:"description,omitempty"`
}

type PolicyConfig 

type PolicyConfig struct {
	Roles Roles `json:"roles"`
}

func (*PolicyConfig) UnmarshalJSON 

func (conf *PolicyConfig) UnmarshalJSON(buf []byte) error

UnmarshalJSON is a custom decoder for the string-encoded json policy config payload

type PolicyMap 

type PolicyMap map[string]*Policy

func (PolicyMap) IDs 

func (m PolicyMap) IDs() []string

type PublicKeyCache 

type PublicKeyCache interface {
	// Load must attempt to retrieve a the processed public key for the issuer's realm
	Load(issuerHost, realm string) (interface{}, bool)

	// Store must attempt to persist the provided pk into cache for the specified duration.  Any ttl value of 0 or less
	// must be considered "infinite"
	Store(issueHost, realm string, pk interface{}, ttl time.Duration)

	// Remove must immediately render a cached public key no longer usable. It must block until removal has been
	// completed.
	Remove(issuerHost, realm string) bool

	// List must return a list of all currently cached public key keys in a map with a structure of
	// {"issuer": {"realm1": time.Time(expiry)}}
	// if the returned time.Time instance is zero, then it must be assumed the entry will never expire.
	List() map[string]map[string]time.Time

	// Flush must immediately render all cached public keys defunct, blocking until cache has been flushed.
	Flush()
}

PublicKeyCache

This type is used to store and retrieve processed public keys on a per-realm per-issuer basis, allowing for more efficient multi-realm functionality within the client

func GlobalPublicKeyCache 

func GlobalPublicKeyCache() PublicKeyCache

GlobalPublicKeyCache returns the instance of the global public key cache used by default when creating clients

func NewDebugPublicKeyCache 

func NewDebugPublicKeyCache() PublicKeyCache

NewDebugPublicKeyCache will return an implementation that ignores all TTL values, storing items indefinitely in an internal map. Recommended only for use during debugging.

type Realm 

type Realm struct {
	AccessCodeLifespan                  int                          `json:"accessCodeLifespan,omitempty"`
	AccessCodeLifespanLogin             int                          `json:"accessCodeLifespanLogin,omitempty"`
	AccessCodeLifespanUserAction        int                          `json:"accessCodeLifespanUserAction,omitempty"`
	AccessTokenLifespan                 int                          `json:"accessTokenLifespan,omitempty"`
	AccessTokenLifespanForImplicitFlow  int                          `json:"accessTokenLifespanForImplicitFlow,omitempty"`
	AccountTheme                        string                       `json:"accountTheme,omitempty"`
	ActionTokenGeneratedByAdminLifespan int                          `json:"actionTokenGeneratedByAdminLifespan,omitempty"`
	ActionTokenGeneratedByUserLifespan  int                          `json:"actionTokenGeneratedByUserLifespan,omitempty"`
	AdminEventsDetailsEnabled           bool                         `json:"adminEventsDetailsEnabled,omitempty"`
	AdminEventsEnabled                  bool                         `json:"adminEventsEnabled,omitempty"`
	Attributes                          *RealmAttributes             `json:"attributes,omitempty"`
	BrowserFlow                         string                       `json:"browserFlow,omitempty"`
	BrowserSecurityHeaders              *RealmBrowserSecurityHeaders `json:"browserSecurityHeaders,omitempty"`
	BruteForceProtected                 bool                         `json:"bruteForceProtected,omitempty"`
	ClientAuthenticationFlow            string                       `json:"clientAuthenticationFlow,omitempty"`
	DefaultRoles                        []string                     `json:"defaultRoles,omitempty"`
	DirectGrantFlow                     string                       `json:"directGrantFlow,omitempty"`
	DisplayName                         string                       `json:"displayName,omitempty"`
	DisplayNameHTML                     string                       `json:"displayNameHtml,omitempty"`
	DockerAuthenticationFlow            string                       `json:"dockerAuthenticationFlow,omitempty"`
	DuplicateEmailsAllowed              bool                         `json:"duplicateEmailsAllowed,omitempty"`
	EditUsernameAllowed                 bool                         `json:"editUsernameAllowed,omitempty"`
	Enabled                             bool                         `json:"enabled,omitempty"`
	EnabledEventTypes                   []string                     `json:"enabledEventTypes,omitempty"`
	EventsEnabled                       bool                         `json:"eventsEnabled,omitempty"`
	EventsExpiration                    int                          `json:"eventsExpiration,omitempty"`
	EventsListeners                     []string                     `json:"eventsListeners,omitempty"`
	FailureFactor                       int                          `json:"failureFactor,omitempty"`
	ID                                  string                       `json:"id,omitempty"`
	IdentityProviders                   RealmIdentityProviders       `json:"identityProviders,omitempty"`
	InternationalizationEnabled         bool                         `json:"internationalizationEnabled,omitempty"`
	LoginTheme                          string                       `json:"loginTheme,omitempty"`
	LoginWithEmailAllowed               bool                         `json:"loginWithEmailAllowed,omitempty"`
	MaxDeltaTimeSeconds                 int                          `json:"maxDeltaTimeSeconds,omitempty"`
	MaxFailureWaitSeconds               int                          `json:"maxFailureWaitSeconds,omitempty"`
	MinimumQuickLoginWaitSeconds        int                          `json:"minimumQuickLoginWaitSeconds,omitempty"`
	NotBefore                           int                          `json:"notBefore,omitempty"`
	OfflineSessionIdleTimeout           int                          `json:"offlineSessionIdleTimeout,omitempty"`
	OtpPolicyAlgorithm                  string                       `json:"otpPolicyAlgorithm,omitempty"`
	OtpPolicyDigits                     int                          `json:"otpPolicyDigits,omitempty"`
	OtpPolicyInitialCounter             int                          `json:"otpPolicyInitialCounter,omitempty"`
	OtpPolicyLookAheadWindow            int                          `json:"otpPolicyLookAheadWindow,omitempty"`
	OtpPolicyPeriod                     int                          `json:"otpPolicyPeriod,omitempty"`
	OtpPolicyType                       string                       `json:"otpPolicyType,omitempty"`
	PermanentLockout                    bool                         `json:"permanentLockout,omitempty"`
	QuickLoginCheckMilliSeconds         int                          `json:"quickLoginCheckMilliSeconds,omitempty"`
	Realm                               string                       `json:"realm,omitempty"`
	RefreshTokenMaxReuse                int                          `json:"refreshTokenMaxReuse,omitempty"`
	RegistrationAllowed                 bool                         `json:"registrationAllowed,omitempty"`
	RegistrationEmailAsUsername         bool                         `json:"registrationEmailAsUsername,omitempty"`
	RegistrationFlow                    string                       `json:"registrationFlow,omitempty"`
	RememberMe                          bool                         `json:"rememberMe,omitempty"`
	RequiredCredentials                 []string                     `json:"requiredCredentials,omitempty"`
	ResetCredentialsFlow                string                       `json:"resetCredentialsFlow,omitempty"`
	ResetPasswordAllowed                bool                         `json:"resetPasswordAllowed,omitempty"`
	RevokeRefreshToken                  bool                         `json:"revokeRefreshToken,omitempty"`
	SMTPServer                          *RealmSMTPServer             `json:"smtpServer,omitempty"`
	SslRequired                         string                       `json:"sslRequired,omitempty"`
	SsoSessionIdleTimeout               int                          `json:"ssoSessionIdleTimeout,omitempty"`
	SsoSessionMaxLifespan               int                          `json:"ssoSessionMaxLifespan,omitempty"`
	SupportedLocales                    []string                     `json:"supportedLocales,omitempty"`
	VerifyEmail                         bool                         `json:"verifyEmail,omitempty"`
	WaitIncrementSeconds                int                          `json:"waitIncrementSeconds,omitempty"`
}

type RealmAttributes 

type RealmAttributes struct {
	XBrowserHeaderContentSecurityPolicy string `json:"_browser_header.contentSecurityPolicy,omitempty"`
	XBrowserHeaderXContentTypeOptions   string `json:"_browser_header.xContentTypeOptions,omitempty"`
	XBrowserHeaderXFrameOptions         string `json:"_browser_header.xFrameOptions,omitempty"`
	XBrowserHeaderXRobotsTag            string `json:"_browser_header.xRobotsTag,omitempty"`
	XBrowserHeaderXXSSProtection        string `json:"_browser_header.xXSSProtection,omitempty"`
	ActionTokenGeneratedByAdminLifespan string `json:"actionTokenGeneratedByAdminLifespan,omitempty"`
	ActionTokenGeneratedByUserLifespan  string `json:"actionTokenGeneratedByUserLifespan,omitempty"`
	BruteForceProtected                 string `json:"bruteForceProtected,omitempty"`
	DisplayName                         string `json:"displayName,omitempty"`
	DisplayNameHTML                     string `json:"displayNameHtml,omitempty"`
	FailureFactor                       string `json:"failureFactor,omitempty"`
	MaxDeltaTimeSeconds                 string `json:"maxDeltaTimeSeconds,omitempty"`
	MaxFailureWaitSeconds               string `json:"maxFailureWaitSeconds,omitempty"`
	MinimumQuickLoginWaitSeconds        string `json:"minimumQuickLoginWaitSeconds,omitempty"`
	PermanentLockout                    string `json:"permanentLockout,omitempty"`
	QuickLoginCheckMilliSeconds         string `json:"quickLoginCheckMilliSeconds,omitempty"`
	WaitIncrementSeconds                string `json:"waitIncrementSeconds,omitempty"`
}

type RealmBrowserSecurityHeaders 

type RealmBrowserSecurityHeaders struct {
	ContentSecurityPolicy string `json:"contentSecurityPolicy,omitempty"`
	XContentTypeOptions   string `json:"xContentTypeOptions,omitempty"`
	XFrameOptions         string `json:"xFrameOptions,omitempty"`
	XRobotsTag            string `json:"xRobotsTag,omitempty"`
	XXSSProtection        string `json:"xXSSProtection,omitempty"`
}

type RealmIdentityProvider 

type RealmIdentityProvider struct {
	AddReadTokenRoleOnCreate    bool                         `json:"addReadTokenRoleOnCreate,omitempty"`
	Alias                       string                       `json:"alias,omitempty"`
	AuthenticateByDefault       bool                         `json:"authenticateByDefault,omitempty"`
	Config                      *RealmIdentityProviderConfig `json:"config,omitempty"`
	DisplayName                 string                       `json:"displayName,omitempty"`
	Enabled                     bool                         `json:"enabled,omitempty"`
	FirstBrokerLoginFlowAlias   string                       `json:"firstBrokerLoginFlowAlias,omitempty"`
	InternalID                  string                       `json:"internalId,omitempty"`
	LinkOnly                    bool                         `json:"linkOnly,omitempty"`
	ProviderID                  string                       `json:"providerId,omitempty"`
	StoreToken                  bool                         `json:"storeToken,omitempty"`
	TrustEmail                  bool                         `json:"trustEmail,omitempty"`
	UpdateProfileFirstLoginMode string                       `json:"updateProfileFirstLoginMode,omitempty"`
}

type RealmIdentityProviderConfig 

type RealmIdentityProviderConfig struct {
	AuthorizationURL     string `json:"authorizationUrl,omitempty"`
	BackchannelSupported string `json:"backchannelSupported,omitempty"`
	ClientID             string `json:"clientId,omitempty"`
	ClientSecret         string `json:"clientSecret,omitempty"`
	DefaultScope         string `json:"defaultScope,omitempty"`
	DisableUserInfo      string `json:"disableUserInfo,omitempty"`
	HideOnLoginPage      string `json:"hideOnLoginPage,omitempty"`
	LoginHint            string `json:"loginHint,omitempty"`
	TokenURL             string `json:"tokenUrl,omitempty"`
	UseJwksURL           string `json:"useJwksUrl,omitempty"`
	UserIP               string `json:"userIp,omitempty"`
	ValidateSignature    string `json:"validateSignature,omitempty"`
}

type RealmIdentityProviders 

type RealmIdentityProviders []*RealmIdentityProvider

type RealmIssuerConfiguration 

type RealmIssuerConfiguration struct {
	Realm           string `json:"realm"`
	PublicKey       string `json:"public_key"`
	TokenService    string `json:"token-service"`
	AccountService  string `json:"account-service"`
	AdminAPI        string `json:"admin-api"`
	TokensNotBefore int    `json:"tokens-not-before"`
}

type RealmProvider 

type RealmProvider interface {
	// SetRealmValue MUST either return a context with the realm key defined, or the original context with an error
	// describing why it was unable to do so.  It must also defer to any pre-defined key value already present in the
	// context.
	SetRealmValue(context.Context) (context.Context, error)
}

RealmProvider

This interface describes any implementation that can provide a realm name to the given context

func ContextRealmProvider 

func ContextRealmProvider() RealmProvider

ContextRealmProvider

This is the simplest and default RealmProvider. It simply checks for the existence of the realm key on the given context, returning an error if it does not exist. This requires that you define the realm in the context yourself.

type RealmSMTPServer 

type RealmSMTPServer struct {
	Auth               string `json:"auth,omitempty"`
	EnvelopeFrom       string `json:"envelopeFrom,omitempty"`
	From               string `json:"from,omitempty"`
	FromDisplayName    string `json:"fromDisplayName,omitempty"`
	Host               string `json:"host,omitempty"`
	ReplyTo            string `json:"replyTo,omitempty"`
	ReplyToDisplayName string `json:"replyToDisplayName,omitempty"`
	Ssl                string `json:"ssl,omitempty"`
	Starttls           string `json:"starttls,omitempty"`
}

type Request 

type Request struct {
	*http.Request
	// contains filtered or unexported fields
}

func NewRequestWithContext 

func NewRequestWithContext(ctx context.Context, method, uri string, body io.Reader) (*Request, error)

func (*Request) Query 

func (r *Request) Query() url.Values

type RequestMutator 

type RequestMutator func(*Request) error

RequestMutator

This callback func type allows you to modify any *http.Request executed by the client in this package once it has been built.

func HeaderMutator 

func HeaderMutator(k, v string, override bool) RequestMutator

HeaderMutator returns a RequestMutator that will add or override a value in the header of the request

func QueryMutator 

func QueryMutator(k, v string, override bool) RequestMutator

QueryMutator will return a RequestMutator that either sets or adds a query parameter and value

func ValuedHeaderMutator 

func ValuedHeaderMutator(k string, v interface{}, override bool) RequestMutator

ValuedHeaderMutator returns a RequestMutator that will add or override a value in the header of a request, given the provided value is "valued"

func ValuedQueryMutator 

func ValuedQueryMutator(k string, v interface{}, override bool) RequestMutator

ValuedQueryMutator will return a RequestMutator only if v is a non-zero value of its type

type Resource 

type Resource struct {
	Name   string         `json:"name,omitempty"`
	Type   string         `json:"type,omitempty"`
	Scopes ResourceScopes `json:"scopes"`
	Owner  *ResourceOwner `json:"owner,omitempty"`
	ID     string         `json:"_id,omitempty"`
}

type ResourceMap 

type ResourceMap map[string]*Resource

func (ResourceMap) IDs 

func (m ResourceMap) IDs() []string

type ResourceOwner 

type ResourceOwner struct {
	ID   string `json:"id,omitempty"`
	Name string `json:"name,omitempty"`
}

type ResourceScope 

type ResourceScope struct {
	ID   string `json:"id,omitempty"`
	Name string `json:"name,omitempty"`
}

type ResourceScopes 

type ResourceScopes []*ResourceScope

type ResourceServer 

type ResourceServer struct {
	ID                            string    `json:"id"`
	ClientID                      string    `json:"clientId"`
	Name                          string    `json:"name"`
	AllowRemoteResourceManagement bool      `json:"allowRemoteResourceManagement"`
	PolicyEnforcementMode         string    `json:"policyEnforcementMode"`
	Resources                     Resources `json:"resources"`
	Policies                      Policies  `json:"policies"`
	Scopes                        Scopes    `json:"scopes"`
}

type Resources 

type Resources []*Resource

type Role 

type Role struct {
	ID                 string `json:"id,omitempty"`
	Name               string `json:"name,omitempty"`
	Parent             string `json:"parent,omitempty"`
	Description        string `json:"description,omitempty"`
	Logic              string `json:"logic,omitempty"`
	DecisionStrategy   string `json:"decisionStrategy,omitempty"`
	ScopeParamRequired bool   `json:"scopeParamRequired"`
	Composite          bool   `json:"composite,omitempty"`
	Client             string `json:"client,omitempty"`
	ClientRole         bool   `json:"clientRole,omitempty"`
	ContainerID        string `json:"containerId,omitempty"`
	Type               string `json:"type,omitempty"`
	Required           bool   `json:"required,omitempty"`
	Mappings           Roles  `json:"mappings,omitempty"`
}

type RoleMap 

type RoleMap map[string]*Role

type RoleMapping 

type RoleMapping struct {
	RealmMappings  Roles   `json:"realmMappings,omitempty"`
	ClientMappings RoleMap `json:"clientMappings,omitempty"`
}

type Roles 

type Roles []*Role

func (Roles) Len 

func (list Roles) Len() int

Implement sort.Interface for Role

func (Roles) Less 

func (list Roles) Less(i, j int) bool

func (Roles) Swap 

func (list Roles) Swap(i, j int)

type Scope 

type Scope struct {
	ID   string `json:"id,omitempty"`
	Name string `json:"name"`
}

type ScopeMap 

type ScopeMap map[string]*Scope

func (ScopeMap) IDs 

func (m ScopeMap) IDs() []string

func (ScopeMap) NamedIDs 

func (m ScopeMap) NamedIDs() ResourceScopes

type Scopes 

type Scopes []*Scope

func (Scopes) Len 

func (list Scopes) Len() int

Implement sort.Interface for Scope

func (Scopes) Less 

func (list Scopes) Less(i, j int) bool

func (Scopes) Swap 

func (list Scopes) Swap(i, j int)

type StaticIssuerProvider 

type StaticIssuerProvider string

StaticIssuerProvider

This IssuerProvider implementation always sets the same issuer address in each request, unless the context provided to the setter already contains an issuer address key

func NewStaticIssuerProvider 

func NewStaticIssuerProvider(issuerAddress string) StaticIssuerProvider

NewStaticIssuerProvider builds an IssuerProvider that will set the issuer address value provided to this constructor, unless the context provided to the setter already contains an an issuer address key

func NewStaticIssuerProviderWithURL 

func NewStaticIssuerProviderWithURL(purl *url.URL) StaticIssuerProvider

NewStaticIssuerProviderWithURL will construct a new StaticIssuerProvider using the provided *url.URL

func (StaticIssuerProvider) IssuerAddress 

func (ip StaticIssuerProvider) IssuerAddress() (string, error)

IssuerAddress will always set the issuer address to the value the StaticIssuerProvider was constructed with, unless the provided context already has an address value defined

type StaticRealmProvider 

type StaticRealmProvider string

StaticRealmProvider will set its value as the context's realm key if the incoming context does not already contain a realm key

func NewStaticRealmProvider 

func NewStaticRealmProvider(keycloakRealm string) StaticRealmProvider

NewStaticRealmProvider will return to you a type of RealmProvider that, given that the incoming context does not already have a realm defined, will always set it to the value provided to this constructor

func NewStaticRealmProviderFromEnvironment 

func NewStaticRealmProviderFromEnvironment(envKey string) StaticRealmProvider

NewStaticRealmProviderFromEnvironment will attempt to fetch the provided env key using os.GetEnv, creating a new StaticRealmProvider with that as the value.

func (StaticRealmProvider) SetRealmValue 

func (rp StaticRealmProvider) SetRealmValue(ctx context.Context) (context.Context, error)

SetRealmValue will attempt to locate a pre-existing realm key on the provided context, returning the original context if one is found. If not, it will return a new context with its own realm value defined.

type Time 

type Time time.Time

func (*Time) MarshalJSON 

func (k *Time) MarshalJSON() ([]byte, error)

func (*Time) UnmarshalJSON 

func (k *Time) UnmarshalJSON(b []byte) error

type TimedPublicKeyCache 

type TimedPublicKeyCache struct {
	// contains filtered or unexported fields
}

TimedPublicKeyCache

This is an implementation of a PublicKeyCache that utilizes a timed cached backend

func NewTimedPublicKeyCache 

func NewTimedPublicKeyCache(log zerolog.Logger, timedCacheMutators ...sclg.TimedCacheConfigMutator) *TimedPublicKeyCache

NewTimedPublicKeyCache will return a new PublicKeyCache using sclg.TimedCache as its backend

func (*TimedPublicKeyCache) Flush 

func (pkc *TimedPublicKeyCache) Flush()

func (*TimedPublicKeyCache) List 

func (pkc *TimedPublicKeyCache) List() map[string]map[string]time.Time

List will return a map of all issuer hostnames with their associated realm's that have a public key cached. The time value is the deadline after which the key will be removed from the cache. A zero-val time.Time instance must be interpreted as never-expiring entry.

func (*TimedPublicKeyCache) Load 

func (pkc *TimedPublicKeyCache) Load(issuerHost, realm string) (interface{}, bool)

Load will attempt to pull the specified cache item from the underlying TimedCache instance

func (*TimedPublicKeyCache) Remove 

func (pkc *TimedPublicKeyCache) Remove(issuerHost, realm string) bool

Remove will delete a cached parsed public key from the underlying TimedCache instance, returning true if an item was actually deleted

func (*TimedPublicKeyCache) Store 

func (pkc *TimedPublicKeyCache) Store(issuerHost, realm string, pk interface{}, ttl time.Duration)

Store will permanently persist the provided public key into the underlying TimedCache instance, overwriting any existing entry

type TokenIntrospectionResults added in v1.1.1 

type TokenIntrospectionResults struct {
	Permissions []TokenIntrospectionResultsPermission `json:"permissions"`
	Expires     int                                   `json:"exp"`
	NotBefore   int                                   `json:"nbf"`
	IssuedAt    int                                   `json:"iat"`
	Audience    string                                `json:"aud"`
	Active      bool                                  `json:"active"`
}

type TokenIntrospectionResultsPermission added in v1.1.1 

type TokenIntrospectionResultsPermission struct {
	ResourceID   string `json:"resource_id"`
	ResourceName string `json:"resource_name"`
}

type TokenParser 

type TokenParser interface {
	// Parse must attempt to validate the provided token was signed using the mechanism expected by the realm's issuer
	//
	// The context provided to this method will contain at least the following two keys:
	//	- keycloak_realm
	//	- issuer_address
	Parse(context.Context, *APIClient, *jwt.Token) (pk interface{}, err error)
}

TokenParser

type TokenProvider 

type TokenProvider interface {
	// SetTokenValue MUST either return a context with the token key defined, or the original context with an error
	// describing why it was unable to do so.  It must also defer to any pre-defined key value already present in the
	// context.
	SetTokenValue(context.Context, *APIClient) (context.Context, error)
}

TokenProvider

This interface describes any implementation that can provide a bearer token to the given context.

func ContextTokenProvider 

func ContextTokenProvider() TokenProvider

ContextTokenProvider

This is the simplest and default TokenProvider. It simply checks for the existence of the token key on the given context, returning an error if it does not exist. This requires that you define the token in the context yourself.

type UMA2Configuration 

type UMA2Configuration struct {
	AuthorizationEndpoint                      string   `json:"authorization_endpoint"`
	EndSessionEndpoint                         string   `json:"end_session_endpoint"`
	GrantTypesSupported                        []string `json:"grant_types_supported"`
	IntrospectionEndpoint                      string   `json:"introspection_endpoint"`
	Issuer                                     string   `json:"issuer"`
	JwksURI                                    string   `json:"jwks_uri"`
	PermissionEndpoint                         string   `json:"permission_endpoint"`
	PolicyEndpoint                             string   `json:"policy_endpoint"`
	RegistrationEndpoint                       string   `json:"registration_endpoint"`
	ResourceRegistrationEndpoint               string   `json:"resource_registration_endpoint"`
	ResponseModesSupported                     []string `json:"response_modes_supported"`
	ResponseTypesSupported                     []string `json:"response_types_supported"`
	ScopesSupported                            []string `json:"scopes_supported"`
	TokenEndpoint                              string   `json:"token_endpoint"`
	TokenEndpointAuthMethodsSupported          []string `json:"token_endpoint_auth_methods_supported"`
	TokenEndpointAuthSigningAlgValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported"`
	TokenIntrospectionEndpoint                 string   `json:"token_introspection_endpoint"`
}

type User 

type User struct {
	// these are editable
	Access          UserAccess   `json:"access"`
	Attributes      KeyValuesMap `json:"attributes"`
	Email           string       `json:"email"`
	EmailVerified   bool         `json:"emailVerified"`
	Enabled         bool         `json:"enabled"`
	FirstName       string       `json:"firstName"`
	LastName        string       `json:"lastName"`
	RequiredActions []string     `json:"requiredActions"`
	Username        string       `json:"username"`

	CreatedTimestamp           Time          `json:"createdTimestamp"`
	DisableableCredentialTypes []string      `json:"disableableCredentialTypes"`
	FederatedIdentities        []interface{} `json:"federatedIdentities"`
	ID                         string        `json:"id"`
	NotBefore                  Time          `json:"notBefore"`
	Totp                       bool          `json:"totp"`
}

type UserAccess 

type UserAccess struct {
	Impersonate           bool `json:"impersonate"`
	Manage                bool `json:"manage"`
	ManageGroupMembership bool `json:"manageGroupMembership"`
	MapRoles              bool `json:"mapRoles"`
	View                  bool `json:"view"`
}

type UserCreate 

type UserCreate struct {
	Attributes    KeyValuesMap `json:"attributes"`
	Email         string       `json:"email"`
	EmailVerified bool         `json:"emailVerified"`
	Enabled       bool         `json:"enabled"`
	Username      string       `json:"username"`
}

type Users 

type Users []*User

type ValuedParameterFormatterFunc 

type ValuedParameterFormatterFunc func(destination, name string, value interface{}) (formatted string, use bool)

ValuedParameterFormatter

This func is called inside the ValuedQueryMutator func to determine if and how the provided value will be added to a given request's query parameter string. 

var ValuedParameterFormatter ValuedParameterFormatterFunc = DefaultValuedParameterFormatter

ValuedParameterFormatter is called by the ValuedQueryParameter and ValuedHeaderFormatter funcs when determining if and how values should be added to a given request

type X509TokenParser 

type X509TokenParser struct {
	// contains filtered or unexported fields
}

func NewX509TokenParser 

func NewX509TokenParser(cacheTTL time.Duration) *X509TokenParser

func (*X509TokenParser) Parse 

func (xtp *X509TokenParser) Parse(ctx context.Context, client *APIClient, token *jwt.Token) (interface{}, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.