keycloak

package module
v2.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 17, 2024 License: MPL-2.0 Imports: 27 Imported by: 0

README

go-keycloak

Keycloak API client written in Golang

Documentation

Index

Constants

View Source 
const (
	HTTPpHeaderAuthorization = "Authorization"

	// grant type values
	GrantTypeCode              = "code"
	GrantTypeUMA2Ticket        = "urn:ietf:params:oauth:grant-type:uma-ticket"
	GrantTypeClientCredentials = "client_credentials"
	GrantTypeRefreshToken      = "refresh_token"

	// token type hint values
	TokenTypeHintRequestingPartyToken = "requesting_party_token"

	// response modes
	UMA2ResponseModeDecision    = "decision"
	UMA2ResponseModePermissions = "permissions"

	DecisionStrategyUnanimous   = "UNANIMOUS"
	DecisionStrategyAffirmative = "AFFIRMATIVE"
	DecisionStrategyPositive    = "POSITIVE"

	PermissionTypeResource = "resource"
	PermissionTypeRole     = "role"

	PolicyTypeRole       = "role"
	PolicyTypeJavascript = "js"
	PolicyTypeTime       = "time"

	LogicPositive = "POSITIVE"
	LogicNegative = "NEGATIVE"

	// DefaultTokenExpirationMargin will be used if you do not specify your own ExpiryMargin key in the config
	DefaultTokenExpirationMargin = 2 * time.Second
)
View Source 
const (
	ParameterDestinationQuery  = "query"
	ParameterDestinationHeader = "header"
)
View Source 
const PolicyTimeFormat = "2006-01-02 15:04:05"

Variables

View Source 
var ErrTokenExpired = errors.New("token has expired")

Functions

func ClaimsSource 

func ClaimsSource(claims jwt.Claims) (string, string, error)

func DefaultParameterFormatter 

func DefaultParameterFormatter(_, _ string, v interface{}) (value string, valued bool)

DefaultParameterFormatter provides some baseline value-to-string conversions. The 2nd argument must indicate whether the value is a zero-val of that type or not

func IsAPIError 

func IsAPIError(err error) bool

func IsTokenExpiredErr 

func IsTokenExpiredErr(err error) bool

func RegisterTokenParsers 

func RegisterTokenParsers(parsers ...TokenParser)

func RequestBearerToken 

func RequestBearerToken(request *http.Request) (string, bool)

RequestBearerToken attempts to extract the encoded "Bearer" token from the provided request's "Authorization" header

func SetRealmEnvironmentProvider 

func SetRealmEnvironmentProvider(prov RealmEnvironmentProvider)

func TokenSource 

func TokenSource(bt string) (string, string, error)

TokenSource performs an unverified parse of the token to extract the auth server url and realm values

Types

type APIClient 

type APIClient struct {
	// contains filtered or unexported fields
}

APIClient

This is the base client for interacting with a Keycloak instance

func NewAPIClient 

func NewAPIClient(config *APIClientConfig, mutators ...ConfigMutator) (*APIClient, error)

NewAPIClient will attempt to construct and return a APIClient to you

func (*APIClient) AdminClient 

func (c *APIClient) AdminClient(realmName string, ap AuthenticationProvider) *AdminAPIClient

AdminClient returns a new AdminAPIClient for the provided realm (does not have to be the same as the auth'd realm)

func (*APIClient) AuthServerURL 

func (c *APIClient) AuthServerURL() string

AuthServerURL will return the address of the issuer this client is targeting

func (*APIClient) CacheBackend 

func (c *APIClient) CacheBackend() CacheBackend

func (*APIClient) Call 

func (c *APIClient) Call(ctx context.Context, ap AuthenticationProvider, method, requestURL string, body interface{}, mutators ...APIRequestMutator) (*http.Response, error)

Call is a helper method that wraps the creation of an *APIRequest type and executes it.

func (*APIClient) Do 

func (c *APIClient) Do(ctx context.Context, req *APIRequest, mutators ...APIRequestMutator) (*http.Response, error)

func (*APIClient) JSONWebKeys 

func (c *APIClient) JSONWebKeys(ctx context.Context, realmName string, mutators ...APIRequestMutator) (*JSONWebKeySet, error)

func (*APIClient) Login 

func (c *APIClient) Login(ctx context.Context, req *OpenIDConnectTokenRequest, realmName string, mutators ...APIRequestMutator) (*OpenIDConnectToken, error)

func (*APIClient) OpenIDConfiguration 

func (c *APIClient) OpenIDConfiguration(ctx context.Context, realmName string, mutators ...APIRequestMutator) (*OpenIDConfiguration, error)

OpenIDConfiguration returns well-known open-id configuration values for the provided realm

func (*APIClient) ParseRequestToken 

func (c *APIClient) ParseRequestToken(ctx context.Context, request *http.Request, claimsType jwt.Claims, parserOpts ...jwt.ParserOption) (*jwt.Token, error)

ParseRequestToken attempts to extract the encoded bearer token from the provided request and parse it into a modeled access token type

func (*APIClient) ParseToken 

func (c *APIClient) ParseToken(ctx context.Context, rawToken string, claimsType jwt.Claims, opts ...jwt.ParserOption) (*jwt.Token, error)

ParseToken will attempt to parse and validate a raw token into a modeled type. If this method does not return an error, you can safely assume the provided raw token is safe for use.

func (*APIClient) RealmEnvironment 

func (c *APIClient) RealmEnvironment(ctx context.Context, realmName string) (*RealmEnvironment, error)

func (*APIClient) RealmIssuerConfiguration 

func (c *APIClient) RealmIssuerConfiguration(ctx context.Context, realmName string, mutators ...APIRequestMutator) (*RealmIssuerConfiguration, error)

RealmIssuerConfiguration returns metadata about the keycloak realm instance being connected to, such as the public key for token signing.

func (*APIClient) TokenService 

func (c *APIClient) TokenService() *TokenService

func (*APIClient) UMA2Configuration 

func (c *APIClient) UMA2Configuration(ctx context.Context, realmName string, mutators ...APIRequestMutator) (*UMA2Configuration, error)

UMA2Configuration returns well-known uma2 configuration values for the provided realm, assuming you are running keycloak > 3.4

type APIClientConfig 

type APIClientConfig struct {
	// AuthServerURLProvider [required]
	//
	// This is called once during client initialization to determine the target keycloak instance
	AuthServerURLProvider AuthServerURLProvider

	// CacheBackend [optional]
	//
	// Optionally provide your own cache implementation.  This cache is used, by default, for realm environment and
	// parsed public key data.
	CacheBackend CacheBackend

	// HTTPClient [optional]
	//
	// Set if you wish to use a specific http client configuration.  Otherwise, one will be created using
	// cleanhttp.DefaultClient()
	HTTPClient *http.Client

	// Debug [optional]
	//
	// Optional configurations aimed to ease debugging
	Debug *DebugConfig
}

APIClientConfig

This is the configuration container for a APIClient. See individual comments on fields for more details.

func CompileAPIClientConfig 

func CompileAPIClientConfig(provided *APIClientConfig, mutators ...ConfigMutator) *APIClientConfig

func DefaultAPIClientConfig 

func DefaultAPIClientConfig() *APIClientConfig

type APIError 

type APIError struct {
	SuccessCode int `json:"success_code"`

	ResponseCode    int         `json:"response_code"`
	ResponseStatus  string      `json:"response_status"`
	ResponseHeaders http.Header `json:"response_headers"`

	Err            string `json:"error"`
	ErrDescription string `json:"error_description"`
}

func (*APIError) Error 

func (e *APIError) Error() string

type APIRequest 

type APIRequest struct {
	// contains filtered or unexported fields
}

func NewAPIRequest 

func NewAPIRequest(method, requestURL string) *APIRequest

func (*APIRequest) AddCookie 

func (r *APIRequest) AddCookie(cookie *http.Cookie)

func (*APIRequest) AddHeader 

func (r *APIRequest) AddHeader(name, value string)

func (*APIRequest) AddMultipartField 

func (r *APIRequest) AddMultipartField(key string, value interface{}) error

func (*APIRequest) AddMultipartFieldsFromValues 

func (r *APIRequest) AddMultipartFieldsFromValues(values url.Values) error

func (*APIRequest) AddMultipartFile 

func (r *APIRequest) AddMultipartFile(key, filename string, f io.Reader) error

func (*APIRequest) AddQueryParameter 

func (r *APIRequest) AddQueryParameter(param string, value string)

AddQueryParameter will add a value to the specified param

func (*APIRequest) Body 

func (r *APIRequest) Body() io.Reader

func (*APIRequest) BodyLen 

func (r *APIRequest) BodyLen() int

func (*APIRequest) BodyType 

func (r *APIRequest) BodyType() string

func (*APIRequest) CompiledURI 

func (r *APIRequest) CompiledURI() string

CompiledURI will return to you the full request URI, not including scheme, hostname, and port. This method is not thread safe, as you shouldn't be calling this asynchronously anyway.

func (*APIRequest) Cookies 

func (r *APIRequest) Cookies() []*http.Cookie

func (*APIRequest) Headers 

func (r *APIRequest) Headers() url.Values

func (*APIRequest) ID 

func (r *APIRequest) ID() uint64

func (*APIRequest) Method 

func (r *APIRequest) Method() string

func (*APIRequest) MultipartForm 

func (r *APIRequest) MultipartForm()

func (*APIRequest) PathParameters 

func (r *APIRequest) PathParameters() map[string]string

func (*APIRequest) QueryParameters 

func (r *APIRequest) QueryParameters() url.Values

QueryParameters will return all values of currently set query parameters

func (*APIRequest) RemoveCookie 

func (r *APIRequest) RemoveCookie(name string)

func (*APIRequest) RemoveHeader 

func (r *APIRequest) RemoveHeader(name string)

func (*APIRequest) RemovePathParameter 

func (r *APIRequest) RemovePathParameter(param string)

RemovePathParameter will attempt to remove a single parameter from the current list of path parameters

func (*APIRequest) RemoveQueryParameter 

func (r *APIRequest) RemoveQueryParameter(param string)

RemoveQueryParameter will attempt to delete all values for a specific query parameter from this request.

func (*APIRequest) SetBody 

func (r *APIRequest) SetBody(body interface{}) error

func (*APIRequest) SetCookie 

func (r *APIRequest) SetCookie(cookie *http.Cookie)

func (*APIRequest) SetCookies 

func (r *APIRequest) SetCookies(cookies []*http.Cookie)

func (*APIRequest) SetHeader 

func (r *APIRequest) SetHeader(name, value string)

func (*APIRequest) SetHeaders 

func (r *APIRequest) SetHeaders(headers url.Values)

func (*APIRequest) SetPathParameter 

func (r *APIRequest) SetPathParameter(param, value string)

SetPathParameter will define a path parameter value, overriding any existing value

func (*APIRequest) SetPathParameters 

func (r *APIRequest) SetPathParameters(params map[string]string)

SetPathParameters will re-define all path parameters, overriding any / all existing ones

func (*APIRequest) SetQueryParameter 

func (r *APIRequest) SetQueryParameter(param string, value string)

SetQueryParameter will set a query param to a specific value, overriding any previously set value

func (*APIRequest) SetQueryParameters 

func (r *APIRequest) SetQueryParameters(params url.Values)

SetQueryParameters will override any / all existing query parameters

func (*APIRequest) ToHTTP 

func (r *APIRequest) ToHTTP(ctx context.Context) (*http.Request, error)

ToHTTP will attempt to construct an executable http.request

func (*APIRequest) URI 

func (r *APIRequest) URI() string

type APIRequestMutator 

type APIRequestMutator func(*APIRequest) error

APIRequestMutator

This callback func type allows you to modify any *http.Request executed by the client in this package once it has been built.

func BasicAuthRequestMutator 

func BasicAuthRequestMutator(username, password string) APIRequestMutator

func BearerAuthRequestMutator 

func BearerAuthRequestMutator(rawToken string) APIRequestMutator

func HeaderMutator 

func HeaderMutator(k, v string, override bool) APIRequestMutator

HeaderMutator returns a APIRequestMutator that will add or override a value in the header of the request

func NonZeroHeaderMutator 

func NonZeroHeaderMutator(k string, v, def interface{}, override bool) APIRequestMutator

NonZeroHeaderMutator returns a APIRequestMutator that will add or override a value in the header of a request if v is a non-zero value of its type

func NonZeroQueryMutator 

func NonZeroQueryMutator(key string, value, defaultValue interface{}, override bool) APIRequestMutator

NonZeroQueryMutator will return a APIRequestMutator only if v is a non-zero value of its type

func QueryMutator 

func QueryMutator(key string, value interface{}, override bool) APIRequestMutator

QueryMutator will return a APIRequestMutator that either sets or adds a query parameter and value

type AdminAPIClient 

type AdminAPIClient struct {
	*APIClient
	// contains filtered or unexported fields
}

AdminAPIClient is a simple extension of the base APIClient, adding /admin api calls

func NewAdminAPIClient 

func NewAdminAPIClient(config *APIClientConfig, realmName string, ap AuthenticationProvider, mutators ...ConfigMutator) (*AdminAPIClient, error)

func NewAdminAPIClientWithInstallDocument 

func NewAdminAPIClientWithInstallDocument(id *InstallDocument, realmName string, mutators ...ConfigMutator) (*AdminAPIClient, error)

func NewAdminAPIClientWithProvider 

func NewAdminAPIClientWithProvider(cp CombinedProvider, realmName string, mutators ...ConfigMutator) (*AdminAPIClient, error)

func (*AdminAPIClient) AuthProvider 

func (c *AdminAPIClient) AuthProvider() AuthenticationProvider

func (*AdminAPIClient) ClientAuthzService 

func (c *AdminAPIClient) ClientAuthzService(clientID string) *AdminClientAuthzService

func (*AdminAPIClient) ClientsService 

func (c *AdminAPIClient) ClientsService() *AdminClientsService

func (*AdminAPIClient) GroupsService 

func (c *AdminAPIClient) GroupsService() *AdminGroupsService

func (*AdminAPIClient) RoleService 

func (c *AdminAPIClient) RoleService() *AdminRoleService

func (*AdminAPIClient) UserGroupsService 

func (c *AdminAPIClient) UserGroupsService(userID string) *AdminUserGroupsService

func (*AdminAPIClient) UserRoleMappingRealmsService 

func (c *AdminAPIClient) UserRoleMappingRealmsService(userID string) *AdminUserRoleMappingRealmsService

func (*AdminAPIClient) UserRoleMappingsService 

func (c *AdminAPIClient) UserRoleMappingsService(userID string) *AdminUserRoleMappingsService

func (*AdminAPIClient) UsersService 

func (c *AdminAPIClient) UsersService() *AdminUsersService

type AdminClientAuthzService 

type AdminClientAuthzService struct {
	// contains filtered or unexported fields
}

func (*AdminClientAuthzService) Overview 

func (cas *AdminClientAuthzService) Overview(ctx context.Context, mutators ...APIRequestMutator) (*ResourceServerOverview, error)

func (*AdminClientAuthzService) Permission 

func (cas *AdminClientAuthzService) Permission(ctx context.Context, permissionID string, mutators ...APIRequestMutator) (*Permission, error)

func (*AdminClientAuthzService) PermissionAssociatedPolicies 

func (cas *AdminClientAuthzService) PermissionAssociatedPolicies(ctx context.Context, permissionID string, mutators ...APIRequestMutator) (Policies, error)

func (*AdminClientAuthzService) PermissionCreate 

func (cas *AdminClientAuthzService) PermissionCreate(ctx context.Context, body *PermissionCreateUpdateRequest, mutators ...APIRequestMutator) (*Permission, error)

func (*AdminClientAuthzService) PermissionDelete 

func (cas *AdminClientAuthzService) PermissionDelete(ctx context.Context, permissionID string, mutators ...APIRequestMutator) error

func (*AdminClientAuthzService) PermissionUpdate 

func (cas *AdminClientAuthzService) PermissionUpdate(ctx context.Context, body *PermissionCreateUpdateRequest, mutators ...APIRequestMutator) error

func (*AdminClientAuthzService) Permissions 

func (cas *AdminClientAuthzService) Permissions(ctx context.Context, first, max int, mutators ...APIRequestMutator) (Permissions, error)

func (*AdminClientAuthzService) Policies 

func (cas *AdminClientAuthzService) Policies(ctx context.Context, permission bool, first, max int, mutators ...APIRequestMutator) (Policies, error)

func (*AdminClientAuthzService) Policy 

func (cas *AdminClientAuthzService) Policy(ctx context.Context, policyID string, mutators ...APIRequestMutator) (*Policy, error)

func (*AdminClientAuthzService) PolicyCreate 

func (cas *AdminClientAuthzService) PolicyCreate(ctx context.Context, body *PolicyCreateUpdateRequest, mutators ...APIRequestMutator) (*Policy, error)

func (*AdminClientAuthzService) PolicyDelete 

func (cas *AdminClientAuthzService) PolicyDelete(ctx context.Context, policyID string, mutators ...APIRequestMutator) error

func (*AdminClientAuthzService) PolicyDependents 

func (cas *AdminClientAuthzService) PolicyDependents(ctx context.Context, policyID string, mutators ...APIRequestMutator) (Policies, error)

func (*AdminClientAuthzService) PolicyProviders 

func (cas *AdminClientAuthzService) PolicyProviders(ctx context.Context, mutators ...APIRequestMutator) (PolicyProviders, error)

func (*AdminClientAuthzService) PolicySearch 

func (cas *AdminClientAuthzService) PolicySearch(ctx context.Context, name string, mutators ...APIRequestMutator) (*Policy, error)

func (*AdminClientAuthzService) PolicyUpdate 

func (cas *AdminClientAuthzService) PolicyUpdate(ctx context.Context, body *PolicyCreateUpdateRequest, mutators ...APIRequestMutator) error

func (*AdminClientAuthzService) Resource 

func (cas *AdminClientAuthzService) Resource(ctx context.Context, resourceID string, mutators ...APIRequestMutator) (*Resource, error)

func (*AdminClientAuthzService) ResourceCreate 

func (cas *AdminClientAuthzService) ResourceCreate(ctx context.Context, body *ResourceCreateUpdateRequest, mutators ...APIRequestMutator) (*AdminCreateResponse, error)

func (*AdminClientAuthzService) ResourceCreateAndGet 

func (cas *AdminClientAuthzService) ResourceCreateAndGet(ctx context.Context, body *ResourceCreateUpdateRequest, mutators ...APIRequestMutator) (*Resource, error)

func (*AdminClientAuthzService) ResourceDelete 

func (cas *AdminClientAuthzService) ResourceDelete(ctx context.Context, resourceID string, mutators ...APIRequestMutator) error

func (*AdminClientAuthzService) ResourcePermissions 

func (cas *AdminClientAuthzService) ResourcePermissions(ctx context.Context, resource string, mutators ...APIRequestMutator) (Permissions, error)

func (*AdminClientAuthzService) ResourceScope 

func (cas *AdminClientAuthzService) ResourceScope(ctx context.Context, resource, scopeID string, mutators ...APIRequestMutator) (*Scope, error)

func (*AdminClientAuthzService) ResourceScopes 

func (cas *AdminClientAuthzService) ResourceScopes(ctx context.Context, resource string, mutators ...APIRequestMutator) (Scopes, error)

func (*AdminClientAuthzService) ResourceSearch 

func (cas *AdminClientAuthzService) ResourceSearch(ctx context.Context, name string, mutators ...APIRequestMutator) (*Resource, error)

func (*AdminClientAuthzService) ResourceUpdate 

func (cas *AdminClientAuthzService) ResourceUpdate(ctx context.Context, body *ResourceCreateUpdateRequest, mutators ...APIRequestMutator) error

func (*AdminClientAuthzService) Resources 

func (cas *AdminClientAuthzService) Resources(ctx context.Context, deep bool, first, max int, mutators ...APIRequestMutator) (Resources, error)

func (*AdminClientAuthzService) ScopeCreate 

func (cas *AdminClientAuthzService) ScopeCreate(ctx context.Context, body *ScopeCreateUpdateRequest, mutators ...APIRequestMutator) (*Scope, error)

func (*AdminClientAuthzService) ScopeDelete 

func (cas *AdminClientAuthzService) ScopeDelete(ctx context.Context, scopeID string, mutators ...APIRequestMutator) error

func (*AdminClientAuthzService) ScopeSearch 

func (cas *AdminClientAuthzService) ScopeSearch(ctx context.Context, name string, mutators ...APIRequestMutator) (*Scope, error)

func (*AdminClientAuthzService) ScopeUpdate 

func (cas *AdminClientAuthzService) ScopeUpdate(ctx context.Context, body *ScopeCreateUpdateRequest, mutators ...APIRequestMutator) error

func (*AdminClientAuthzService) Scopes 

func (cas *AdminClientAuthzService) Scopes(ctx context.Context, deep bool, first, max int, name string, mutators ...APIRequestMutator) (Scopes, error)

type AdminClientsService 

type AdminClientsService struct {
	// contains filtered or unexported fields
}

func (*AdminClientsService) Create 

func (cs *AdminClientsService) Create(ctx context.Context, body *ClientCreateRequest, mutators ...APIRequestMutator) (*Client, error)

Create attempts to create a new client within

func (*AdminClientsService) CreateAndGet 

func (cs *AdminClientsService) CreateAndGet(ctx context.Context, body *ClientCreateRequest, mutators ...APIRequestMutator) (*Client, error)

func (*AdminClientsService) Delete 

func (cs *AdminClientsService) Delete(ctx context.Context, clientID string, mutators ...APIRequestMutator) error

func (*AdminClientsService) Get 

func (cs *AdminClientsService) Get(ctx context.Context, clientID string, mutators ...APIRequestMutator) (*Client, error)

Get attempts to return details about a specific Get in the Realm this client was created with

func (*AdminClientsService) List 

func (cs *AdminClientsService) List(ctx context.Context, clientID string, viewableOnly bool, first, max int, mutators ...APIRequestMutator) (Clients, error)

List attempts to return a list of all clients available in the Realm this client was created with

func (*AdminClientsService) Update 

func (cs *AdminClientsService) Update(ctx context.Context, client *Client, mutators ...APIRequestMutator) error

type AdminCreateResponse 

type AdminCreateResponse struct {
	ID string `json:"_id"`
}

type AdminGroupsService 

type AdminGroupsService struct {
	// contains filtered or unexported fields
}

func (*AdminGroupsService) Count 

func (gs *AdminGroupsService) Count(ctx context.Context, search string, top bool, mutators ...APIRequestMutator) (int, error)

func (*AdminGroupsService) Create 

func (gs *AdminGroupsService) Create(ctx context.Context, body GroupCreate, mutators ...APIRequestMutator) ([]string, error)

func (*AdminGroupsService) CreateAndGet 

func (gs *AdminGroupsService) CreateAndGet(ctx context.Context, body GroupCreate, mutators ...APIRequestMutator) (*Group, error)

func (*AdminGroupsService) CreateAndGetChild 

func (gs *AdminGroupsService) CreateAndGetChild(ctx context.Context, parentGroupID string, body GroupCreate, mutators ...APIRequestMutator) (*Group, error)

func (*AdminGroupsService) CreateChild 

func (gs *AdminGroupsService) CreateChild(ctx context.Context, parentGroupID string, body GroupCreate, mutators ...APIRequestMutator) ([]string, error)

func (*AdminGroupsService) Delete 

func (gs *AdminGroupsService) Delete(ctx context.Context, groupID string, mutators ...APIRequestMutator) error

func (*AdminGroupsService) Get 

func (gs *AdminGroupsService) Get(ctx context.Context, groupID string, mutators ...APIRequestMutator) (*Group, error)

func (*AdminGroupsService) List 

func (gs *AdminGroupsService) List(ctx context.Context, search string, first, max int, mutators ...APIRequestMutator) (Groups, error)

func (*AdminGroupsService) Members 

func (gs *AdminGroupsService) Members(ctx context.Context, groupID string, mutators ...APIRequestMutator) (Users, error)

func (*AdminGroupsService) Update 

func (gs *AdminGroupsService) Update(ctx context.Context, groupID string, group Group, mutators ...APIRequestMutator) error

type AdminRoleService 

type AdminRoleService struct {
	// contains filtered or unexported fields
}

func (*AdminRoleService) ClientRoleCreate 

func (rs *AdminRoleService) ClientRoleCreate(ctx context.Context, clientID string, body *RoleCreateRequest, mutators ...APIRequestMutator) ([]string, error)

func (*AdminRoleService) ClientRoleCreateAndGet 

func (rs *AdminRoleService) ClientRoleCreateAndGet(ctx context.Context, clientID string, body *RoleCreateRequest, mutators ...APIRequestMutator) (*Role, error)

func (*AdminRoleService) ClientRoleUsers 

func (rs *AdminRoleService) ClientRoleUsers(ctx context.Context, clientID, roleName string, first, max int, mutators ...APIRequestMutator) (Users, error)

func (*AdminRoleService) ClientRoles 

func (rs *AdminRoleService) ClientRoles(ctx context.Context, clientID string, first, max int, mutators ...APIRequestMutator) (Roles, error)

func (*AdminRoleService) Delete 

func (rs *AdminRoleService) Delete(ctx context.Context, roleID string, mutators ...APIRequestMutator) error

func (*AdminRoleService) Get 

func (rs *AdminRoleService) Get(ctx context.Context, roleID string, mutators ...APIRequestMutator) (*Role, error)

func (*AdminRoleService) RealmRoleCreate 

func (rs *AdminRoleService) RealmRoleCreate(ctx context.Context, body *RoleCreateRequest, mutators ...APIRequestMutator) ([]string, error)

func (*AdminRoleService) RealmRoleCreateAndGet 

func (rs *AdminRoleService) RealmRoleCreateAndGet(ctx context.Context, body *RoleCreateRequest, mutators ...APIRequestMutator) (*Role, error)

func (*AdminRoleService) RealmRoleUsers 

func (rs *AdminRoleService) RealmRoleUsers(ctx context.Context, roleName string, first, max int, mutators ...APIRequestMutator) (Users, error)

func (*AdminRoleService) RealmRoles 

func (rs *AdminRoleService) RealmRoles(ctx context.Context, first, max int, mutators ...APIRequestMutator) (Roles, error)

func (*AdminRoleService) Update 

func (rs *AdminRoleService) Update(ctx context.Context, body *Role, mutators ...APIRequestMutator) error

Update requires that ID be populated in body parameter

func (*AdminRoleService) UpdateAndGet 

func (rs *AdminRoleService) UpdateAndGet(ctx context.Context, body *Role, mutators ...APIRequestMutator) (*Role, error)

type AdminUserGroupsService 

type AdminUserGroupsService struct {
	// contains filtered or unexported fields
}

func (*AdminUserGroupsService) Add 

func (gs *AdminUserGroupsService) Add(ctx context.Context, groupID string, mutators ...APIRequestMutator) error

Add attempts to add the service user to the specified group

func (*AdminUserGroupsService) List 

func (gs *AdminUserGroupsService) List(ctx context.Context, mutators ...APIRequestMutator) (Groups, error)

List attempts to return the list of groups the provided User is a member of

func (*AdminUserGroupsService) Remove 

func (gs *AdminUserGroupsService) Remove(ctx context.Context, groupID string, mutators ...APIRequestMutator) error

Remove attempts to remove the service user from the specified group

type AdminUserRoleMappingRealmsService 

type AdminUserRoleMappingRealmsService struct {
	// contains filtered or unexported fields
}

func (*AdminUserRoleMappingRealmsService) Available 

func (rms *AdminUserRoleMappingRealmsService) Available(ctx context.Context, mutators ...APIRequestMutator) (Roles, error)

func (*AdminUserRoleMappingRealmsService) List 

func (rms *AdminUserRoleMappingRealmsService) List(ctx context.Context, mutators ...APIRequestMutator) (Roles, error)

type AdminUserRoleMappingsService 

type AdminUserRoleMappingsService struct {
	// contains filtered or unexported fields
}

func (*AdminUserRoleMappingsService) Get 

func (rms *AdminUserRoleMappingsService) Get(ctx context.Context, mutators ...APIRequestMutator) (*RoleMapping, error)

func (*AdminUserRoleMappingsService) RealmsService 

func (rms *AdminUserRoleMappingsService) RealmsService() *AdminUserRoleMappingRealmsService

type AdminUsersService 

type AdminUsersService struct {
	// contains filtered or unexported fields
}

func (*AdminUsersService) Count 

func (us *AdminUsersService) Count(ctx context.Context, mutators ...APIRequestMutator) (int, error)

Count attempts to get a count of all users currently in a keycloak realm

func (*AdminUsersService) Create 

func (us *AdminUsersService) Create(ctx context.Context, user *UserCreate, mutators ...APIRequestMutator) ([]string, error)

Create attempts to add a user to a keycloak realm

func (*AdminUsersService) Delete 

func (us *AdminUsersService) Delete(ctx context.Context, userID string, mutators ...APIRequestMutator) error

Delete attempts to delete a user from the keycloak realm

func (*AdminUsersService) Get 

func (us *AdminUsersService) Get(ctx context.Context, userID string, mutators ...APIRequestMutator) (*User, error)

Get attempts to query for a specific user based on their InstallDocument

func (*AdminUsersService) GroupsService 

func (us *AdminUsersService) GroupsService(userID string) *AdminUserGroupsService

func (*AdminUsersService) List 

func (us *AdminUsersService) List(ctx context.Context, email, firstName, lastName, username, search string, first, max int, mutators ...APIRequestMutator) (Users, error)

List attempts to retrieve a list of users from

func (*AdminUsersService) RoleMappingService 

func (us *AdminUsersService) RoleMappingService(userID string) *AdminUserRoleMappingsService

func (*AdminUsersService) Update 

func (us *AdminUsersService) Update(ctx context.Context, userID string, user *User, mutators ...APIRequestMutator) error

Update attempts to push an updated user definition

type AuthServerURLProvider 

type AuthServerURLProvider interface {
	// AuthServerURL must set the key defined by ContextKeyIssuerAddress in the context, returning a descriptive
	// error if it was unable to do so
	AuthServerURL() (string, error)
}

AuthServerURLProvider defines a single-user provider that is called once during client initialization, and is expected to return the full address and any path prefix for the target keycloak server.

For example, if your hostname is example.com and you have keycloak behind a proxy that looks for the "/auth" path, the value returned from this must be "https://example.com/auth", or an error.

type AuthenticationProvider 

type AuthenticationProvider interface {
	// RequestMutators must return the list of mutators necessary to decorate a request with a usable credential or fail
	// with an error
	RequestMutators(context.Context, *APIClient) ([]APIRequestMutator, error)
}

type BearerTokenProvider 

type BearerTokenProvider string

func NewBearerTokenProvider 

func NewBearerTokenProvider(bearerToken string) BearerTokenProvider

NewBearerTokenProvider returns a AuthenticationProvider implementation that returns a fixed token value.

func NewBearerTokenProviderFromRequest 

func NewBearerTokenProviderFromRequest(request *http.Request) (BearerTokenProvider, error)

func (BearerTokenProvider) RequestMutators 

func (p BearerTokenProvider) RequestMutators(_ context.Context, _ *APIClient) ([]APIRequestMutator, error)

type CacheBackend 

type CacheBackend interface {
	Load(key interface{}) (value interface{}, ok bool)
	StoreUntil(key, value interface{}, deadline time.Time)
	Delete(key interface{})
	Flush() int
}

func NewNoopCache 

func NewNoopCache() CacheBackend

NewNoopCache will return to you a cache instance that will entirely disable all caching within the client. Not recommended for production use

func NewPersistentCache 

func NewPersistentCache() CacheBackend

NewPersistentCache returns a CacheBackend implementation that stores items indefinitely until explicitly deleted. Not recommended for production use.

type Client 

type Client struct {
	Access                       ClientAccess           `json:"access"`
	AdminURL                     string                 `json:"adminUrl"`
	Attributes                   KeyValueMap            `json:"attributes"`
	AuthorizationServicesEnabled bool                   `json:"authorizationServicesEnabled"`
	BearerOnly                   bool                   `json:"bearerOnly"`
	ClientAuthenticatorType      string                 `json:"clientAuthenticatorType"`
	ClientID                     string                 `json:"clientId"`
	ConsentRequired              bool                   `json:"consentRequired"`
	Description                  string                 `json:"description"`
	DirectAccessGrantsEnabled    bool                   `json:"directAccessGrantsEnabled"`
	Enabled                      bool                   `json:"enabled"`
	FrontChannelLogout           bool                   `json:"frontchannelLogout"`
	FullScopeAllowed             bool                   `json:"fullScopeAllowed"`
	ID                           string                 `json:"id"`
	ImplicitFlowEnabled          bool                   `json:"implicitFlowEnabled"`
	Name                         string                 `json:"name"`
	NodeReRegistrationTimeout    int                    `json:"nodeReRegistrationTimeout"`
	NotBefore                    int                    `json:"notBefore"`
	Protocol                     string                 `json:"protocol"`
	ProtocolMappers              []ClientProtocolMapper `json:"protocolMappers"`
	PublicClient                 bool                   `json:"publicClient"`
	RedirectURIs                 []string               `json:"redirectUris"`
	RootURL                      string                 `json:"rootUrl"`
	ServiceAccountsEnabled       bool                   `json:"serviceAccountsEnabled"`
	StandardFlowEnabled          bool                   `json:"standardFlowEnabled"`
	SurrogateAuthRequired        bool                   `json:"surrogateAuthRequired"`
	WebOrigins                   []string               `json:"webOrigins"`
}

type ClientAccess 

type ClientAccess struct {
	View      bool `json:"view,omitempty"`
	Configure bool `json:"configure,omitempty"`
	Manage    bool `json:"manage,omitempty"`
}

type ClientCreateRequest 

type ClientCreateRequest struct {
	ClientID     string   `json:"clientId"`
	Enabled      bool     `json:"enabled"`
	Protocol     string   `json:"protocol"`
	RedirectUris []string `json:"redirectUris"`
	RootURL      string   `json:"rootURL"`
}

type ClientProtocolMapper 

type ClientProtocolMapper struct {
	Config          ClientProtocolMapperConfig `json:"config"`
	ConsentRequired bool                       `json:"consentRequired"`
	ConsentText     string                     `json:"consentText"`
	ID              string                     `json:"id"`
	Name            string                     `json:"name"`
	Protocol        string                     `json:"protocol"`
	ProtocolMapper  string                     `json:"protocolMapper"`
}

type ClientProtocolMapperConfig 

type ClientProtocolMapperConfig struct {
	AccessTokenClaim   string `json:"access.token.claim"`
	ClaimName          string `json:"claim.name"`
	IDTokenClaim       string `json:"id.token.claim"`
	JSONTypeLabel      string `json:"jsonType.label"`
	UserAttribute      string `json:"user.attribute"`
	UserInfoTokenClaim string `json:"userinfo.token.claim"`
}

type ClientSecretProvider 

type ClientSecretProvider struct {
	AuthServerURLProvider
	// contains filtered or unexported fields
}

ClientSecretProvider

This provider implements the CombinedProvider interface, and is designed to take care of the complexity of managing a confidential client token for you.

Easiest way to implement would be the following: 

	conf := keycloak.NewClientSecretConfigWithInstallDocument({install document})
 prov, err := NewClientSecretAuthenticationProvider(conf)
 if err != nil {
		panic(err.Error())
	}

func NewClientSecretAuthenticationProvider 

func NewClientSecretAuthenticationProvider(conf ClientSecretProviderConfig) (*ClientSecretProvider, error)

NewClientSecretAuthenticationProvider will attempt to construct a new ClientSecretProvider for you based on the provided configuration.

func (*ClientSecretProvider) ClientID 

func (p *ClientSecretProvider) ClientID() string

func (*ClientSecretProvider) Current 

func (p *ClientSecretProvider) Current(ctx context.Context, client *APIClient) (OpenIDConnectToken, error)

func (*ClientSecretProvider) Expired 

func (p *ClientSecretProvider) Expired() bool

Expired will return true if the currently stored token has expired

func (*ClientSecretProvider) Expiry 

func (p *ClientSecretProvider) Expiry() int64

Expiry returns a unix nano timestamp of when the current token, if defined, expires.

func (*ClientSecretProvider) LastRefreshed 

func (p *ClientSecretProvider) LastRefreshed() int64

LastRefreshed returns a unix nano timestamp of the last time this client's bearer token was refreshed.

func (*ClientSecretProvider) Realm 

func (p *ClientSecretProvider) Realm() (string, error)

func (*ClientSecretProvider) RequestMutators 

func (p *ClientSecretProvider) RequestMutators(ctx context.Context, client *APIClient) ([]APIRequestMutator, error)

AuthMutators handles token refresh and builds a list of mutators to be applied to an outgoing authenticated request

type ClientSecretProviderConfig 

type ClientSecretProviderConfig struct {
	// AuthServerURL [required] - Full domain and any path prefix to Keycloak server
	AuthServerURL string `json:"authServerURL"`
	// Realm [required] - Name of realm within Keycloak that contains this client
	Realm string `json:"realm"`
	// Resource [required] - client id of client (not uuid id)
	Resource string `json:"resource"`
	// Secret [required] - Authentication secret of client
	Secret string `json:"secret"`
	// ExpiryMargin [optional] - Margin of time before absolute expiration to execute a refresh
	ExpiryMargin time.Duration `json:"expiryMargin"`
}

ClientSecretProviderConfig must be provided to a new ClientSecretProvider upon construction

func NewClientSecretConfigWithInstallDocument 

func NewClientSecretConfigWithInstallDocument(id *InstallDocument) ClientSecretProviderConfig

type Clients 

type Clients []*Client

type CombinedProvider 

type CombinedProvider interface {
	AuthServerURLProvider
	AuthenticationProvider
}

CombinedProvider describes any provider that can fulfill auth url and auth provider roles

type ConfigMutator 

type ConfigMutator func(*APIClientConfig)

ConfigMutator

ConfigMutator provides some flexibility when constructing an api client

type DebugConfig 

type DebugConfig struct {
	// BaseRequestMutators [optional]
	//
	// Optional list of request mutators that will always be run before any other mutators
	BaseRequestMutators []APIRequestMutator

	// FinalRequestMutators [optional]
	//
	// Optional list of request mutators that will always be run after any other mutators
	FinalRequestMutators []APIRequestMutator
}

DebugConfig

This type contains configuration options that provide additional utility during testing or development, but should not be configured when in production use.

type DefaultRealmEnvironmentProvider 

type DefaultRealmEnvironmentProvider struct {
	// contains filtered or unexported fields
}

func NewDefaultRealmEnvironmentProvider 

func NewDefaultRealmEnvironmentProvider(envCacheTTL time.Duration) *DefaultRealmEnvironmentProvider

NewDefaultRealmEnvironmentProvider will return to you a type of RealmEnvironmentProvider that stores realm env config for an hour.

func (*DefaultRealmEnvironmentProvider) RealmEnvironment 

func (rp *DefaultRealmEnvironmentProvider) RealmEnvironment(ctx context.Context, client *APIClient, realmName string) (*RealmEnvironment, error)

type EvaluatedPermission 

type EvaluatedPermission struct {
	Scopes       []string `json:"scopes"`
	ResourceID   string   `json:"rsid"`
	ResourceName string   `json:"rsname,omitempty"`
}

type EvaluatedPermissions 

type EvaluatedPermissions []*EvaluatedPermission

type EventsResponse 

type EventsResponse struct {
	ClientID  string                 `json:"clientId,omitempty"`
	Details   *EventsResponseDetails `json:"details,omitempty"`
	Error     string                 `json:"error,omitempty"`
	IPAddress string                 `json:"ipAddress,omitempty"`
	RealmID   string                 `json:"realmId,omitempty"`
	Time      int                    `json:"time,omitempty"`
	Type      string                 `json:"type,omitempty"`
	UserID    string                 `json:"userId,omitempty"`
}

type EventsResponseDetails 

type EventsResponseDetails struct {
	AuthMethod  string `json:"auth_method,omitempty"`
	AuthType    string `json:"auth_type,omitempty"`
	CodeID      string `json:"code_id,omitempty"`
	RedirectURI string `json:"redirect_uri,omitempty"`
	Username    string `json:"username,omitempty"`
}

type Group 

type Group struct {
	Access      GroupAccess  `json:"access"`
	Attributes  KeyValuesMap `json:"attributes"`
	ClientRoles KeyValuesMap `json:"clientRoles"`
	ID          string       `json:"id"`
	Name        string       `json:"name"`
	Path        string       `json:"path"`
	RealmRoles  []string     `json:"realmRoles"`
	SubGroups   []*Group     `json:"subGroups"`
}

type GroupAccess 

type GroupAccess struct {
	Manage           bool `json:"manage"`
	ManageMembership bool `json:"manageMembership"`
	View             bool `json:"view"`
}

type GroupCreate 

type GroupCreate struct {
	Name string `json:"name"`
}

type Groups 

type Groups []*Group

type ImpersonationRequest 

type ImpersonationRequest struct {
	Realm string `json:"realm"`
	User  string `json:"user"`
}

type ImpersonationResponse 

type ImpersonationResponse struct {
	Redirect  string `json:"redirect"`
	SameRealm bool   `json:"sameRealm"`
}

type InstallDocument 

type InstallDocument struct {
	Realm         string            `json:"realm"`
	AuthServerURL string            `json:"auth-server-url"`
	SSLRequired   string            `json:"ssl-required"`
	Resource      string            `json:"resource"`
	Credentials   map[string]string `json:"credentials"`
}

Expect configuration in the json format offered from ks > client > installation

type JSONWebKey 

type JSONWebKey struct {
	KeyID                string   `json:"kid"`
	KeyAlgorithm         string   `json:"alg"`
	KeyType              string   `json:"kty"`
	KeyUsage             string   `json:"use"`
	Modulus              string   `json:"n"`
	Exponent             string   `json:"e"`
	X509CertificateChain []string `json:"x5c"`
	X509Thumbprint       string   `json:"x5t"`
}

type JSONWebKeySet 

type JSONWebKeySet struct {
	Keys []*JSONWebKey `json:"keys"`
}

func (*JSONWebKeySet) KeychainByID 

func (jwk *JSONWebKeySet) KeychainByID(keyID string) *JSONWebKey

type KeyValueMap 

type KeyValueMap map[string]string

type KeyValuesMap 

type KeyValuesMap map[string][]string

type MicrosecondTime 

type MicrosecondTime time.Time

func (*MicrosecondTime) MarshalJSON 

func (t *MicrosecondTime) MarshalJSON() ([]byte, error)

func (*MicrosecondTime) UnmarshalJSON 

func (t *MicrosecondTime) UnmarshalJSON(b []byte) error

type OpenIDConfiguration 

type OpenIDConfiguration struct {
	Issuer                                     string   `json:"issuer"`
	AuthorizationEndpoint                      string   `json:"authorization_endpoint"`
	TokenEndpoint                              string   `json:"token_endpoint"`
	IntrospectionEndpoint                      string   `json:"introspection_endpoint"`
	UserInfoEndpoint                           string   `json:"userinfo_endpoint"`
	EndSessionEndpoint                         string   `json:"end_session_endpoint"`
	JSONWebKeysEndpoint                        string   `json:"jwks_uri"`
	CheckSessionIframe                         string   `json:"check_session_iframe"`
	GrantTypesSupported                        []string `json:"grant_types_supported"`
	ResponseTypesSupported                     []string `json:"response_types_supported"`
	SubjectTypesSupported                      []string `json:"subject_types_supported"`
	IDTokenSigningAlgValuesSupported           []string `json:"id_token_signing_alg_values_supported"`
	IDTokenEncryptionAlgValuesSupported        []string `json:"id_token_encryption_alg_values_supported"`
	IDTokenEncryptionEncValuesSupported        []string `json:"id_token_encryption_enc_values_supported"`
	UserinfoSigningAlgValuesSupported          []string `json:"userinfo_signing_alg_values_supported"`
	RequestObjectSigningAlgValuesSupported     []string `json:"request_object_signing_alg_values_supported"`
	ResponseModesSupported                     []string `json:"response_modes_supported"`
	RegistrationEndpoint                       string   `json:"registration_endpoint"`
	TokenEndpointAuthMethodsSupported          []string `json:"token_endpoint_auth_methods_supported"`
	TokenEndpointAuthSigningAlgValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported"`
	ClaimsSupported                            []string `json:"claims_supported"`
	ClaimTypesSupported                        []string `json:"claim_types_supported"`
	ClaimsParameterSupported                   bool     `json:"claims_parameter_supported"`
	ScopesSupported                            []string `json:"scopes_supported"`
	RequestParameterSupported                  bool     `json:"request_parameter_supported"`
	RequestURIParameterSupported               bool     `json:"request_uri_parameter_supported"`
	CodeChallengeMethodsSupported              []string `json:"code_challenge_methods_supported"`
	TLSClientCertificateBoundAccessToken       bool     `json:"tls_client_certificate_bound_access_token"`
}

type OpenIDConnectToken 

type OpenIDConnectToken struct {
	AccessToken      string `json:"access_token"`
	ExpiresIn        int    `json:"expires_in"`
	RefreshExpiresIn int    `json:"refresh_expires_in"`
	RefreshToken     string `json:"refresh_token"`
	TokenType        string `json:"token_type"`
	IdToken          string `json:"id_token"`
	NotBeforePolicy  int    `json:"not-before-policy"`
	SessionState     string `json:"session_state"`
}

Token payload returned from the TokenEndpoint

type OpenIDConnectTokenRequest 

type OpenIDConnectTokenRequest struct {
	// GrantType [required] - Type of grant to evaluate
	// 	- client_credentials
	// 	- code
	// 	- urn:ietf:params:oauth:grant-type:uma-ticket
	GrantType string `json:"grant_type" url:"grant_type"`

	// ClientID [required - grant_type=client_credentials]
	ClientID string `json:"client_id,omitempty" url:"client_id,omitempty"`

	// ClientSecret [required - grant_type=client_credentials]
	ClientSecret string `json:"client_secret,omitempty" url:"client_secret,omitempty"`

	// RefreshToken [required - grant_type=refresh_token] - The value is a valid refresh token that was generated previously
	RefreshToken string `json:"refresh_token,omitempty" url:"refresh_token,omitempty"`

	// Audience [optional] - Specific client to request permission for
	Audience string `json:"audience,omitempty" url:"audience,omitempty"`

	// Ticket [optional] - PermissionEvaluation based on existing permission ticket
	Ticket string `json:"ticket,omitempty" url:"ticket,omitempty"`

	// ClaimToken [optional] - Additional claims to be considered by the server
	ClaimToken string `json:"claim_token,omitempty" url:"claim_token,omitempty"`

	// ClaimTokenFormat [optional] - Format of provided claim token
	//  Allowed values:
	// 		- urn:ietf:params:oauth:token-type:jwt (claim token is an access token)
	// 		- https://openid.net/specs/openid-connect-core-1_0.html#IDToken (claim token is an oidc token)
	ClaimTokenFormat string `json:"claim_token_format,omitempty" url:"claim_token_format,omitempty"`

	// RequestingPartyToken [optional] - Existing RPT whose permissions should be evaluated and added in a new one
	RequestingPartyToken string `json:"rpt,omitempty" url:"rpt,omitempty"`

	// Permission [optional] - PermissionEvaluation specific access to a resource and scope
	Permissions []string `json:"permission,omitempty" url:"permission,omitempty"`

	// ResponseMode [optional] - Used in some uma2 token workflows
	ResponseMode *string `json:"response_mode,omitempty" url:"response_mode,omitempty"`

	// ResponseIncludeResourceName [optional]
	ResponseIncludeResourceName *bool `json:"response_include_resource_name,omitempty" url:"response_include_resource_name,omitempty"`

	// ResponsePermissionsLimit [optional]
	ResponsePermissionsLimit *int `json:"response_permissions_limit,omitempty" url:"response_permissions_limit,omitempty"`

	// SubmitRequest [optional]
	SubmitRequest *bool `json:"submit_request,omitempty" url:"submit_request,omitempty"`
}

func NewOpenIDConnectTokenRequest 

func NewOpenIDConnectTokenRequest(grantType string, permissions ...PermissionRequestPermission) *OpenIDConnectTokenRequest

func (*OpenIDConnectTokenRequest) AddPermission 

func (r *OpenIDConnectTokenRequest) AddPermission(resource, scope string) *OpenIDConnectTokenRequest

AddPermission is a helper method to add a permission to the request. There is no concurrency protection, so use at your own risk.

type ParameterFormatterFunc 

type ParameterFormatterFunc func(location, name string, value interface{}) (formatted string, valued bool)

ParameterFormatter

This func is called when creating request mutators to determine if and how the provided value will be added to a given request's query parameter string. 

var ParameterFormatter ParameterFormatterFunc = DefaultParameterFormatter

ParameterFormatter is called when creating request mutators

type Permission 

type Permission struct {
	ID               string   `json:"id,omitempty"`
	Name             string   `json:"name"`
	Description      string   `json:"description,omitempty"`
	Type             string   `json:"type"`
	Logic            string   `json:"logic"`
	DecisionStrategy string   `json:"decisionStrategy"`
	Resources        []string `json:"resources"`
	ResourceType     string   `json:"resourceType"`
	Policies         []string `json:"policies"`
	Scopes           []string `json:"scopes"`
}

Permission is returned by the "PermissionPath" overview call

type PermissionCreateUpdateRequest 

type PermissionCreateUpdateRequest struct {
	// ID - only used during update request
	ID               string `json:"id,omitempty"`
	Name             string `json:"name"`
	Description      string `json:"description"`
	Type             string `json:"type"`
	Logic            string `json:"logic"`
	DecisionStrategy string `json:"decisionStrategy"`
	// Policies - list of policy id's
	Policies []string `json:"policies"`

	// Resources - list of resource ids
	// 	- only used when type == "resource"
	//	- mutually exclusive with "resourceType"
	Resources []string `json:"resources,omitempty"`

	// ResourceType - matches against the freeform "type" field on any resources within the parent client
	//	- only used when type == "resource"
	//	- mutually exclusive with "resources"
	ResourceType *string `json:"resourceType,omitempty"`

	// Scopes - list of scope ids
	//	- only used when type == "scope" (ui lists this as "role based")
	Scopes []string `json:"scopes,omitempty"`
}

type PermissionDecisionResponse 

type PermissionDecisionResponse struct {
	Result bool `json:"result"`
}

type PermissionRequestPermission 

type PermissionRequestPermission struct {
	Resource string
	Scope    string
}

func NewOpenIDConnectTokenPermission 

func NewOpenIDConnectTokenPermission(resource, scope string) PermissionRequestPermission

type PermissionScope 

type PermissionScope struct {
	ID               string   `json:"id,omitempty"`
	Name             string   `json:"name,omitempty"`
	Description      string   `json:"description,omitempty"`
	Type             string   `json:"type,omitempty"`
	Policies         []string `json:"policies,omitempty"`
	Resources        []string `json:"resources,omitempty"`
	Scopes           []string `json:"scopes,omitempty"`
	Logic            string   `json:"logic,omitempty"`
	DecisionStrategy string   `json:"decisionStrategy,omitempty"`
}

type Permissions 

type Permissions []*Permission

type Policies 

type Policies []*Policy

func (Policies) Len 

func (list Policies) Len() int

Implement sort.Interface for Policies

func (Policies) Less 

func (list Policies) Less(i, j int) bool

func (Policies) Swap 

func (list Policies) Swap(i, j int)

type Policy 

type Policy struct {
	ID               string       `json:"id"`
	Type             string       `json:"type"`
	Name             string       `json:"name"`
	Description      string       `json:"description"`
	Logic            string       `json:"logic"`
	DecisionStrategy string       `json:"decisionStrategy"`
	Config           PolicyConfig `json:"config"`

	// Code - only returned when type == "js"
	Code string `json:"code"`

	// Roles - only returned when type == "role"
	Roles PolicyRoles `json:"roles"`

	// Clients - list of client ids, only returned when type == "client"
	Clients []string `json:"clients"`

	DayMonth     string     `json:"dayMonth"`
	DayMonthEnd  string     `json:"dayMonthEnd"`
	Hour         string     `json:"hour"`
	HourEnd      string     `json:"hourEnd"`
	Minute       string     `json:"minute"`
	MinuteEnd    string     `json:"minuteEnd"`
	Month        string     `json:"month"`
	MonthEnd     string     `json:"monthEnd"`
	NotBefore    PolicyTime `json:"notBefore"`
	NotOnOrAfter PolicyTime `json:"notOnOrAfter"`
	Year         string     `json:"year"`
	YearEnd      string     `json:"yearEnd"`
}

type PolicyConfig 

type PolicyConfig struct {
	Roles Roles `json:"roles"`
}

func (*PolicyConfig) UnmarshalJSON 

func (conf *PolicyConfig) UnmarshalJSON(buf []byte) error

UnmarshalJSON is a custom decoder for the string-encoded json policy config payload

type PolicyCreateUpdateRequest 

type PolicyCreateUpdateRequest struct {
	// ID [optional] - only used during update call
	ID string `json:"id,omitempty"`

	// Type [required] - one of: role, js, time
	Type             string `json:"type"`
	Name             string `json:"name"`
	Description      string `json:"description"`
	DecisionStrategy string `json:"decisionStrategy"`
	Logic            string `json:"logic"`

	// Roles [optional] - only used when type == "role"
	Roles PolicyRoles `json:"roles,omitempty"`

	// Code [optional] - only used when type == "js"
	Code *string `json:"code,omitempty"`

	// Clients [optional] - list of client ids, only used when type == "client"
	Clients []string `json:"clients,omitempty"`

	DayMonth     *int        `json:"dayMonth,omitempty"`
	DayMonthEnd  *int        `json:"dayMonthEnd,omitempty"`
	Hour         *int        `json:"hour,omitempty"`
	HourEnd      *int        `json:"hourEnd,omitempty"`
	Minute       *int        `json:"minute,omitempty"`
	MinuteEnd    *int        `json:"minuteEnd,omitempty"`
	Month        *int        `json:"month,omitempty"`
	MonthEnd     *int        `json:"monthEnd,omitempty"`
	NotBefore    *PolicyTime `json:"notBefore,omitempty"`
	NotOnOrAfter *PolicyTime `json:"notOnOrAfter,omitempty"`
	Year         *int        `json:"year,omitempty"`
	YearEnd      *int        `json:"yearEnd,omitempty"`
}

type PolicyMap 

type PolicyMap map[string]*Policy

func (PolicyMap) IDs 

func (m PolicyMap) IDs() []string

type PolicyProvider 

type PolicyProvider struct {
	Type  string `json:"type"`
	Name  string `json:"name"`
	Group string `json:"group"`
}

type PolicyProviders 

type PolicyProviders []*PolicyProvider

type PolicyRole 

type PolicyRole struct {
	ID       string `json:"id"`
	Required bool   `json:"required"`
}

type PolicyRoles 

type PolicyRoles []PolicyRole

type PolicyTime 

type PolicyTime time.Time

func (PolicyTime) MarshalJSON 

func (t PolicyTime) MarshalJSON() ([]byte, error)

func (*PolicyTime) UnmarshalJSON 

func (t *PolicyTime) UnmarshalJSON(b []byte) error

type Realm 

type Realm struct {
	AccessCodeLifespan                  int                          `json:"accessCodeLifespan,omitempty"`
	AccessCodeLifespanLogin             int                          `json:"accessCodeLifespanLogin,omitempty"`
	AccessCodeLifespanUserAction        int                          `json:"accessCodeLifespanUserAction,omitempty"`
	AccessTokenLifespan                 int                          `json:"accessTokenLifespan,omitempty"`
	AccessTokenLifespanForImplicitFlow  int                          `json:"accessTokenLifespanForImplicitFlow,omitempty"`
	AccountTheme                        string                       `json:"accountTheme,omitempty"`
	ActionTokenGeneratedByAdminLifespan int                          `json:"actionTokenGeneratedByAdminLifespan,omitempty"`
	ActionTokenGeneratedByUserLifespan  int                          `json:"actionTokenGeneratedByUserLifespan,omitempty"`
	AdminEventsDetailsEnabled           bool                         `json:"adminEventsDetailsEnabled,omitempty"`
	AdminEventsEnabled                  bool                         `json:"adminEventsEnabled,omitempty"`
	Attributes                          *RealmAttributes             `json:"attributes,omitempty"`
	BrowserFlow                         string                       `json:"browserFlow,omitempty"`
	BrowserSecurityHeaders              *RealmBrowserSecurityHeaders `json:"browserSecurityHeaders,omitempty"`
	BruteForceProtected                 bool                         `json:"bruteForceProtected,omitempty"`
	ClientAuthenticationFlow            string                       `json:"clientAuthenticationFlow,omitempty"`
	DefaultRoles                        []string                     `json:"defaultRoles,omitempty"`
	DirectGrantFlow                     string                       `json:"directGrantFlow,omitempty"`
	DisplayName                         string                       `json:"displayName,omitempty"`
	DisplayNameHTML                     string                       `json:"displayNameHtml,omitempty"`
	DockerAuthenticationFlow            string                       `json:"dockerAuthenticationFlow,omitempty"`
	DuplicateEmailsAllowed              bool                         `json:"duplicateEmailsAllowed,omitempty"`
	EditUsernameAllowed                 bool                         `json:"editUsernameAllowed,omitempty"`
	Enabled                             bool                         `json:"enabled,omitempty"`
	EnabledEventTypes                   []string                     `json:"enabledEventTypes,omitempty"`
	EventsEnabled                       bool                         `json:"eventsEnabled,omitempty"`
	EventsExpiration                    int                          `json:"eventsExpiration,omitempty"`
	EventsListeners                     []string                     `json:"eventsListeners,omitempty"`
	FailureFactor                       int                          `json:"failureFactor,omitempty"`
	ID                                  string                       `json:"id,omitempty"`
	IdentityProviders                   RealmIdentityProviders       `json:"identityProviders,omitempty"`
	InternationalizationEnabled         bool                         `json:"internationalizationEnabled,omitempty"`
	LoginTheme                          string                       `json:"loginTheme,omitempty"`
	LoginWithEmailAllowed               bool                         `json:"loginWithEmailAllowed,omitempty"`
	MaxDeltaTimeSeconds                 int                          `json:"maxDeltaTimeSeconds,omitempty"`
	MaxFailureWaitSeconds               int                          `json:"maxFailureWaitSeconds,omitempty"`
	MinimumQuickLoginWaitSeconds        int                          `json:"minimumQuickLoginWaitSeconds,omitempty"`
	NotBefore                           int                          `json:"notBefore,omitempty"`
	OfflineSessionIdleTimeout           int                          `json:"offlineSessionIdleTimeout,omitempty"`
	OtpPolicyAlgorithm                  string                       `json:"otpPolicyAlgorithm,omitempty"`
	OtpPolicyDigits                     int                          `json:"otpPolicyDigits,omitempty"`
	OtpPolicyInitialCounter             int                          `json:"otpPolicyInitialCounter,omitempty"`
	OtpPolicyLookAheadWindow            int                          `json:"otpPolicyLookAheadWindow,omitempty"`
	OtpPolicyPeriod                     int                          `json:"otpPolicyPeriod,omitempty"`
	OtpPolicyType                       string                       `json:"otpPolicyType,omitempty"`
	PermanentLockout                    bool                         `json:"permanentLockout,omitempty"`
	QuickLoginCheckMilliSeconds         int                          `json:"quickLoginCheckMilliSeconds,omitempty"`
	Realm                               string                       `json:"realm,omitempty"`
	RefreshTokenMaxReuse                int                          `json:"refreshTokenMaxReuse,omitempty"`
	RegistrationAllowed                 bool                         `json:"registrationAllowed,omitempty"`
	RegistrationEmailAsUsername         bool                         `json:"registrationEmailAsUsername,omitempty"`
	RegistrationFlow                    string                       `json:"registrationFlow,omitempty"`
	RememberMe                          bool                         `json:"rememberMe,omitempty"`
	RequiredCredentials                 []string                     `json:"requiredCredentials,omitempty"`
	ResetCredentialsFlow                string                       `json:"resetCredentialsFlow,omitempty"`
	ResetPasswordAllowed                bool                         `json:"resetPasswordAllowed,omitempty"`
	RevokeRefreshToken                  bool                         `json:"revokeRefreshToken,omitempty"`
	SMTPServer                          *RealmSMTPServer             `json:"smtpServer,omitempty"`
	SslRequired                         string                       `json:"sslRequired,omitempty"`
	SsoSessionIdleTimeout               int                          `json:"ssoSessionIdleTimeout,omitempty"`
	SsoSessionMaxLifespan               int                          `json:"ssoSessionMaxLifespan,omitempty"`
	SupportedLocales                    []string                     `json:"supportedLocales,omitempty"`
	VerifyEmail                         bool                         `json:"verifyEmail,omitempty"`
	WaitIncrementSeconds                int                          `json:"waitIncrementSeconds,omitempty"`
}

type RealmAttributes 

type RealmAttributes struct {
	XBrowserHeaderContentSecurityPolicy string `json:"_browser_header.contentSecurityPolicy,omitempty"`
	XBrowserHeaderXContentTypeOptions   string `json:"_browser_header.xContentTypeOptions,omitempty"`
	XBrowserHeaderXFrameOptions         string `json:"_browser_header.xFrameOptions,omitempty"`
	XBrowserHeaderXRobotsTag            string `json:"_browser_header.xRobotsTag,omitempty"`
	XBrowserHeaderXXSSProtection        string `json:"_browser_header.xXSSProtection,omitempty"`
	ActionTokenGeneratedByAdminLifespan string `json:"actionTokenGeneratedByAdminLifespan,omitempty"`
	ActionTokenGeneratedByUserLifespan  string `json:"actionTokenGeneratedByUserLifespan,omitempty"`
	BruteForceProtected                 string `json:"bruteForceProtected,omitempty"`
	DisplayName                         string `json:"displayName,omitempty"`
	DisplayNameHTML                     string `json:"displayNameHtml,omitempty"`
	FailureFactor                       string `json:"failureFactor,omitempty"`
	MaxDeltaTimeSeconds                 string `json:"maxDeltaTimeSeconds,omitempty"`
	MaxFailureWaitSeconds               string `json:"maxFailureWaitSeconds,omitempty"`
	MinimumQuickLoginWaitSeconds        string `json:"minimumQuickLoginWaitSeconds,omitempty"`
	PermanentLockout                    string `json:"permanentLockout,omitempty"`
	QuickLoginCheckMilliSeconds         string `json:"quickLoginCheckMilliSeconds,omitempty"`
	WaitIncrementSeconds                string `json:"waitIncrementSeconds,omitempty"`
}

type RealmBrowserSecurityHeaders 

type RealmBrowserSecurityHeaders struct {
	ContentSecurityPolicy string `json:"contentSecurityPolicy,omitempty"`
	XContentTypeOptions   string `json:"xContentTypeOptions,omitempty"`
	XFrameOptions         string `json:"xFrameOptions,omitempty"`
	XRobotsTag            string `json:"xRobotsTag,omitempty"`
	XXSSProtection        string `json:"xXSSProtection,omitempty"`
}

type RealmEnvironment 

type RealmEnvironment struct {
	// contains filtered or unexported fields
}

func GetRealmEnvironment 

func GetRealmEnvironment(ctx context.Context, client *APIClient, realmName string) (*RealmEnvironment, error)

func (*RealmEnvironment) AuthorizationEndpoint 

func (e *RealmEnvironment) AuthorizationEndpoint() string

func (*RealmEnvironment) CheckSessionIframe 

func (e *RealmEnvironment) CheckSessionIframe() string

func (*RealmEnvironment) ClaimTypesSupported 

func (e *RealmEnvironment) ClaimTypesSupported() []string

func (*RealmEnvironment) ClaimsParameterSupported 

func (e *RealmEnvironment) ClaimsParameterSupported() bool

func (*RealmEnvironment) ClaimsSupported 

func (e *RealmEnvironment) ClaimsSupported() []string

func (*RealmEnvironment) CodeChallengeMethodsSupported 

func (e *RealmEnvironment) CodeChallengeMethodsSupported() []string

func (*RealmEnvironment) EndSessionEndpoint 

func (e *RealmEnvironment) EndSessionEndpoint() string

func (*RealmEnvironment) GrantTypesSupported 

func (e *RealmEnvironment) GrantTypesSupported() []string

func (*RealmEnvironment) IDTokenEncryptionAlgValuesSupported 

func (e *RealmEnvironment) IDTokenEncryptionAlgValuesSupported() []string

func (*RealmEnvironment) IDTokenEncryptionEncValuesSupported 

func (e *RealmEnvironment) IDTokenEncryptionEncValuesSupported() []string

func (*RealmEnvironment) IDTokenSigningAlgValuesSupported 

func (e *RealmEnvironment) IDTokenSigningAlgValuesSupported() []string

func (*RealmEnvironment) IntrospectionEndpoint 

func (e *RealmEnvironment) IntrospectionEndpoint() string

func (*RealmEnvironment) IssuerAddress 

func (e *RealmEnvironment) IssuerAddress() string

func (*RealmEnvironment) JSONWebKeysEndpoint 

func (e *RealmEnvironment) JSONWebKeysEndpoint() string

func (*RealmEnvironment) PermissionEndpoint 

func (e *RealmEnvironment) PermissionEndpoint() (string, bool)

func (*RealmEnvironment) PolicyEndpoint 

func (e *RealmEnvironment) PolicyEndpoint() (string, bool)

func (*RealmEnvironment) RegistrationEndpoint 

func (e *RealmEnvironment) RegistrationEndpoint() string

func (*RealmEnvironment) RequestObjectSigningAlgValuesSupported 

func (e *RealmEnvironment) RequestObjectSigningAlgValuesSupported() []string

func (*RealmEnvironment) RequestParameterSupported 

func (e *RealmEnvironment) RequestParameterSupported() bool

func (*RealmEnvironment) RequestURIParameterSupported 

func (e *RealmEnvironment) RequestURIParameterSupported() bool

func (*RealmEnvironment) ResourceRegistrationEndpoint 

func (e *RealmEnvironment) ResourceRegistrationEndpoint() (string, bool)

func (*RealmEnvironment) ResponseModesSupported 

func (e *RealmEnvironment) ResponseModesSupported() []string

func (*RealmEnvironment) ResponseTypesSupported 

func (e *RealmEnvironment) ResponseTypesSupported() []string

func (*RealmEnvironment) ScopesSupported 

func (e *RealmEnvironment) ScopesSupported() []string

func (*RealmEnvironment) SubjectTypesSupported 

func (e *RealmEnvironment) SubjectTypesSupported() []string

func (*RealmEnvironment) SupportsUMA2 

func (e *RealmEnvironment) SupportsUMA2() bool

func (*RealmEnvironment) TLSClientCertificateBoundAccessTokens 

func (e *RealmEnvironment) TLSClientCertificateBoundAccessTokens() bool

func (*RealmEnvironment) TokenEndpoint 

func (e *RealmEnvironment) TokenEndpoint() string

func (*RealmEnvironment) TokenEndpointAuthMethodsSupported 

func (e *RealmEnvironment) TokenEndpointAuthMethodsSupported() []string

func (*RealmEnvironment) TokenEndpointAuthSigningAlgValuesSupported 

func (e *RealmEnvironment) TokenEndpointAuthSigningAlgValuesSupported() []string

func (*RealmEnvironment) UserInfoEndpoint 

func (e *RealmEnvironment) UserInfoEndpoint() string

func (*RealmEnvironment) UserInfoSigningAlgValuesSupported 

func (e *RealmEnvironment) UserInfoSigningAlgValuesSupported() []string

type RealmEnvironmentProvider 

type RealmEnvironmentProvider interface {
	RealmEnvironment(ctx context.Context, client *APIClient, realmName string) (*RealmEnvironment, error)
}

RealmEnvironmentProvider

type RealmIdentityProvider 

type RealmIdentityProvider struct {
	AddReadTokenRoleOnCreate    bool                         `json:"addReadTokenRoleOnCreate,omitempty"`
	Alias                       string                       `json:"alias,omitempty"`
	AuthenticateByDefault       bool                         `json:"authenticateByDefault,omitempty"`
	Config                      *RealmIdentityProviderConfig `json:"config,omitempty"`
	DisplayName                 string                       `json:"displayName,omitempty"`
	Enabled                     bool                         `json:"enabled,omitempty"`
	FirstBrokerLoginFlowAlias   string                       `json:"firstBrokerLoginFlowAlias,omitempty"`
	InternalID                  string                       `json:"internalId,omitempty"`
	LinkOnly                    bool                         `json:"linkOnly,omitempty"`
	ProviderID                  string                       `json:"providerId,omitempty"`
	StoreToken                  bool                         `json:"storeToken,omitempty"`
	TrustEmail                  bool                         `json:"trustEmail,omitempty"`
	UpdateProfileFirstLoginMode string                       `json:"updateProfileFirstLoginMode,omitempty"`
}

type RealmIdentityProviderConfig 

type RealmIdentityProviderConfig struct {
	AuthorizationURL     string `json:"authorizationUrl,omitempty"`
	BackchannelSupported string `json:"backchannelSupported,omitempty"`
	ClientID             string `json:"clientId,omitempty"`
	ClientSecret         string `json:"clientSecret,omitempty"`
	DefaultScope         string `json:"defaultScope,omitempty"`
	DisableUserInfo      string `json:"disableUserInfo,omitempty"`
	HideOnLoginPage      string `json:"hideOnLoginPage,omitempty"`
	LoginHint            string `json:"loginHint,omitempty"`
	TokenURL             string `json:"tokenUrl,omitempty"`
	UseJwksURL           string `json:"useJwksUrl,omitempty"`
	UserIP               string `json:"userIp,omitempty"`
	ValidateSignature    string `json:"validateSignature,omitempty"`
}

type RealmIdentityProviders 

type RealmIdentityProviders []*RealmIdentityProvider

type RealmIssuerConfiguration 

type RealmIssuerConfiguration struct {
	Realm           string `json:"realm"`
	PublicKey       string `json:"public_key"`
	TokenService    string `json:"token-service"`
	AccountService  string `json:"account-service"`
	AdminAPI        string `json:"admin-api"`
	TokensNotBefore int    `json:"tokens-not-before"`
}

type RealmSMTPServer 

type RealmSMTPServer struct {
	Auth               string `json:"auth,omitempty"`
	EnvelopeFrom       string `json:"envelopeFrom,omitempty"`
	From               string `json:"from,omitempty"`
	FromDisplayName    string `json:"fromDisplayName,omitempty"`
	Host               string `json:"host,omitempty"`
	ReplyTo            string `json:"replyTo,omitempty"`
	ReplyToDisplayName string `json:"replyToDisplayName,omitempty"`
	Ssl                string `json:"ssl,omitempty"`
	Starttls           string `json:"starttls,omitempty"`
}

type Resource 

type Resource struct {
	ID                 string         `json:"_id"`
	Type               string         `json:"type"`
	Owner              ResourceOwner  `json:"owner"`
	OwnerManagedAccess bool           `json:"ownerManagedAccess"`
	DisplayName        string         `json:"displayName"`
	Scopes             ResourceScopes `json:"scopes"`
	Name               string         `json:"name"`
	IconURI            string         `json:"icon_uri"`

	// TypedScopes - only returned with 3.4
	TypedScopes ResourceScopes `json:"typedScope"`

	// URI - only returned with 3.4
	URI string `json:"uri"`

	// URIs - only returned with 4.0+
	URIs []string `json:"uris"`

	// Attributes - only returned with 4.0+
	Attributes KeyValuesMap `json:"attributes"`
}

type ResourceCreateUpdateRequest 

type ResourceCreateUpdateRequest struct {
	// ID - only used during update request
	ID string `json:"_id,omitempty"`

	IconURI string         `json:"icon_uri"`
	Name    string         `json:"name"`
	Scopes  ResourceScopes `json:"scopes"`
	Type    string         `json:"type"`

	URI *string `json:"uri,omitempty"` // used by 3.4

}

type ResourceMap 

type ResourceMap map[string]*Resource

func (ResourceMap) IDs 

func (m ResourceMap) IDs() []string

type ResourceOwner 

type ResourceOwner struct {
	ID   string `json:"id"`
	Name string `json:"name"`
}

type ResourceScope 

type ResourceScope struct {
	ID      string `json:"id"`
	Name    string `json:"name"`
	IconURI string `json:"iconUri,omitempty"`
}

type ResourceScopes 

type ResourceScopes []ResourceScope

type ResourceServerOverview 

type ResourceServerOverview struct {
	ID                            string    `json:"id"`
	ClientID                      string    `json:"clientId"`
	Name                          string    `json:"name"`
	AllowRemoteResourceManagement bool      `json:"allowRemoteResourceManagement"`
	PolicyEnforcementMode         string    `json:"policyEnforcementMode"`
	Resources                     Resources `json:"resources"`
	Policies                      Policies  `json:"policies"`
	Scopes                        Scopes    `json:"scopes"`
	DecisionStrategy              string    `json:"decisionStrategy"`
}

type Resources 

type Resources []*Resource

type Role 

type Role struct {
	ID                 string `json:"id"`
	Name               string `json:"name"`
	Description        string `json:"description"`
	ScopeParamRequired bool   `json:"scopeParamRequired"`
	Composite          bool   `json:"composite"`
	ClientRole         bool   `json:"clientRole"`
	ContainerID        string `json:"containerId"`
}

type RoleCreateRequest 

type RoleCreateRequest struct {
	Name        string `json:"name"`
	Description string `json:"description"`

	// ScopeParamRequired [optional] - seemingly only used by 3.4
	ScopeParamRequired *bool `json:"scopeParamRequired,omitempty"`
}

type RoleMap 

type RoleMap map[string]*Role

type RoleMapping 

type RoleMapping struct {
	RealmMappings  Roles   `json:"realmMappings,omitempty"`
	ClientMappings RoleMap `json:"clientMappings,omitempty"`
}

type Roles 

type Roles []*Role

func (Roles) Len 

func (list Roles) Len() int

Implement sort.Interface for Role

func (Roles) Less 

func (list Roles) Less(i, j int) bool

func (Roles) Swap 

func (list Roles) Swap(i, j int)

type Scope 

type Scope struct {
	ID          string `json:"id,omitempty"`
	Name        string `json:"name"`
	Description string `json:"description"`
	IconURI     string `json:"iconUri"`

	DisplayName string `json:"displayName"` // used by 4.0+

	Attributes      KeyValuesMap           `json:"attributes"`
	Protocol        string                 `json:"protocol"`
	ProtocolMappers []ClientProtocolMapper `json:"protocolMappers"`
}

type ScopeCreateUpdateRequest 

type ScopeCreateUpdateRequest struct {
	// ID [optional] - unused by create request, unused by 3.4 update request, but used by 4.0+ update request
	ID      string `json:"id,omitempty"`
	Name    string `json:"name"`
	IconURI string `json:"iconUri"`
}

type Scopes 

type Scopes []*Scope

func (Scopes) Len 

func (list Scopes) Len() int

Implement sort.Interface for Scope

func (Scopes) Less 

func (list Scopes) Less(i, j int) bool

func (Scopes) Swap 

func (list Scopes) Swap(i, j int)

type StaticAuthServerURL 

type StaticAuthServerURL string

func NewAuthServerURLProvider 

func NewAuthServerURLProvider(authServerURL string) StaticAuthServerURL

NewAuthServerURLProvider builds an AuthServerURLProvider that will set the issuer address value provided to this constructor, unless the context provided to the setter already contains an an issuer address key

func NewAuthServerURLProviderWithURL 

func NewAuthServerURLProviderWithURL(purl *url.URL) StaticAuthServerURL

NewAuthServerURLProviderWithURL will construct a new StaticAuthServerURL using the provided *url.URL

func (StaticAuthServerURL) AuthServerURL 

func (ip StaticAuthServerURL) AuthServerURL() (string, error)

type TokenIntrospectionResults 

type TokenIntrospectionResults struct {
	Permissions []TokenIntrospectionResultsPermission `json:"permissions"`
	Expires     int                                   `json:"exp"`
	NotBefore   int                                   `json:"nbf"`
	IssuedAt    int                                   `json:"iat"`
	Audience    string                                `json:"aud"`
	Active      bool                                  `json:"active"`
}

type TokenIntrospectionResultsPermission 

type TokenIntrospectionResultsPermission struct {
	ResourceID   string `json:"resource_id"`
	ResourceName string `json:"resource_name"`
}

type TokenParser 

type TokenParser interface {
	// Parse must attempt to validate the provided token was signed using the mechanism expected by the realm's issuer
	Parse(context.Context, *APIClient, *jwt.Token) (pk interface{}, err error)
	SupportedAlgorithms() []string
}

TokenParser represents any type that can handle parsing and persisting a range of certificate types

func GetTokenParser 

func GetTokenParser(alg string) (TokenParser, bool)

type TokenService 

type TokenService struct {
	// contains filtered or unexported fields
}

func (*TokenService) ClientEntitlement 

func (ts *TokenService) ClientEntitlement(ctx context.Context, realmName string, ap AuthenticationProvider, clientID string, claimsType jwt.Claims, parserOpts []jwt.ParserOption, mutators ...APIRequestMutator) (*jwt.Token, error)

ClientEntitlement will attempt to call the pre-uma2 entitlement endpoint to return a Requesting Party Token containing details about what aspects of the provided clientID the token for this request has access to, if any. DEPRECATED: use the newer token workflow for instances newer than 3.4

func (*TokenService) IntrospectRequestingPartyToken 

func (ts *TokenService) IntrospectRequestingPartyToken(ctx context.Context, realmName string, ap AuthenticationProvider, rawRPT string, mutators ...APIRequestMutator) (*TokenIntrospectionResults, error)

func (*TokenService) OpenIDConnectToken 

func (ts *TokenService) OpenIDConnectToken(ctx context.Context, realmName string, ap AuthenticationProvider, req *OpenIDConnectTokenRequest, mutators ...APIRequestMutator) (*OpenIDConnectToken, error)

func (*TokenService) PermissionDecision 

func (ts *TokenService) PermissionDecision(ctx context.Context, realmName string, ap AuthenticationProvider, req *OpenIDConnectTokenRequest, mutators ...APIRequestMutator) (*PermissionDecisionResponse, error)

PermissionDecision can be used to determine whether a bearer token is allowed the permission requested

func (*TokenService) PermissionEvaluation 

func (ts *TokenService) PermissionEvaluation(ctx context.Context, realmName string, ap AuthenticationProvider, req *OpenIDConnectTokenRequest, mutators ...APIRequestMutator) (EvaluatedPermissions, error)

PermissionEvaluation will return an array of permissions granted by the server

func (*TokenService) RequestingPartyToken 

func (ts *TokenService) RequestingPartyToken(ctx context.Context, realmName string, ap AuthenticationProvider, req *OpenIDConnectTokenRequest, claimsType jwt.Claims, parserOpts []jwt.ParserOption, mutators ...APIRequestMutator) (*jwt.Token, error)

RequestingPartyToken will attempt to automatically decode and validate a RPT returned from an OIDC token request

type UMA2Configuration 

type UMA2Configuration struct {
	AuthorizationEndpoint                      string   `json:"authorization_endpoint"`
	EndSessionEndpoint                         string   `json:"end_session_endpoint"`
	GrantTypesSupported                        []string `json:"grant_types_supported"`
	IntrospectionEndpoint                      string   `json:"introspection_endpoint"`
	Issuer                                     string   `json:"issuer"`
	JwksURI                                    string   `json:"jwks_uri"`
	PermissionEndpoint                         string   `json:"permission_endpoint"`
	PolicyEndpoint                             string   `json:"policy_endpoint"`
	RegistrationEndpoint                       string   `json:"registration_endpoint"`
	ResourceRegistrationEndpoint               string   `json:"resource_registration_endpoint"`
	ResponseModesSupported                     []string `json:"response_modes_supported"`
	ResponseTypesSupported                     []string `json:"response_types_supported"`
	ScopesSupported                            []string `json:"scopes_supported"`
	TokenEndpoint                              string   `json:"token_endpoint"`
	TokenEndpointAuthMethodsSupported          []string `json:"token_endpoint_auth_methods_supported"`
	TokenEndpointAuthSigningAlgValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported"`
	TokenIntrospectionEndpoint                 string   `json:"token_introspection_endpoint"`
}

type User 

type User struct {
	// these are editable
	Access          UserAccess   `json:"access"`
	Attributes      KeyValuesMap `json:"attributes"`
	Email           string       `json:"email"`
	EmailVerified   bool         `json:"emailVerified"`
	Enabled         bool         `json:"enabled"`
	FirstName       string       `json:"firstName"`
	LastName        string       `json:"lastName"`
	RequiredActions []string     `json:"requiredActions"`
	Username        string       `json:"username"`

	CreatedTimestamp           MicrosecondTime `json:"createdTimestamp"`
	DisableableCredentialTypes []string        `json:"disableableCredentialTypes"`
	FederatedIdentities        []interface{}   `json:"federatedIdentities"`
	ID                         string          `json:"id"`
	NotBefore                  MicrosecondTime `json:"notBefore"`
	Totp                       bool            `json:"totp"`
}

type UserAccess 

type UserAccess struct {
	Impersonate           bool `json:"impersonate"`
	Manage                bool `json:"manage"`
	ManageGroupMembership bool `json:"manageGroupMembership"`
	MapRoles              bool `json:"mapRoles"`
	View                  bool `json:"view"`
}

type UserCreate 

type UserCreate struct {
	Attributes    KeyValuesMap `json:"attributes"`
	Email         string       `json:"email"`
	EmailVerified bool         `json:"emailVerified"`
	Enabled       bool         `json:"enabled"`
	Username      string       `json:"username"`
}

type Users 

type Users []*User

type X509TokenParser 

type X509TokenParser struct {
	// contains filtered or unexported fields
}

func NewX509TokenParser 

func NewX509TokenParser(cacheTTL time.Duration) *X509TokenParser

NewX509TokenParser will return to you a token parser capable of handling most RSA & ECDSA signed tokens and keys

func (*X509TokenParser) Parse 

func (tp *X509TokenParser) Parse(ctx context.Context, client *APIClient, token *jwt.Token) (interface{}, error)

func (*X509TokenParser) SupportedAlgorithms 

func (*X509TokenParser) SupportedAlgorithms() []string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.