Documentation ¶
Index ¶
- Constants
- func BackgroundRealmContext(realm string) context.Context
- func BackgroundRealmTokenContext(realm, token string) context.Context
- func BackgroundTokenContext(token string) context.Context
- func ContextIssuerAddress(ctx context.Context) (string, bool)
- func ContextRealm(ctx context.Context) (string, bool)
- func ContextToken(ctx context.Context) (string, bool)
- func DefaultValuedParameterFormatter(_, _ string, v interface{}) (string, bool)
- func DefaultZerologLogger() zerolog.Logger
- func FlushGlobalPublicKeyCache()
- func IssuerAddressContext(parent context.Context, issuerAddress string) context.Context
- func ParseAddr(addr string, insecure bool) (string, error)
- func RealmContext(parent context.Context, realm string) context.Context
- func RealmContextWithTimeout(parent context.Context, realm string, ttl time.Duration) (context.Context, context.CancelFunc)
- func RealmTokenContext(parent context.Context, realm, token string) context.Context
- func RealmTokenContextWithTimeout(parent context.Context, realm, token string, ttl time.Duration) (context.Context, context.CancelFunc)
- func RequestBearerToken(request *http.Request) (string, bool)
- func SetGlobalPublicKeyCacheLogger(log zerolog.Logger)
- func TokenContext(parent context.Context, token string) context.Context
- func TokenContextWithTimeout(parent context.Context, token string, ttl time.Duration) (context.Context, context.CancelFunc)
- type APIClient
- func (c *APIClient) AdminService() *AdminService
- func (c *APIClient) AuthService() *AuthService
- func (c *APIClient) Call(ctx context.Context, method, requestPath string, body interface{}, ...) (*http.Response, error)
- func (c *APIClient) CallRequireOK(ctx context.Context, method, requestPath string, body interface{}, ...) (*http.Response, error)
- func (c *APIClient) IssuerAddress() string
- func (c *APIClient) PathPrefix() string
- func (c *APIClient) RealmProvider() RealmProvider
- func (c *APIClient) RequestAccessToken(ctx context.Context, request *http.Request, claimsType jwt.Claims) (*jwt.Token, error)
- func (c *APIClient) RequireAllContextValues(ctx context.Context) (context.Context, error)
- func (c *APIClient) RequireRealm(ctx context.Context) (context.Context, error)
- func (c *APIClient) RequireToken(ctx context.Context) (context.Context, error)
- func (c *APIClient) TokenParser() TokenParser
- func (c *APIClient) TokenProvider() TokenProvider
- type APIClientConfig
- type AdminClientRoleCompositesService
- type AdminClientRolesService
- func (rs *AdminClientRolesService) CompositesService(roleName string) *AdminClientRoleCompositesService
- func (rs *AdminClientRolesService) Create(ctx context.Context, role *Role) ([]string, error)
- func (rs *AdminClientRolesService) Delete(ctx context.Context, roleName string) error
- func (rs *AdminClientRolesService) Get(ctx context.Context, roleName string) (*Role, error)
- func (rs *AdminClientRolesService) List(ctx context.Context) (Roles, error)
- func (rs *AdminClientRolesService) Update(ctx context.Context, roleName string, role *Role) error
- func (rs *AdminClientRolesService) Users(ctx context.Context, roleName string, first, max int) (Users, error)
- type AdminClientsService
- func (cs *AdminClientsService) Create(ctx context.Context, client *ClientCreate) ([]string, error)
- func (cs *AdminClientsService) Delete(ctx context.Context, clientID string) error
- func (cs *AdminClientsService) Get(ctx context.Context, clientID string) (*Client, error)
- func (cs *AdminClientsService) List(ctx context.Context, clientID string, viewableOnly bool) (Clients, error)
- func (cs *AdminClientsService) RolesService(clientID string) *AdminClientRolesService
- func (cs *AdminClientsService) Update(ctx context.Context, clientID string, client *Client) error
- type AdminGroupsService
- func (gs *AdminGroupsService) Count(ctx context.Context, search string, top bool) (int, error)
- func (gs *AdminGroupsService) Create(ctx context.Context, group GroupCreate) ([]string, error)
- func (gs *AdminGroupsService) Delete(ctx context.Context, groupID string) error
- func (gs *AdminGroupsService) Get(ctx context.Context, groupID string) (*Group, error)
- func (gs *AdminGroupsService) List(ctx context.Context, search string, first, max int) (Groups, error)
- func (gs *AdminGroupsService) Members(ctx context.Context, groupID string) (Users, error)
- func (gs *AdminGroupsService) Update(ctx context.Context, groupID string, group Group) error
- type AdminRoleCompositesService
- func (rcs *AdminRoleCompositesService) Add(ctx context.Context, roles Roles) error
- func (rcs *AdminRoleCompositesService) ClientRoles(ctx context.Context, clientName string) (Roles, error)
- func (rcs *AdminRoleCompositesService) List(ctx context.Context) (Roles, error)
- func (rcs *AdminRoleCompositesService) RealmRoles(ctx context.Context) (Roles, error)
- func (rcs *AdminRoleCompositesService) Remove(ctx context.Context, roles Roles) error
- type AdminRolesService
- func (rs *AdminRolesService) CompositesService(roleName string) *AdminRoleCompositesService
- func (rs *AdminRolesService) Create(ctx context.Context, role *Role) ([]string, error)
- func (rs *AdminRolesService) Delete(ctx context.Context, roleName string) error
- func (rs *AdminRolesService) Get(ctx context.Context, roleName string) (*Role, error)
- func (rs *AdminRolesService) List(ctx context.Context) (Roles, error)
- func (rs *AdminRolesService) Update(ctx context.Context, roleName string, role *Role) error
- type AdminService
- func (k AdminService) ClientEntitlement(ctx context.Context, clientID string, claimsType jwt.Claims) (*jwt.Token, error)
- func (k *AdminService) ClientRoleCompositesService(clientID, roleName string) *AdminClientRoleCompositesService
- func (k *AdminService) ClientRolesService(clientID string) *AdminClientRolesService
- func (k *AdminService) ClientsService() *AdminClientsService
- func (k *AdminService) GroupsService() *AdminGroupsService
- func (k AdminService) OpenIDConfiguration(ctx context.Context) (*OpenIDConfiguration, error)
- func (k AdminService) OpenIDConnectToken(ctx context.Context, req OpenIDConnectTokenRequest) (*OpenIDConnectToken, error)
- func (k AdminService) ParseToken(ctx context.Context, rawToken string, claimsType jwt.Claims) (*jwt.Token, error)
- func (k AdminService) RealmIssuerConfiguration(ctx context.Context) (*RealmIssuerConfiguration, error)
- func (k *AdminService) RoleCompositesService(roleName string) *AdminRoleCompositesService
- func (k *AdminService) RolesService() *AdminRolesService
- func (k AdminService) UMA2Configuration(ctx context.Context) (*UMA2Configuration, error)
- func (k *AdminService) UserGroupsService(userID string) *AdminUserGroupsService
- func (k *AdminService) UserRoleMappingRealmsService(userID string) *AdminUserRoleMappingRealmsService
- func (k *AdminService) UserRoleMappingsService(userID string) *AdminUserRoleMappingsService
- func (k *AdminService) UsersService() *AdminUsersService
- type AdminUserGroupsService
- type AdminUserRoleMappingRealmsService
- type AdminUserRoleMappingsService
- type AdminUsersService
- func (us *AdminUsersService) Count(ctx context.Context) (int, error)
- func (us *AdminUsersService) Create(ctx context.Context, user *UserCreate) ([]string, error)
- func (us *AdminUsersService) Delete(ctx context.Context, userID string) error
- func (us *AdminUsersService) Get(ctx context.Context, userID string) (*User, error)
- func (us *AdminUsersService) GroupsService(userID string) *AdminUserGroupsService
- func (us *AdminUsersService) List(ctx context.Context, email, firstName, lastName, username, search string, ...) (Users, error)
- func (us *AdminUsersService) RoleMappingService(userID string) *AdminUserRoleMappingsService
- func (us *AdminUsersService) Update(ctx context.Context, userID string, user *User) error
- type AuthService
- func (k AuthService) ClientEntitlement(ctx context.Context, clientID string, claimsType jwt.Claims) (*jwt.Token, error)
- func (k AuthService) OpenIDConfiguration(ctx context.Context) (*OpenIDConfiguration, error)
- func (k AuthService) OpenIDConnectToken(ctx context.Context, req OpenIDConnectTokenRequest) (*OpenIDConnectToken, error)
- func (k AuthService) ParseToken(ctx context.Context, rawToken string, claimsType jwt.Claims) (*jwt.Token, error)
- func (k AuthService) RealmIssuerConfiguration(ctx context.Context) (*RealmIssuerConfiguration, error)
- func (k AuthService) UMA2Configuration(ctx context.Context) (*UMA2Configuration, error)
- type Client
- type ClientAccess
- type ClientAttributes
- type ClientCreate
- type ClientProtocolMapper
- type ClientProtocolMapperConfig
- type Clients
- type ConfidentialClientTokenProvider
- func (tp *ConfidentialClientTokenProvider) Expired() bool
- func (tp *ConfidentialClientTokenProvider) Expiry() int64
- func (tp *ConfidentialClientTokenProvider) LastRefreshed() int64
- func (tp *ConfidentialClientTokenProvider) RefreshToken(ctx context.Context, client *APIClient) error
- func (tp *ConfidentialClientTokenProvider) SetTokenValue(ctx context.Context, client *APIClient) (context.Context, error)
- type ConfidentialClientTokenProviderConfig
- type ConfigMutator
- type DebugConfig
- type EnvironmentIssuerProvider
- type EventsResponse
- type EventsResponseDetails
- type Group
- type GroupAccess
- type GroupCreate
- type Groups
- type ImpersonationRequest
- type ImpersonationResponse
- type InstallDocument
- type IssuerProvider
- type KeyValuesMap
- type OpenIDConfiguration
- type OpenIDConnectToken
- type OpenIDConnectTokenRequest
- type Permission
- type PermissionConfig
- type PermissionMap
- type PermissionScope
- type Policies
- type Policy
- type PolicyConfig
- type PolicyMap
- type PublicKeyCache
- type Realm
- type RealmAttributes
- type RealmBrowserSecurityHeaders
- type RealmIdentityProvider
- type RealmIdentityProviderConfig
- type RealmIdentityProviders
- type RealmIssuerConfiguration
- type RealmProvider
- type RealmSMTPServer
- type Request
- type RequestMutator
- type Resource
- type ResourceMap
- type ResourceOwner
- type ResourceScope
- type ResourceScopes
- type ResourceServer
- type Resources
- type Role
- type RoleMap
- type RoleMapping
- type Roles
- type Scope
- type ScopeMap
- type Scopes
- type StaticIssuerProvider
- type StaticRealmProvider
- type Time
- type TimedPublicKeyCache
- func (pkc *TimedPublicKeyCache) Flush()
- func (pkc *TimedPublicKeyCache) List() map[string]map[string]time.Time
- func (pkc *TimedPublicKeyCache) Load(issuerHost, realm string) (interface{}, bool)
- func (pkc *TimedPublicKeyCache) Remove(issuerHost, realm string) bool
- func (pkc *TimedPublicKeyCache) Store(issuerHost, realm string, pk interface{}, ttl time.Duration)
- type TokenParser
- type TokenProvider
- type UMA2Configuration
- type User
- type UserAccess
- type UserCreate
- type Users
- type ValuedParameterFormatterFunc
- type X509TokenParser
Constants ¶
const ( // API Context value keys ContextKeyIssuerAddress = "issuer_address" ContextKeyToken = "token" ContextKeyRealm = "keycloak_realm" // config defaults for DefaultPathPrefix = "auth" DefaultPublicKeyCacheTTL = 24 * time.Hour )
const ( ParameterDestinationQuery = "query" ParameterDestinationHeader = "header" )
const ( // DefaultTokenExpirationMargin will be used if you do not specify your own ExpiryMargin key in the config DefaultTokenExpirationMargin = 2 * time.Second )
Variables ¶
This section is empty.
Functions ¶
func BackgroundRealmContext ¶
BackgroundRealmContext will return a context with a background parent, adding the appropriate realm key
func BackgroundRealmTokenContext ¶
BackgroundRealmTokenContext will return a context with a background parent, adding the appropriate realm and token keys
func BackgroundTokenContext ¶
BackgroundTokenContext will return a context with a background parent, adding the appropriate token key
func ContextIssuerAddress ¶
ContextIssuerAddress attempts to extract and return the provided context's issuer address. This is rarely used.
func ContextRealm ¶
ContextRealm attempts to extract and return the provided context's realm key value
func ContextToken ¶
ContextToken attempts to extract and return the provided context's token key value
func DefaultValuedParameterFormatter ¶
DefaultValuedParameterFormatter provides some baseline value-to-string conversions, skipping zero-vals.
func DefaultZerologLogger ¶
DefaultZerologLogger returns a default logger to be used with this package. No guarantee is made of consistency between releases.
func FlushGlobalPublicKeyCache ¶
func FlushGlobalPublicKeyCache()
FlushGlobalPublicKeyCache will immediately flush all entries in the global public key cache, blocking until they have been successfully flushed.
func IssuerAddressContext ¶
IssuerAddressContext will return a new context chained from the provided parent with the appropriate issuer address key set
func RealmContext ¶
RealmContext will create a new context chained from the provided parent with the appropriate realm key set
func RealmContextWithTimeout ¶
func RealmContextWithTimeout(parent context.Context, realm string, ttl time.Duration) (context.Context, context.CancelFunc)
RealmContextWithTimeout will return a new context and cancel func with the realm value key defined and the provided ttl set as the timeout
func RealmTokenContext ¶
RealmTokenContext will return a new context chained from the provided parent with both realm and token keys set
func RealmTokenContextWithTimeout ¶
func RealmTokenContextWithTimeout(parent context.Context, realm, token string, ttl time.Duration) (context.Context, context.CancelFunc)
RealmTokenContextWithTimeout will return a new context and cancel func with the realm and token value keys defined, and the provided ttl set as the timeout
func RequestBearerToken ¶
RequestBearerToken attempts to extract the encoded "Bearer" token from the provided requests "Authorization" header
func SetGlobalPublicKeyCacheLogger ¶
SetGlobalPublicKeyCacheLogger allows you to specify a different logger for the global public key cache instance
func TokenContext ¶
TokenContext will create a new context chained from the provided parent with the appropriate token key set
Types ¶
type APIClient ¶
type APIClient struct {
// contains filtered or unexported fields
}
APIClient
The APIClient is the root of the entire package.
func NewAPIClient ¶
func NewAPIClient(config *APIClientConfig, mutators ...ConfigMutator) (*APIClient, error)
NewAPIClient will attempt to construct and return a APIClient to you
func NewAPIClientWithIssuerAddress ¶
func NewAPIClientWithIssuerAddress(issuerAddress string, mutators ...ConfigMutator) (*APIClient, error)
NewAPIClientWithIssuerAddress is a shortcut constructor that only requires you provide the address of the keycloak instance this client will be executing calls against
func (*APIClient) AdminService ¶
func (c *APIClient) AdminService() *AdminService
AdminService contains modeled api calls for admin API requests
func (*APIClient) AuthService ¶
func (c *APIClient) AuthService() *AuthService
AuthService contains modeled api calls for auth API requests
func (*APIClient) Call ¶
func (c *APIClient) Call(ctx context.Context, method, requestPath string, body interface{}, mutators ...RequestMutator) (*http.Response, error)
Call will attempt to execute an arbitrary request against the issuer provided at client creation
All API requests flow through this method.
It does the following in this order:
Compiles full URL against client issuer with provided request path
Constructs *http.Request from provided variables
Executes, in order, any and all provided RequestMutators
Executes request using internal *http.APIClient instance
Parameters: - ctx: This must be provided by you. This call only directly optionally requires token values - method: This must be an HTTP request method (GET, POST, PUT, etc.) - requestPath: This must be the API request path relative to the root of the IssuerHostname provided at client construction (i.e. "/auth/admin/realms/customer/groups/") - body: This must either be nil, an io.Reader implementation, or a json-serializable type that will be set as the body of the constructed *http.Request - mutators: This may be zero or more funcs adhering to the RequestMutator type. These funcs will be executed in order provided.
Response: - *http.Response: The raw HTTP response seen. Body will NOT have been read by this point. - error: Any error seen during the execution of this func.
func (*APIClient) CallRequireOK ¶
func (c *APIClient) CallRequireOK(ctx context.Context, method, requestPath string, body interface{}, mutators ...RequestMutator) (*http.Response, error)
CallRequireOK is a convenience method that will return an error if the seen response code was anything other than 200 OK. If the response was OK and the "model" parameter was defined, it will attempt to json.Unmarshal the response body into this model.
func (*APIClient) IssuerAddress ¶
IssuerAddress will return the address of the issuer this client is targeting
func (*APIClient) PathPrefix ¶
func (*APIClient) RealmProvider ¶
func (c *APIClient) RealmProvider() RealmProvider
RealmProvider will return the RealmProvider defined at client construction
func (*APIClient) RequestAccessToken ¶
func (c *APIClient) RequestAccessToken(ctx context.Context, request *http.Request, claimsType jwt.Claims) (*jwt.Token, error)
RequestAccessToken attempts to extract the encoded bearer token from the provided request and parse it into a modeled access token type
func (*APIClient) RequireAllContextValues ¶
func (*APIClient) RequireRealm ¶
func (*APIClient) RequireToken ¶
func (*APIClient) TokenParser ¶
func (c *APIClient) TokenParser() TokenParser
TokenParser will return the token parser defined at client construction
func (*APIClient) TokenProvider ¶
func (c *APIClient) TokenProvider() TokenProvider
TokenProvider will return the TokenProvider defined at client construction
type APIClientConfig ¶
type APIClientConfig struct { // IssuerProvider [optional] // // The IssuerProvider is called ONCE during client construction to determine the address of the instance // to connect to. It is never called again, and no reference to it is kept in the client. // // If left blank, a provider will be created that will attempt to fetch the issuer address from Consul via the kv // path defined by the DefaultTokenIssuer constant in this package. // // See "provider_issuer.go" for available providers. IssuerProvider IssuerProvider // RealmProvider [optional] // // The RealmProvider will be called on a per-request basis, depending on if that request needs to have the realm // injected into the context. // // This is used in a few key ways: // - Public Key retrieval and caching // - URL construction (i.e. /auth/realms/{realm}/.well-known/openid-configuration) // - Token validation // // The above is not a comprehensive list, but generally speaking the overwhelming majority of requests require the // realm value to defined. // // See "provider_realm.go" for implementation details. If you construct a config using DefaultAPIClientConfig(), // you will be expected to provide a context with the realm already defined with each request RealmProvider RealmProvider // TokenProvider [optional] // // The TokenProvider will be called on a per-request basis, as it is needed. Not all requests require a bearer // token. For example, the OpenID Configuration and Realm Issuer Configuration endpoints are open and simply // require a Realm value. // // As a general rule, however, all "admin" endpoints (i.e. /auth/admin/realms/{realm}/users) will require // a token. // // See "token_provider.go" for implementation details. If you construct a config using DefaultAPIClientConfig(), // you will be expected to provide a context with a token already defined with each request TokenProvider TokenProvider // TokenParser [optional] // // The TokenParser will be called any time the client needs a realm's public key. This is primarily used to // validate access and bearer tokens TokenParser TokenParser // PathPrefix [optional] // // URL Path prefix. Defaults to value of DefaultPathPrefix. PathPrefix string // HTTPClient [optional] // // Set if you wish to use a specific http client configuration. Otherwise, one will be created using // cleanhttp.DefaultClient() HTTPClient *http.Client // Logger [optional] // // Optionally provide a logger instance to use Logger zerolog.Logger // Debug [optional] // // Optional configurations aimed to ease debugging Debug *DebugConfig }
APIClientConfig
This is the configuration container for a APIClient. See individual comments on fields for more details.
func DefaultAPIClientConfig ¶
func DefaultAPIClientConfig() *APIClientConfig
DefaultAPIClientConfig will return a config populated with useful default values where the realm and token are expected to be manually defined in the context provided to each request.
func DefaultAPIClientConfigWithRealm ¶
func DefaultAPIClientConfigWithRealm(realm string) *APIClientConfig
DefaultAPIClientConfigWithRealm returns a new config with all defaults except that the RealmProvider is replaced with a StaticRealmProvider
type AdminClientRoleCompositesService ¶
type AdminClientRoleCompositesService struct {
// contains filtered or unexported fields
}
func NewAdminClientRoleCompositesService ¶
func NewAdminClientRoleCompositesService(kas *AdminService, clientID, roleName string) *AdminClientRoleCompositesService
func (*AdminClientRoleCompositesService) Add ¶
func (crs *AdminClientRoleCompositesService) Add(ctx context.Context, roles Roles) error
Add attempts to add the specified role to the provided composite roles
type AdminClientRolesService ¶
type AdminClientRolesService struct {
// contains filtered or unexported fields
}
AdminClientRolesService contains all the methods needed to manage roles associated with a given client
func NewAdminClientRolesService ¶
func NewAdminClientRolesService(kas *AdminService, clientID string) *AdminClientRolesService
NewAdminClientRolesService returns a new AdminClientRolesService use to manage roles associated with the provided client id
func (*AdminClientRolesService) CompositesService ¶
func (rs *AdminClientRolesService) CompositesService(roleName string) *AdminClientRoleCompositesService
func (*AdminClientRolesService) Create ¶
Create attempts to create a new role for the provided client
func (*AdminClientRolesService) Delete ¶
func (rs *AdminClientRolesService) Delete(ctx context.Context, roleName string) error
Delete attempts to delete the specified role
func (*AdminClientRolesService) Get ¶
Get attempts to locate a single role on a client by the role's name
func (*AdminClientRolesService) List ¶
func (rs *AdminClientRolesService) List(ctx context.Context) (Roles, error)
List attempts to return all the roles defined with the provided client id
type AdminClientsService ¶
type AdminClientsService struct {
// contains filtered or unexported fields
}
func NewAdminClientsService ¶
func NewAdminClientsService(kas *AdminService) *AdminClientsService
func (*AdminClientsService) Create ¶
func (cs *AdminClientsService) Create(ctx context.Context, client *ClientCreate) ([]string, error)
Create attempts to create a new client within
func (*AdminClientsService) Delete ¶
func (cs *AdminClientsService) Delete(ctx context.Context, clientID string) error
Delete attempts to delete a client from the Realm this client was created with
func (*AdminClientsService) Get ¶
Get attempts to return details about a specific Get in the Realm this client was created with
func (*AdminClientsService) List ¶
func (cs *AdminClientsService) List(ctx context.Context, clientID string, viewableOnly bool) (Clients, error)
List attempts to return a list of all clients available in the Realm this client was created with
func (*AdminClientsService) RolesService ¶
func (cs *AdminClientsService) RolesService(clientID string) *AdminClientRolesService
RolesService returns a new AdminClientRolesService use to manage roles associated with the provided client id
type AdminGroupsService ¶
type AdminGroupsService struct {
// contains filtered or unexported fields
}
func NewAdminGroupsService ¶
func NewAdminGroupsService(kas *AdminService) *AdminGroupsService
func (*AdminGroupsService) Count ¶
Count attempts to return a count of the total number of groups present in
func (*AdminGroupsService) Create ¶
func (gs *AdminGroupsService) Create(ctx context.Context, group GroupCreate) ([]string, error)
Create attempts to push a new group into , returning to you the ID of the newly created group.
func (*AdminGroupsService) Delete ¶
func (gs *AdminGroupsService) Delete(ctx context.Context, groupID string) error
Delete attempts to delete a group from
func (*AdminGroupsService) Get ¶
Get attempts to retrieve details of a specific group within the realm this client was created with
func (*AdminGroupsService) List ¶
func (gs *AdminGroupsService) List(ctx context.Context, search string, first, max int) (Groups, error)
List attempts to return to you a list of all the groups within the Realm this client was created with
type AdminRoleCompositesService ¶
type AdminRoleCompositesService struct {
// contains filtered or unexported fields
}
func NewAdminRoleCompositesService ¶
func NewAdminRoleCompositesService(kas *AdminService, roleName string) *AdminRoleCompositesService
func (*AdminRoleCompositesService) Add ¶
func (rcs *AdminRoleCompositesService) Add(ctx context.Context, roles Roles) error
func (*AdminRoleCompositesService) ClientRoles ¶
func (*AdminRoleCompositesService) List ¶
func (rcs *AdminRoleCompositesService) List(ctx context.Context) (Roles, error)
func (*AdminRoleCompositesService) RealmRoles ¶
func (rcs *AdminRoleCompositesService) RealmRoles(ctx context.Context) (Roles, error)
type AdminRolesService ¶
type AdminRolesService struct {
// contains filtered or unexported fields
}
func NewAdminRolesService ¶
func NewAdminRolesService(kas *AdminService) *AdminRolesService
func (*AdminRolesService) CompositesService ¶
func (rs *AdminRolesService) CompositesService(roleName string) *AdminRoleCompositesService
func (*AdminRolesService) Delete ¶
func (rs *AdminRolesService) Delete(ctx context.Context, roleName string) error
type AdminService ¶
type AdminService struct {
// contains filtered or unexported fields
}
AdminService is the container for all modeled API calls that hit the /admin/{realm}/... series of endpoints in
func NewAdminService ¶
func NewAdminService(c *APIClient) *AdminService
NewAdminService will return to you a new realm admin service that also contains base modeled api calls.
func (AdminService) ClientEntitlement ¶
func (k AdminService) ClientEntitlement(ctx context.Context, clientID string, claimsType jwt.Claims) (*jwt.Token, error)
ClientEntitlement will attempt to call the pre-uma2 entitlement endpoint to return a Requesting Party Token containing details about what aspects of the provided clientID the token for this request has access to, if any. DEPRECATED: use the newer introspection workflow for instances newer than 3.4
func (*AdminService) ClientRoleCompositesService ¶
func (k *AdminService) ClientRoleCompositesService(clientID, roleName string) *AdminClientRoleCompositesService
func (*AdminService) ClientRolesService ¶
func (k *AdminService) ClientRolesService(clientID string) *AdminClientRolesService
func (*AdminService) ClientsService ¶
func (k *AdminService) ClientsService() *AdminClientsService
List returns a new admin clients service instance
func (*AdminService) GroupsService ¶
func (k *AdminService) GroupsService() *AdminGroupsService
func (AdminService) OpenIDConfiguration ¶
func (k AdminService) OpenIDConfiguration(ctx context.Context) (*OpenIDConfiguration, error)
OpenIDConfiguration returns OpenID Configuration metadata about a realm in the instance being connected to. This endpoint exists across both 3.4 and newer versions of .
func (AdminService) OpenIDConnectToken ¶
func (k AdminService) OpenIDConnectToken(ctx context.Context, req OpenIDConnectTokenRequest) (*OpenIDConnectToken, error)
OpenIDConnectToken is the starting point for all authorization requests
func (AdminService) ParseToken ¶
func (k AdminService) ParseToken(ctx context.Context, rawToken string, claimsType jwt.Claims) (*jwt.Token, error)
ParseToken will attempt to parse and validate a raw token into a modeled type. If this method does not return an error, you can safely assume the provided raw token is safe for use.
func (AdminService) RealmIssuerConfiguration ¶
func (k AdminService) RealmIssuerConfiguration(ctx context.Context) (*RealmIssuerConfiguration, error)
RealmIssuerConfiguration returns metadata about the instance being connected to, such as the public key for token signing
func (*AdminService) RoleCompositesService ¶
func (k *AdminService) RoleCompositesService(roleName string) *AdminRoleCompositesService
func (*AdminService) RolesService ¶
func (k *AdminService) RolesService() *AdminRolesService
func (AdminService) UMA2Configuration ¶
func (k AdminService) UMA2Configuration(ctx context.Context) (*UMA2Configuration, error)
UMA2Configuration returns UMA2 configuration metadata about a realm in the instance being connected to. This endpoint only exists in versions of newer than 4
func (*AdminService) UserGroupsService ¶
func (k *AdminService) UserGroupsService(userID string) *AdminUserGroupsService
func (*AdminService) UserRoleMappingRealmsService ¶
func (k *AdminService) UserRoleMappingRealmsService(userID string) *AdminUserRoleMappingRealmsService
func (*AdminService) UserRoleMappingsService ¶
func (k *AdminService) UserRoleMappingsService(userID string) *AdminUserRoleMappingsService
func (*AdminService) UsersService ¶
func (k *AdminService) UsersService() *AdminUsersService
type AdminUserGroupsService ¶
type AdminUserGroupsService struct {
// contains filtered or unexported fields
}
func NewAdminUserGroupsService ¶
func NewAdminUserGroupsService(kas *AdminService, userID string) *AdminUserGroupsService
func (*AdminUserGroupsService) Add ¶
func (gs *AdminUserGroupsService) Add(ctx context.Context, groupID string) error
Add attempts to add the service user to the specified group
type AdminUserRoleMappingRealmsService ¶
type AdminUserRoleMappingRealmsService struct {
// contains filtered or unexported fields
}
func NewAdminUserRoleMappingRealmsService ¶
func NewAdminUserRoleMappingRealmsService(kas *AdminService, userID string) *AdminUserRoleMappingRealmsService
type AdminUserRoleMappingsService ¶
type AdminUserRoleMappingsService struct {
// contains filtered or unexported fields
}
func NewAdminUserRoleMappingsService ¶
func NewAdminUserRoleMappingsService(kas *AdminService, userID string) *AdminUserRoleMappingsService
func (*AdminUserRoleMappingsService) Get ¶
func (rms *AdminUserRoleMappingsService) Get(ctx context.Context) (*RoleMapping, error)
func (*AdminUserRoleMappingsService) RealmsService ¶
func (rms *AdminUserRoleMappingsService) RealmsService() *AdminUserRoleMappingRealmsService
type AdminUsersService ¶
type AdminUsersService struct {
// contains filtered or unexported fields
}
func NewAdminUsersService ¶
func NewAdminUsersService(kas *AdminService) *AdminUsersService
func (*AdminUsersService) Count ¶
func (us *AdminUsersService) Count(ctx context.Context) (int, error)
Count attempts to get a count of all users currently in a keycloak realm
func (*AdminUsersService) Create ¶
func (us *AdminUsersService) Create(ctx context.Context, user *UserCreate) ([]string, error)
Create attempts to add a user to a keycloak realm
func (*AdminUsersService) Delete ¶
func (us *AdminUsersService) Delete(ctx context.Context, userID string) error
Delete attempts to delete a user from the keycloak realm
func (*AdminUsersService) GroupsService ¶
func (us *AdminUsersService) GroupsService(userID string) *AdminUserGroupsService
func (*AdminUsersService) List ¶
func (us *AdminUsersService) List(ctx context.Context, email, firstName, lastName, username, search string, first, max int) (Users, error)
List attempts to retrieve a list of users from
func (*AdminUsersService) RoleMappingService ¶
func (us *AdminUsersService) RoleMappingService(userID string) *AdminUserRoleMappingsService
type AuthService ¶
type AuthService struct {
// contains filtered or unexported fields
}
func NewAuthService ¶
func NewAuthService(client *APIClient) *AuthService
func (AuthService) ClientEntitlement ¶
func (k AuthService) ClientEntitlement(ctx context.Context, clientID string, claimsType jwt.Claims) (*jwt.Token, error)
ClientEntitlement will attempt to call the pre-uma2 entitlement endpoint to return a Requesting Party Token containing details about what aspects of the provided clientID the token for this request has access to, if any. DEPRECATED: use the newer introspection workflow for instances newer than 3.4
func (AuthService) OpenIDConfiguration ¶
func (k AuthService) OpenIDConfiguration(ctx context.Context) (*OpenIDConfiguration, error)
OpenIDConfiguration returns OpenID Configuration metadata about a realm in the instance being connected to. This endpoint exists across both 3.4 and newer versions of .
func (AuthService) OpenIDConnectToken ¶
func (k AuthService) OpenIDConnectToken(ctx context.Context, req OpenIDConnectTokenRequest) (*OpenIDConnectToken, error)
OpenIDConnectToken is the starting point for all authorization requests
func (AuthService) ParseToken ¶
func (k AuthService) ParseToken(ctx context.Context, rawToken string, claimsType jwt.Claims) (*jwt.Token, error)
ParseToken will attempt to parse and validate a raw token into a modeled type. If this method does not return an error, you can safely assume the provided raw token is safe for use.
func (AuthService) RealmIssuerConfiguration ¶
func (k AuthService) RealmIssuerConfiguration(ctx context.Context) (*RealmIssuerConfiguration, error)
RealmIssuerConfiguration returns metadata about the instance being connected to, such as the public key for token signing
func (AuthService) UMA2Configuration ¶
func (k AuthService) UMA2Configuration(ctx context.Context) (*UMA2Configuration, error)
UMA2Configuration returns UMA2 configuration metadata about a realm in the instance being connected to. This endpoint only exists in versions of newer than 4
type Client ¶
type Client struct { ID string `json:"id"` ClientID string `json:"clientId"` Name string `json:"name"` Description string `json:"description"` SurrogateAuthRequired bool `json:"surrogateAuthRequired"` Enabled bool `json:"enabled"` ClientAuthenticatorType string `json:"clientAuthenticatorType"` RedirectUris []string `json:"redirectUris"` WebOrigins []string `json:"webOrigins"` NotBefore int `json:"notBefore"` BearerOnly bool `json:"bearerOnly"` ConsentRequired bool `json:"consentRequired"` StandardFlowEnabled bool `json:"standardFlowEnabled"` ImplicitFlowEnabled bool `json:"implicitFlowEnabled"` DirectAccessGrantsEnabled bool `json:"directAccessGrantsEnabled"` ServiceAccountsEnabled bool `json:"serviceAccountsEnabled"` AuthorizationServicesEnabled bool `json:"authorizationServicesEnabled"` PublicClient bool `json:"publicClient"` FrontchannelLogout bool `json:"frontchannelLogout"` Protocol string `json:"protocol"` Attributes ClientAttributes `json:"attributes"` FullScopeAllowed bool `json:"fullScopeAllowed"` NodeReRegistrationTimeout int `json:"nodeReRegistrationTimeout"` ProtocolMappers []*ClientProtocolMapper `json:"protocolMappers"` UseTemplateConfig bool `json:"useTemplateConfig"` UseTemplateScope bool `json:"useTemplateScope"` UseTemplateMappers bool `json:"useTemplateMappers"` Access *ClientAccess `json:"access"` }
type ClientAccess ¶
type ClientAttributes ¶
type ClientCreate ¶
type ClientCreate struct { Attributes ClientAttributes `json:"attributes"` ClientID string `json:"clientId"` Enabled bool `json:"enabled"` Protocol string `json:"protocol"` RedirectUris []string `json:"redirectUris"` }
type ClientProtocolMapper ¶
type ClientProtocolMapper struct { Config *ClientProtocolMapperConfig `json:"config"` ConsentRequired bool `json:"consentRequired"` ConsentText string `json:"consentText"` ID string `json:"id"` Name string `json:"name"` Protocol string `json:"protocol"` ProtocolMapper string `json:"protocolMapper"` }
type ClientProtocolMapperConfig ¶
type ClientProtocolMapperConfig struct { AccessTokenClaim string `json:"access.token.claim"` ClaimName string `json:"claim.name"` IDTokenClaim string `json:"id.token.claim"` JSONTypeLabel string `json:"jsonType.label"` UserAttribute string `json:"user.attribute"` UserInfoTokenClaim string `json:"userinfo.token.claim"` }
type ConfidentialClientTokenProvider ¶
type ConfidentialClientTokenProvider struct {
// contains filtered or unexported fields
}
ConfidentialClientTokenProvider
This provider implements the TokenProviderClientAware interface, and is designed to take care of the complexity of managing a confidential client token for you.
Easiest way to implement would be the following:
conf := keycloak.ConfidentialClientTokenProviderConfig { ID: {id document} } tp, err := keycloak.NewConfidentialClientTokenProvider(&conf) if err != nil { panic(err.Error()) } apiClient, err := keycloak.NewAPIClient(&keycloak.APIClientConfig{TokenProvider: tp})
Now, every request called off of the APIClient will be automatically decorated with the correct bearer token, assuming your install document is valid.
func NewConfidentialClientTokenProvider ¶
func NewConfidentialClientTokenProvider(conf *ConfidentialClientTokenProviderConfig) (*ConfidentialClientTokenProvider, error)
NewConfidentialClientTokenProvider will attempt to construct a new ConfidentialClientTokenProvider for you based on the provided configuration.
func (*ConfidentialClientTokenProvider) Expired ¶
func (tp *ConfidentialClientTokenProvider) Expired() bool
Expired will return true if the currently stored token has expired
func (*ConfidentialClientTokenProvider) Expiry ¶
func (tp *ConfidentialClientTokenProvider) Expiry() int64
Expiry returns a unix nano timestamp of when the current token, if defined, expires.
func (*ConfidentialClientTokenProvider) LastRefreshed ¶
func (tp *ConfidentialClientTokenProvider) LastRefreshed() int64
LastRefreshed returns a unix nano timestamp of the last time this client's bearer token was refreshed.
func (*ConfidentialClientTokenProvider) RefreshToken ¶
func (tp *ConfidentialClientTokenProvider) RefreshToken(ctx context.Context, client *APIClient) error
RefreshToken will try to do just that.
func (*ConfidentialClientTokenProvider) SetTokenValue ¶
func (tp *ConfidentialClientTokenProvider) SetTokenValue(ctx context.Context, client *APIClient) (context.Context, error)
SetTokenValue will first attempt to use the locally cached last-known-good token. If not defined or beyond the expiration window, it will call RefreshToken before attempting to set the context token value.
type ConfidentialClientTokenProviderConfig ¶
type ConfidentialClientTokenProviderConfig struct { // ID [optional] (required if IDKey left blank) // // If you already have a confidential client install document handy, you may pass it in here. ID *InstallDocument `json:"id"` // ExpiryMargin [optional] // // The margin of safety prior to the actual deadline of the internal token to go ahead and execute a refresh ExpiryMargin time.Duration `json:"expiryMargin"` }
ConfidentialClientTokenProviderConfig must be provided to a new ConfidentialClientTokenProvider upon construction
type ConfigMutator ¶
type ConfigMutator func(*APIClientConfig)
ConfigMutator
ConfigMutator provides some flexibility when constructing a client
type DebugConfig ¶
type DebugConfig struct { // BaseRequestMutators [optional] // // Optional list of request mutators that will always be run before any other mutators BaseRequestMutators []RequestMutator // FinalRequestMutators [optional] // // Optional list of request mutators that will always be run after any other mutators FinalRequestMutators []RequestMutator }
DebugConfig
This type contains configuration options that provide additional utility during testing or development, but should not be configured when in production use.
type EnvironmentIssuerProvider ¶
type EnvironmentIssuerProvider struct {
// contains filtered or unexported fields
}
func NewEnvironmentIssuerProvider ¶
func NewEnvironmentIssuerProvider(varName string, insecure bool) *EnvironmentIssuerProvider
NewEnvironmentIssuerProvider will attempt to read the specified variable from the environment
func (*EnvironmentIssuerProvider) IssuerAddress ¶
func (ip *EnvironmentIssuerProvider) IssuerAddress() (string, error)
IssuerAddress will attempt to locate the environment variable set at construction time. If found, the value will be parsed as a url. Errors will be returned if the env var is not defined, is empty, or contains a non-url-parseable value.
type EventsResponse ¶
type EventsResponse struct { ClientID string `json:"clientId,omitempty"` Details *EventsResponseDetails `json:"details,omitempty"` Error string `json:"error,omitempty"` IPAddress string `json:"ipAddress,omitempty"` RealmID string `json:"realmId,omitempty"` Time int `json:"time,omitempty"` Type string `json:"type,omitempty"` UserID string `json:"userId,omitempty"` }
type EventsResponseDetails ¶
type Group ¶
type Group struct { Access GroupAccess `json:"access"` Attributes KeyValuesMap `json:"attributes"` ClientRoles KeyValuesMap `json:"clientRoles"` ID string `json:"id"` Name string `json:"name"` Path string `json:"path"` RealmRoles []string `json:"realmRoles"` SubGroups []*Group `json:"subGroups"` }
type GroupAccess ¶
type GroupCreate ¶
type GroupCreate struct {
Name string `json:"name"`
}
type ImpersonationRequest ¶
type ImpersonationResponse ¶
type InstallDocument ¶
type InstallDocument struct { Realm string `json:"realm"` AuthServerURL string `json:"auth-server-url"` SSLRequired string `json:"ssl-required"` Resource string `json:"resource"` Credentials map[string]string `json:"credentials"` }
Expect configuration in the json format offered from ks > client > installation
type IssuerProvider ¶
type IssuerProvider interface { // IssuerAddress must set the key defined by ContextKeyIssuerAddress in the context, returning a descriptive // error if it was unable to do so IssuerAddress() (string, error) }
IssuerProvider defines a single-use provider that is used during the APIClient construction process and then discarded. It must return a usable HTTP address to execute API calls against or an error describing why it couldn't.
This provider is used once, and no references to it are kept around in the resulting client instance.
type KeyValuesMap ¶
type OpenIDConfiguration ¶
type OpenIDConfiguration struct { Issuer string `json:"issuer"` AuthorizationEndpoint string `json:"authorization_endpoint"` TokenEndpoint string `json:"token_endpoint"` TokenIntrospectionEndpoint string `json:"token_introspection_endpoint"` UserinfoEndpoint string `json:"userinfo_endpoint"` EndSessionEndpoint string `json:"end_session_endpoint"` JwksURI string `json:"jwks_uri"` CheckSessionIframe string `json:"check_session_iframe"` GrantTypesSupported []string `json:"grant_types_supported"` ResponseTypesSupported []string `json:"response_types_supported"` SubjectTypesSupported []string `json:"subject_types_supported"` IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"` UserinfoSigningAlgValuesSupported []string `json:"userinfo_signing_alg_values_supported"` RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"` ResponseModesSupported []string `json:"response_modes_supported"` RegistrationEndpoint string `json:"registration_endpoint"` TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"` TokenEndpointAuthSigningAlgValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported"` ClaimsSupported []string `json:"claims_supported"` ClaimTypesSupported []string `json:"claim_types_supported"` ClaimsParameterSupported bool `json:"claims_parameter_supported"` ScopesSupported []string `json:"scopes_supported"` RequestParameterSupported bool `json:"request_parameter_supported"` RequestURIParameterSupported bool `json:"request_uri_parameter_supported"` }
type OpenIDConnectToken ¶
type OpenIDConnectToken struct { AccessToken string `json:"access_token"` ExpiresIn int `json:"expires_in"` RefreshExpiresIn int `json:"refresh_expires_in"` RefreshToken string `json:"refresh_token"` TokenType string `json:"token_type"` IdToken string `json:"id_token"` NotBeforePolicy int `json:"not_before_policy"` SessionState string `json:"session_state"` }
Token payload returned from the TokenEndpoint
type OpenIDConnectTokenRequest ¶
type OpenIDConnectTokenRequest struct { // GrantType [required] GrantType string `json:"grant_type,omitempty" url:"grant_type,omitempty"` // Permission [optional] - Request specific access to "Resource#scope[,scope...]" Permissions []string `json:"permission,omitempty" url:"permission,omitempty"` ClientID string `json:"client_id,omitempty" url:"client_id,omitempty"` ClientSecret string `json:"client_secret,omitempty" url:"client_secret,omitempty"` ClientAssertionType string `json:"client_assertion_type,omitempty" url:"client_assertion_type,omitempty"` ClientAssertion string `json:"client_assertion,omitempty" url:"client_assertion,omitempty"` SubjectToken string `json:"subject_token,omitempty" url:"subject_token,omitempty"` SubjectIssuer string `json:"subject_issuer,omitempty" url:"subject_issuer,omitempty"` SubjectTokenType string `json:"subject_token_type,omitempty" url:"subject_token_type,omitempty"` RequestedTokenType string `json:"requested_token_type,omitempty" url:"requested_token_type,omitempty"` Audience string `json:"audience,omitempty" url:"audience,omitempty"` RequestedIssuer string `json:"requested_issuer,omitempty" url:"requested_issuer,omitempty"` RequestedSubject string `json:"requested_subject,omitempty" url:"requested_subject,omitempty"` // RequestingPartyToken - todo: what exactly does this look like... RequestingPartyToken string `json:"rpt,omitempty" url:"rpt,omitempty"` ResponseIncludeResourceName *bool `json:"response_include_resource_name" url:"response_include_resource_name"` ResponsePermissionsLimit *int `json:"response_permissions_limit,omitempty" url:"response_permissions_limit,omitempty"` // ResponseMode [optional] - Allowed values: ["decision", "permissions"] ResponseMode string `json:"response_mode,omitempty" url:"response_mode,omitempty"` SubmitRequest *bool `json:"submit_request,omitempty" url:"submit_request,omitempty"` }
type Permission ¶
type Permission struct { ID string `json:"id"` Name string `json:"name"` Type string `json:"type"` Logic string `json:"logic"` DecisionStrategy string `json:"decisionStrategy"` Config PermissionConfig `json:"config"` Description string `json:"description,omitempty"` }
Permission is returned by the "PermissionPath" overview call
type PermissionMap ¶
type PermissionMap map[string]*Permission
type PermissionScope ¶
type PermissionScope struct { ID string `json:"id,omitempty"` Name string `json:"name,omitempty"` Description string `json:"description,omitempty"` Type string `json:"type,omitempty"` Policies []string `json:"policies,omitempty"` Resources []string `json:"resources,omitempty"` Scopes []string `json:"scopes,omitempty"` Logic string `json:"logic,omitempty"` DecisionStrategy string `json:"decisionStrategy,omitempty"` }
type Policy ¶
type Policy struct { ID string `json:"id,omitempty"` Name string `json:"name,omitempty"` Type string `json:"type,omitempty"` Logic string `json:"logic,omitempty"` DecisionStrategy string `json:"decisionStrategy,omitempty"` Config PolicyConfig `json:"config,omitempty"` Description string `json:"description,omitempty"` }
type PolicyConfig ¶
type PolicyConfig struct {
Roles Roles `json:"roles"`
}
func (*PolicyConfig) UnmarshalJSON ¶
func (conf *PolicyConfig) UnmarshalJSON(buf []byte) error
UnmarshalJSON is a custom decoder for the string-encoded json policy config payload
type PublicKeyCache ¶
type PublicKeyCache interface { // Load must attempt to retrieve a the processed public key for the issuer's realm Load(issuerHost, realm string) (interface{}, bool) // Store must attempt to persist the provided pk into cache for the specified duration. Any ttl value of 0 or less // must be considered "infinite" Store(issueHost, realm string, pk interface{}, ttl time.Duration) // Remove must immediately render a cached public key no longer usable. It must block until removal has been // completed. Remove(issuerHost, realm string) bool // List must return a list of all currently cached public key keys in a map with a structure of // {"issuer": {"realm1": time.Time(expiry)}} // if the returned time.Time instance is zero, then it must be assumed the entry will never expire. List() map[string]map[string]time.Time // Flush must immediately render all cached public keys defunct, blocking until cache has been flushed. Flush() }
PublicKeyCache
This type is used to store and retrieve processed public keys on a per-realm per-issuer basis, allowing for more efficient multi-realm functionality within the client
func GlobalPublicKeyCache ¶
func GlobalPublicKeyCache() PublicKeyCache
GlobalPublicKeyCache returns the instance of the global public key cache used by default when creating clients
func NewDebugPublicKeyCache ¶
func NewDebugPublicKeyCache() PublicKeyCache
NewDebugPublicKeyCache will return an implementation that ignores all TTL values, storing items indefinitely in an internal map. Recommended only for use during debugging.
type Realm ¶
type Realm struct { AccessCodeLifespan int `json:"accessCodeLifespan,omitempty"` AccessCodeLifespanLogin int `json:"accessCodeLifespanLogin,omitempty"` AccessCodeLifespanUserAction int `json:"accessCodeLifespanUserAction,omitempty"` AccessTokenLifespan int `json:"accessTokenLifespan,omitempty"` AccessTokenLifespanForImplicitFlow int `json:"accessTokenLifespanForImplicitFlow,omitempty"` AccountTheme string `json:"accountTheme,omitempty"` ActionTokenGeneratedByAdminLifespan int `json:"actionTokenGeneratedByAdminLifespan,omitempty"` ActionTokenGeneratedByUserLifespan int `json:"actionTokenGeneratedByUserLifespan,omitempty"` AdminEventsDetailsEnabled bool `json:"adminEventsDetailsEnabled,omitempty"` AdminEventsEnabled bool `json:"adminEventsEnabled,omitempty"` Attributes *RealmAttributes `json:"attributes,omitempty"` BrowserFlow string `json:"browserFlow,omitempty"` BrowserSecurityHeaders *RealmBrowserSecurityHeaders `json:"browserSecurityHeaders,omitempty"` BruteForceProtected bool `json:"bruteForceProtected,omitempty"` ClientAuthenticationFlow string `json:"clientAuthenticationFlow,omitempty"` DefaultRoles []string `json:"defaultRoles,omitempty"` DirectGrantFlow string `json:"directGrantFlow,omitempty"` DisplayName string `json:"displayName,omitempty"` DisplayNameHTML string `json:"displayNameHtml,omitempty"` DockerAuthenticationFlow string `json:"dockerAuthenticationFlow,omitempty"` DuplicateEmailsAllowed bool `json:"duplicateEmailsAllowed,omitempty"` EditUsernameAllowed bool `json:"editUsernameAllowed,omitempty"` Enabled bool `json:"enabled,omitempty"` EnabledEventTypes []string `json:"enabledEventTypes,omitempty"` EventsEnabled bool `json:"eventsEnabled,omitempty"` EventsExpiration int `json:"eventsExpiration,omitempty"` EventsListeners []string `json:"eventsListeners,omitempty"` FailureFactor int `json:"failureFactor,omitempty"` ID string `json:"id,omitempty"` IdentityProviders RealmIdentityProviders `json:"identityProviders,omitempty"` InternationalizationEnabled bool `json:"internationalizationEnabled,omitempty"` LoginTheme string `json:"loginTheme,omitempty"` LoginWithEmailAllowed bool `json:"loginWithEmailAllowed,omitempty"` MaxDeltaTimeSeconds int `json:"maxDeltaTimeSeconds,omitempty"` MaxFailureWaitSeconds int `json:"maxFailureWaitSeconds,omitempty"` MinimumQuickLoginWaitSeconds int `json:"minimumQuickLoginWaitSeconds,omitempty"` NotBefore int `json:"notBefore,omitempty"` OfflineSessionIdleTimeout int `json:"offlineSessionIdleTimeout,omitempty"` OtpPolicyAlgorithm string `json:"otpPolicyAlgorithm,omitempty"` OtpPolicyDigits int `json:"otpPolicyDigits,omitempty"` OtpPolicyInitialCounter int `json:"otpPolicyInitialCounter,omitempty"` OtpPolicyLookAheadWindow int `json:"otpPolicyLookAheadWindow,omitempty"` OtpPolicyPeriod int `json:"otpPolicyPeriod,omitempty"` OtpPolicyType string `json:"otpPolicyType,omitempty"` PermanentLockout bool `json:"permanentLockout,omitempty"` QuickLoginCheckMilliSeconds int `json:"quickLoginCheckMilliSeconds,omitempty"` Realm string `json:"realm,omitempty"` RefreshTokenMaxReuse int `json:"refreshTokenMaxReuse,omitempty"` RegistrationAllowed bool `json:"registrationAllowed,omitempty"` RegistrationEmailAsUsername bool `json:"registrationEmailAsUsername,omitempty"` RegistrationFlow string `json:"registrationFlow,omitempty"` RememberMe bool `json:"rememberMe,omitempty"` RequiredCredentials []string `json:"requiredCredentials,omitempty"` ResetCredentialsFlow string `json:"resetCredentialsFlow,omitempty"` ResetPasswordAllowed bool `json:"resetPasswordAllowed,omitempty"` RevokeRefreshToken bool `json:"revokeRefreshToken,omitempty"` SMTPServer *RealmSMTPServer `json:"smtpServer,omitempty"` SslRequired string `json:"sslRequired,omitempty"` SsoSessionIdleTimeout int `json:"ssoSessionIdleTimeout,omitempty"` SsoSessionMaxLifespan int `json:"ssoSessionMaxLifespan,omitempty"` SupportedLocales []string `json:"supportedLocales,omitempty"` VerifyEmail bool `json:"verifyEmail,omitempty"` WaitIncrementSeconds int `json:"waitIncrementSeconds,omitempty"` }
type RealmAttributes ¶
type RealmAttributes struct { XBrowserHeaderContentSecurityPolicy string `json:"_browser_header.contentSecurityPolicy,omitempty"` XBrowserHeaderXContentTypeOptions string `json:"_browser_header.xContentTypeOptions,omitempty"` XBrowserHeaderXFrameOptions string `json:"_browser_header.xFrameOptions,omitempty"` XBrowserHeaderXRobotsTag string `json:"_browser_header.xRobotsTag,omitempty"` XBrowserHeaderXXSSProtection string `json:"_browser_header.xXSSProtection,omitempty"` ActionTokenGeneratedByAdminLifespan string `json:"actionTokenGeneratedByAdminLifespan,omitempty"` ActionTokenGeneratedByUserLifespan string `json:"actionTokenGeneratedByUserLifespan,omitempty"` BruteForceProtected string `json:"bruteForceProtected,omitempty"` DisplayName string `json:"displayName,omitempty"` DisplayNameHTML string `json:"displayNameHtml,omitempty"` FailureFactor string `json:"failureFactor,omitempty"` MaxDeltaTimeSeconds string `json:"maxDeltaTimeSeconds,omitempty"` MaxFailureWaitSeconds string `json:"maxFailureWaitSeconds,omitempty"` MinimumQuickLoginWaitSeconds string `json:"minimumQuickLoginWaitSeconds,omitempty"` PermanentLockout string `json:"permanentLockout,omitempty"` QuickLoginCheckMilliSeconds string `json:"quickLoginCheckMilliSeconds,omitempty"` WaitIncrementSeconds string `json:"waitIncrementSeconds,omitempty"` }
type RealmBrowserSecurityHeaders ¶
type RealmBrowserSecurityHeaders struct { ContentSecurityPolicy string `json:"contentSecurityPolicy,omitempty"` XContentTypeOptions string `json:"xContentTypeOptions,omitempty"` XFrameOptions string `json:"xFrameOptions,omitempty"` XRobotsTag string `json:"xRobotsTag,omitempty"` XXSSProtection string `json:"xXSSProtection,omitempty"` }
type RealmIdentityProvider ¶
type RealmIdentityProvider struct { AddReadTokenRoleOnCreate bool `json:"addReadTokenRoleOnCreate,omitempty"` Alias string `json:"alias,omitempty"` AuthenticateByDefault bool `json:"authenticateByDefault,omitempty"` Config *RealmIdentityProviderConfig `json:"config,omitempty"` DisplayName string `json:"displayName,omitempty"` Enabled bool `json:"enabled,omitempty"` FirstBrokerLoginFlowAlias string `json:"firstBrokerLoginFlowAlias,omitempty"` InternalID string `json:"internalId,omitempty"` LinkOnly bool `json:"linkOnly,omitempty"` ProviderID string `json:"providerId,omitempty"` StoreToken bool `json:"storeToken,omitempty"` TrustEmail bool `json:"trustEmail,omitempty"` UpdateProfileFirstLoginMode string `json:"updateProfileFirstLoginMode,omitempty"` }
type RealmIdentityProviderConfig ¶
type RealmIdentityProviderConfig struct { AuthorizationURL string `json:"authorizationUrl,omitempty"` BackchannelSupported string `json:"backchannelSupported,omitempty"` ClientID string `json:"clientId,omitempty"` ClientSecret string `json:"clientSecret,omitempty"` DefaultScope string `json:"defaultScope,omitempty"` DisableUserInfo string `json:"disableUserInfo,omitempty"` HideOnLoginPage string `json:"hideOnLoginPage,omitempty"` LoginHint string `json:"loginHint,omitempty"` TokenURL string `json:"tokenUrl,omitempty"` UseJwksURL string `json:"useJwksUrl,omitempty"` UserIP string `json:"userIp,omitempty"` ValidateSignature string `json:"validateSignature,omitempty"` }
type RealmIdentityProviders ¶
type RealmIdentityProviders []*RealmIdentityProvider
type RealmProvider ¶
type RealmProvider interface { // SetRealmValue MUST either return a context with the realm key defined, or the original context with an error // describing why it was unable to do so. It must also defer to any pre-defined key value already present in the // context. SetRealmValue(context.Context) (context.Context, error) }
RealmProvider
This interface describes any implementation that can provide a realm name to the given context
func ContextRealmProvider ¶
func ContextRealmProvider() RealmProvider
ContextRealmProvider
This is the simplest and default RealmProvider. It simply checks for the existence of the realm key on the given context, returning an error if it does not exist. This requires that you define the realm in the context yourself.
type RealmSMTPServer ¶
type RealmSMTPServer struct { Auth string `json:"auth,omitempty"` EnvelopeFrom string `json:"envelopeFrom,omitempty"` From string `json:"from,omitempty"` FromDisplayName string `json:"fromDisplayName,omitempty"` Host string `json:"host,omitempty"` ReplyTo string `json:"replyTo,omitempty"` ReplyToDisplayName string `json:"replyToDisplayName,omitempty"` Ssl string `json:"ssl,omitempty"` Starttls string `json:"starttls,omitempty"` }
type Request ¶
func NewRequestWithContext ¶
type RequestMutator ¶
RequestMutator
This callback func type allows you to modify any *http.Request executed by the client in this package once it has been built.
func HeaderMutator ¶
func HeaderMutator(k, v string, override bool) RequestMutator
HeaderMutator returns a RequestMutator that will add or override a value in the header of the request
func QueryMutator ¶
func QueryMutator(k, v string, override bool) RequestMutator
QueryMutator will return a RequestMutator that either sets or adds a query parameter and value
func ValuedHeaderMutator ¶
func ValuedHeaderMutator(k string, v interface{}, override bool) RequestMutator
ValuedHeaderMutator returns a RequestMutator that will add or override a value in the header of a request, given the provided value is "valued"
func ValuedQueryMutator ¶
func ValuedQueryMutator(k string, v interface{}, override bool) RequestMutator
ValuedQueryMutator will return a RequestMutator only if v is a non-zero value of its type
type Resource ¶
type Resource struct { Name string `json:"name,omitempty"` Type string `json:"type,omitempty"` Scopes ResourceScopes `json:"scopes"` Owner *ResourceOwner `json:"owner,omitempty"` ID string `json:"_id,omitempty"` }
type ResourceMap ¶
func (ResourceMap) IDs ¶
func (m ResourceMap) IDs() []string
type ResourceOwner ¶
type ResourceScope ¶
type ResourceScopes ¶
type ResourceScopes []*ResourceScope
type ResourceServer ¶
type ResourceServer struct { ID string `json:"id"` ClientID string `json:"clientId"` Name string `json:"name"` AllowRemoteResourceManagement bool `json:"allowRemoteResourceManagement"` PolicyEnforcementMode string `json:"policyEnforcementMode"` Resources Resources `json:"resources"` Policies Policies `json:"policies"` Scopes Scopes `json:"scopes"` }
type Role ¶
type Role struct { ID string `json:"id,omitempty"` Name string `json:"name,omitempty"` Parent string `json:"parent,omitempty"` Description string `json:"description,omitempty"` Logic string `json:"logic,omitempty"` DecisionStrategy string `json:"decisionStrategy,omitempty"` ScopeParamRequired bool `json:"scopeParamRequired"` Composite bool `json:"composite,omitempty"` Client string `json:"client,omitempty"` ClientRole bool `json:"clientRole,omitempty"` ContainerID string `json:"containerId,omitempty"` Type string `json:"type,omitempty"` Required bool `json:"required,omitempty"` Mappings Roles `json:"mappings,omitempty"` }
type RoleMapping ¶
type StaticIssuerProvider ¶
type StaticIssuerProvider string
StaticIssuerProvider
This IssuerProvider implementation always sets the same issuer address in each request, unless the context provided to the setter already contains an issuer address key
func NewStaticIssuerProvider ¶
func NewStaticIssuerProvider(issuerAddress string) StaticIssuerProvider
NewStaticIssuerProvider builds an IssuerProvider that will set the issuer address value provided to this constructor, unless the context provided to the setter already contains an an issuer address key
func NewStaticIssuerProviderWithURL ¶
func NewStaticIssuerProviderWithURL(purl *url.URL) StaticIssuerProvider
NewStaticIssuerProviderWithURL will construct a new StaticIssuerProvider using the provided *url.URL
func (StaticIssuerProvider) IssuerAddress ¶
func (ip StaticIssuerProvider) IssuerAddress() (string, error)
IssuerAddress will always set the issuer address to the value the StaticIssuerProvider was constructed with, unless the provided context already has an address value defined
type StaticRealmProvider ¶
type StaticRealmProvider string
StaticRealmProvider will set its value as the context's realm key if the incoming context does not already contain a realm key
func NewStaticRealmProvider ¶
func NewStaticRealmProvider(keycloakRealm string) StaticRealmProvider
NewStaticRealmProvider will return to you a type of RealmProvider that, given that the incoming context does not already have a realm defined, will always set it to the value provided to this constructor
func NewStaticRealmProviderFromEnvironment ¶
func NewStaticRealmProviderFromEnvironment(envKey string) StaticRealmProvider
NewStaticRealmProviderFromEnvironment will attempt to fetch the provided env key using os.GetEnv, creating a new StaticRealmProvider with that as the value.
func (StaticRealmProvider) SetRealmValue ¶
SetRealmValue will attempt to locate a pre-existing realm key on the provided context, returning the original context if one is found. If not, it will return a new context with its own realm value defined.
type TimedPublicKeyCache ¶
type TimedPublicKeyCache struct {
// contains filtered or unexported fields
}
TimedPublicKeyCache
This is an implementation of a PublicKeyCache that utilizes a timed cached backend
func NewTimedPublicKeyCache ¶
func NewTimedPublicKeyCache(log zerolog.Logger, timedCacheMutators ...sclg.TimedCacheConfigMutator) *TimedPublicKeyCache
NewTimedPublicKeyCache will return a new PublicKeyCache using sclg.TimedCache as its backend
func (*TimedPublicKeyCache) Flush ¶
func (pkc *TimedPublicKeyCache) Flush()
func (*TimedPublicKeyCache) List ¶
func (pkc *TimedPublicKeyCache) List() map[string]map[string]time.Time
List will return a map of all issuer hostnames with their associated realm's that have a public key cached. The time value is the deadline after which the key will be removed from the cache. A zero-val time.Time instance must be interpreted as never-expiring entry.
func (*TimedPublicKeyCache) Load ¶
func (pkc *TimedPublicKeyCache) Load(issuerHost, realm string) (interface{}, bool)
Load will attempt to pull the specified cache item from the underlying TimedCache instance
func (*TimedPublicKeyCache) Remove ¶
func (pkc *TimedPublicKeyCache) Remove(issuerHost, realm string) bool
Remove will delete a cached parsed public key from the underlying TimedCache instance, returning true if an item was actually deleted
type TokenParser ¶
type TokenParser interface { // Parse must attempt to validate the provided token was signed using the mechanism expected by the realm's issuer // // The context provided to this method will contain at least the following two keys: // - keycloak_realm // - issuer_address Parse(context.Context, *APIClient, *jwt.Token) (pk interface{}, err error) }
TokenParser
type TokenProvider ¶
type TokenProvider interface { // SetTokenValue MUST either return a context with the token key defined, or the original context with an error // describing why it was unable to do so. It must also defer to any pre-defined key value already present in the // context. SetTokenValue(context.Context, *APIClient) (context.Context, error) }
TokenProvider
This interface describes any implementation that can provide a bearer token to the given context.
func ContextTokenProvider ¶
func ContextTokenProvider() TokenProvider
ContextTokenProvider
This is the simplest and default TokenProvider. It simply checks for the existence of the token key on the given context, returning an error if it does not exist. This requires that you define the token in the context yourself.
type UMA2Configuration ¶
type UMA2Configuration struct { AuthorizationEndpoint string `json:"authorization_endpoint"` EndSessionEndpoint string `json:"end_session_endpoint"` GrantTypesSupported []string `json:"grant_types_supported"` IntrospectionEndpoint string `json:"introspection_endpoint"` Issuer string `json:"issuer"` JwksURI string `json:"jwks_uri"` PermissionEndpoint string `json:"permission_endpoint"` PolicyEndpoint string `json:"policy_endpoint"` RegistrationEndpoint string `json:"registration_endpoint"` ResourceRegistrationEndpoint string `json:"resource_registration_endpoint"` ResponseModesSupported []string `json:"response_modes_supported"` ResponseTypesSupported []string `json:"response_types_supported"` ScopesSupported []string `json:"scopes_supported"` TokenEndpoint string `json:"token_endpoint"` TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"` TokenEndpointAuthSigningAlgValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported"` TokenIntrospectionEndpoint string `json:"token_introspection_endpoint"` }
type User ¶
type User struct { // these are editable Access UserAccess `json:"access"` Attributes KeyValuesMap `json:"attributes"` Email string `json:"email"` EmailVerified bool `json:"emailVerified"` Enabled bool `json:"enabled"` FirstName string `json:"firstName"` LastName string `json:"lastName"` RequiredActions []string `json:"requiredActions"` Username string `json:"username"` CreatedTimestamp Time `json:"createdTimestamp"` DisableableCredentialTypes []string `json:"disableableCredentialTypes"` FederatedIdentities []interface{} `json:"federatedIdentities"` ID string `json:"id"` NotBefore Time `json:"notBefore"` Totp bool `json:"totp"` }
type UserAccess ¶
type UserCreate ¶
type UserCreate struct { Attributes KeyValuesMap `json:"attributes"` Email string `json:"email"` EmailVerified bool `json:"emailVerified"` Enabled bool `json:"enabled"` Username string `json:"username"` }
type ValuedParameterFormatterFunc ¶
type ValuedParameterFormatterFunc func(destination, name string, value interface{}) (formatted string, use bool)
ValuedParameterFormatter
This func is called inside the ValuedQueryMutator func to determine if and how the provided value will be added to a given request's query parameter string.
var ValuedParameterFormatter ValuedParameterFormatterFunc = DefaultValuedParameterFormatter
ValuedParameterFormatter is called by the ValuedQueryParameter and ValuedHeaderFormatter funcs when determining if and how values should be added to a given request
type X509TokenParser ¶
type X509TokenParser struct {
// contains filtered or unexported fields
}
func NewX509TokenParser ¶
func NewX509TokenParser(cacheTTL time.Duration) *X509TokenParser