Class: Keycloak::Client

Inherits:

Object

• Object
• Keycloak::Client

Includes:

API::ClientResources, API::ClientRoleResources, API::KeycloakAPIExtensionResources, API::ProtectionResources, API::RealmResources, API::RoleResources, API::UserResources

Defined in:

lib/keycloak/client.rb

Instance Attribute Summary

• #auth_server_url ⇒ Object readonly

  Returns the value of attribute auth_server_url.

• #realm ⇒ Object readonly

  Returns the value of attribute realm.

Instance Method Summary

• #access_token_valid? ⇒ Boolean
• #admin_realm_url ⇒ Object
• #authenticate(username, password, grant_type, client_id, realm = @realm, auto: true) ⇒ Object
• #delete(url, headers: {}, payload: nil, try_refresh_token: true) ⇒ Object
• #get(url, headers: {}, params: {}, try_refresh_token: true) ⇒ Object
• #initialize(auth_server_url, realm) ⇒ Client constructor

  A new instance of Client.

• #post(url, payload, headers: {}, try_refresh_token: true) ⇒ Object
• #put(url, payload, headers: {}, try_refresh_token: true) ⇒ Object
• #realm_url ⇒ Object
• #refresh_token! ⇒ Object
• #refresh_token_valid? ⇒ Boolean
• #try_refresh_token! ⇒ Object

Methods included from API::KeycloakAPIExtensionResources

#api_extension_resources_url, #if_otp_exists, #validate_otp

Methods included from API::RealmResources

#create_realm, #delete_realm, #find_realm, #update_realm

Methods included from API::ClientRoleResources

#add_client_role_mapping, #create_client_role, #find_client_role_by_name, #find_client_roles, #find_client_roles_for_user, #remove_client_role_mapping

Methods included from API::ClientResources

#client_resources_url, #create_client, #find_client_by_client_id, #find_client_by_id, #update_client

Methods included from API::ProtectionResources

#granted_by_server

Methods included from API::RoleResources

#add_role_mapping, #create_or_find_role, #create_role, #find_role_by_name, #find_user_realm_roles, #realm_roles, #remove_role_mapping

Methods included from API::UserResources

#create_user, #delete_user, #find_user, #find_user_by_client_role, #find_user_by_role, #find_user_by_username, #find_users, #update_user, #user_resources_url

Constructor Details

#initialize(auth_server_url, realm) ⇒ Client

Returns a new instance of Client.

# File 'lib/keycloak/client.rb', line 15

def initialize(auth_server_url, realm)
  @auth_server_url = auth_server_url
  @realm = realm
end

Instance Attribute Details

#auth_server_url ⇒ Object (readonly)

Returns the value of attribute auth_server_url.

# File 'lib/keycloak/client.rb', line 13

def auth_server_url
  @auth_server_url
end

#realm ⇒ Object (readonly)

Returns the value of attribute realm.

# File 'lib/keycloak/client.rb', line 13

def realm
  @realm
end

Instance Method Details

#access_token_valid? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/keycloak/client.rb', line 69

def access_token_valid?
  @expires_in && @expires_in > DateTime.now
end

#admin_realm_url ⇒ Object

# File 'lib/keycloak/client.rb', line 24

def admin_realm_url
  "#{@auth_server_url}/admin/realms/#{@realm}"
end

#authenticate(username, password, grant_type, client_id, realm = @realm, auto: true) ⇒ Object

# File 'lib/keycloak/client.rb', line 28

def authenticate(username, password, grant_type, client_id, realm = @realm, auto: true)
  @authenticate_realm = realm
  @authenticate_client_id = client_id
  if auto
    @authenticate_username = username
    @authenticate_password = password
    @authenticate_grant_type = grant_type
  end

  now = DateTime.now
  url = "#{@auth_server_url}/realms/#{realm}/protocol/openid-connect/token"
  res = JSON.parse post(url, {
    username: username,
    password: password,
    grant_type: grant_type,
    client_id: client_id,
    scope: "offline_access"
  }, try_refresh_token: false).body
  @access_token = res["access_token"]
  @refresh_token = res["refresh_token"]
  @refresh_expires_in = now + res["refresh_expires_in"].seconds
  @expires_in = now + res["expires_in"].seconds
  true
end

#delete(url, headers: {}, payload: nil, try_refresh_token: true) ⇒ Object

# File 'lib/keycloak/client.rb', line 108

def delete(url, headers: {}, payload: nil, try_refresh_token: true)
  try_refresh_token! if try_refresh_token

  RestClient::Request.execute(
    method: :delete, url: url, payload: payload,
    headers: {
      authorization: "Bearer #{@access_token}",
      accept: "application/json"
    }.merge(headers)
  )
end

#get(url, headers: {}, params: {}, try_refresh_token: true) ⇒ Object

# File 'lib/keycloak/client.rb', line 98

def get(url, headers: {}, params: {}, try_refresh_token: true)
  try_refresh_token! if try_refresh_token

  RestClient.get(url, {
    authorization: "Bearer #{@access_token}",
    accept: "application/json",
    params: params
  }.merge(headers))
end

#post(url, payload, headers: {}, try_refresh_token: true) ⇒ Object

# File 'lib/keycloak/client.rb', line 89

def post(url, payload, headers: {}, try_refresh_token: true)
  try_refresh_token! if try_refresh_token

  RestClient.post(url, payload, {
    authorization: "Bearer #{@access_token}",
    accept: "application/json"
  }.merge(headers))
end

#put(url, payload, headers: {}, try_refresh_token: true) ⇒ Object

# File 'lib/keycloak/client.rb', line 120

def put(url, payload, headers: {}, try_refresh_token: true)
  try_refresh_token! if try_refresh_token

  RestClient.put(url, payload, {
    authorization: "Bearer #{@access_token}",
    accept: "application/json"
  }.merge(headers))
end

#realm_url ⇒ Object

# File 'lib/keycloak/client.rb', line 20

def realm_url
  "#{@auth_server_url}/realms/#{@realm}"
end

#refresh_token! ⇒ Object

# File 'lib/keycloak/client.rb', line 53

def refresh_token!
  raise "need to call `authenticate` first" unless @refresh_token

  url = "#{@auth_server_url}/realms/#{@authenticate_realm}/protocol/openid-connect/token"
  res = JSON.parse post(url, {
    grant_type: "refresh_token",
    client_id: @authenticate_client_id,
    refresh_token: @refresh_token
  }, try_refresh_token: false)
  @access_token = res["access_token"]
  @refresh_token = res["refresh_token"]
  now = DateTime.now
  @refresh_expires_in = now + res["refresh_expires_in"].seconds
  @expires_in = now + res["expires_in"].seconds
end

#refresh_token_valid? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/keycloak/client.rb', line 73

def refresh_token_valid?
  @refresh_expires_in && @refresh_expires_in > DateTime.now
end

#try_refresh_token! ⇒ Object

# File 'lib/keycloak/client.rb', line 77

def try_refresh_token!
  return if access_token_valid?

  if refresh_token_valid?
    refresh_token!
  elsif @authenticate_username && @authenticate_password
    authenticate(@authenticate_username, @authenticate_password, @authenticate_grant_type, @authenticate_client_id, @authenticate_realm, auto: false)
  else
    raise("Refresh token expired, you should re-authenticate to obtain an access token or enable auto authentication")
  end
end