Module: Keycloak::Client

Defined in:

lib/keycloak.rb

Constant Summary

KEYCLOAK_JSON_FILE =

'keycloak.json'

Class Attribute Summary

• .auth_server_url ⇒ Object readonly

  Returns the value of attribute auth_server_url.

• .client_id ⇒ Object readonly

  Returns the value of attribute client_id.

• .configuration ⇒ Object readonly

  Returns the value of attribute configuration.

• .public_key ⇒ Object readonly

  Returns the value of attribute public_key.

• .realm ⇒ Object readonly

  Returns the value of attribute realm.

• .secret ⇒ Object readonly

  Returns the value of attribute secret.

• .url ⇒ Object readonly

  Returns the value of attribute url.

Class Method Summary

• .decoded_access_token(access_token = '') ⇒ Object
• .decoded_id_token(idToken = '') ⇒ Object
• .decoded_refresh_token(refresh_token = '') ⇒ Object
• .exec_request(proc_request) ⇒ Object
• .external_attributes ⇒ Object
• .get_attribute(attributeName, access_token = '') ⇒ Object
• .get_installation ⇒ Object
• .get_token(user, password) ⇒ Object
• .get_token_by_client_credentials(client_id = '', secret = '') ⇒ Object
• .get_token_by_code(code, redirect_uri) ⇒ Object
• .get_token_by_refresh_token(refresh_token = '') ⇒ Object
• .get_token_introspection(token = '') ⇒ Object
• .get_userinfo(access_token = '') ⇒ Object
• .has_role?(user_role, access_token = '') ⇒ Boolean
• .logout(redirect_uri = '', refresh_token = '') ⇒ Object
• .mount_request_token(payload) ⇒ Object
• .openid_configuration ⇒ Object
• .setup_module ⇒ Object
• .token ⇒ Object
• .url_login_redirect(redirect_uri, response_type = 'code') ⇒ Object
• .url_user_account ⇒ Object
• .user_signed_in?(access_token = '') ⇒ Boolean
• .verify_setup ⇒ Object

Class Attribute Details

.auth_server_url ⇒ Object (readonly)

Returns the value of attribute auth_server_url.

# File 'lib/keycloak.rb', line 24

def auth_server_url
  @auth_server_url
end

.client_id ⇒ Object (readonly)

Returns the value of attribute client_id.

# File 'lib/keycloak.rb', line 24

def client_id
  @client_id
end

.configuration ⇒ Object (readonly)

Returns the value of attribute configuration.

# File 'lib/keycloak.rb', line 24

def configuration
  @configuration
end

.public_key ⇒ Object (readonly)

Returns the value of attribute public_key.

# File 'lib/keycloak.rb', line 24

def public_key
  @public_key
end

.realm ⇒ Object (readonly)

Returns the value of attribute realm.

# File 'lib/keycloak.rb', line 24

def realm
  @realm
end

.secret ⇒ Object (readonly)

Returns the value of attribute secret.

# File 'lib/keycloak.rb', line 24

def secret
  @secret
end

.url ⇒ Object (readonly)

Returns the value of attribute url.

# File 'lib/keycloak.rb', line 24

def url
  @url
end

Class Method Details

.decoded_access_token(access_token = '') ⇒ Object

# File 'lib/keycloak.rb', line 309

def self.decoded_access_token(access_token = '')
  access_token = self.token["access_token"] if access_token.empty?
  JWT.decode access_token, @public_key, false, { :algorithm => 'RS256' }
end

.decoded_id_token(idToken = '') ⇒ Object

# File 'lib/keycloak.rb', line 319

def self.decoded_id_token(idToken = '')
  tk = self.token
  idToken = tk["id_token"] if idToken.empty?
  if idToken
    @decoded_id_token = JWT.decode idToken, @public_key, false, { :algorithm => 'RS256' }
  end
end

.decoded_refresh_token(refresh_token = '') ⇒ Object

# File 'lib/keycloak.rb', line 314

def self.decoded_refresh_token(refresh_token = '')
  refresh_token = self.token["access_token"] if refresh_token.empty?
  JWT.decode refresh_token, @public_key, false, { :algorithm => 'RS256' }
end

.exec_request(proc_request) ⇒ Object

# File 'lib/keycloak.rb', line 266

def self.exec_request(proc_request)
  if Keycloak.explode_exception
    proc_request.call
  else
    begin
      proc_request.call
    rescue RestClient::ExceptionWithResponse => err
      err.response
    end
  end
end

.external_attributes ⇒ Object

# File 'lib/keycloak.rb', line 229

def self.external_attributes
  if !Keycloak.proc_external_attributes.nil?
    Keycloak.proc_external_attributes.call
  else
    raise Keycloak::ProcExternalAttributesNotDefined
  end
end

.get_attribute(attributeName, access_token = '') ⇒ Object

# File 'lib/keycloak.rb', line 214

def self.get_attribute(attributeName, access_token = '')
  verify_setup

  attr = decoded_access_token(access_token)[0]
  attr[attributeName]
end

.get_installation ⇒ Object

# File 'lib/keycloak.rb', line 241

def self.get_installation
  if File.exists?(KEYCLOAK_JSON_FILE)
    installation = JSON File.read(KEYCLOAK_JSON_FILE)
    @realm = installation["realm"]
    @url = installation["auth-server-url"]
    @client_id = installation["resource"]
    @secret = installation["credentials"]["secret"]
    @public_key = installation["realm-public-key"]
    @auth_server_url = installation["auth-server-url"]
    openid_configuration
  else
    raise "#{KEYCLOAK_JSON_FILE} not found."
  end
end

.get_token(user, password) ⇒ Object

# File 'lib/keycloak.rb', line 30

def self.get_token(user, password)
  setup_module

  payload = { 'client_id' => @client_id,
              'client_secret' => @secret,
              'username' => user,
              'password' => password,
              'grant_type' => 'password' }

  mount_request_token(payload)
end

.get_token_by_client_credentials(client_id = '', secret = '') ⇒ Object

# File 'lib/keycloak.rb', line 67

def self.get_token_by_client_credentials(client_id = '', secret = '')
  setup_module

  client_id = @client_id if client_id.empty?
  secret = @secret if secret.empty?

  payload = { 'client_id' => client_id,
              'client_secret' => secret,
              'grant_type' => 'client_credentials' }

  mount_request_token(payload)
end

.get_token_by_code(code, redirect_uri) ⇒ Object

# File 'lib/keycloak.rb', line 42

def self.get_token_by_code(code, redirect_uri)
  verify_setup

  payload = { 'client_id' => @client_id,
              'client_secret' => @secret,
              'code' => code,
              'grant_type' => 'authorization_code',
              'redirect_uri' => redirect_uri }

  mount_request_token(payload)
end

.get_token_by_refresh_token(refresh_token = '') ⇒ Object

# File 'lib/keycloak.rb', line 54

def self.get_token_by_refresh_token(refresh_token = '')
  verify_setup

  refresh_token = self.token['refresh_token'] if refresh_token.empty?

  payload = { 'client_id' => @client_id,
              'client_secret' => @secret,
              'refresh_token' => refresh_token,
              'grant_type' => 'refresh_token' }

  mount_request_token(payload)
end

.get_token_introspection(token = '') ⇒ Object

# File 'lib/keycloak.rb', line 80

def self.get_token_introspection(token = '')
  verify_setup

  token = self.token["access_token"] if token.empty?

  payload = { 'token' => token }

  authorization = Base64.strict_encode64("#{@client_id}:#{@secret}")
  authorization = "Basic #{authorization}"

  header = {'Content-Type' => 'application/x-www-form-urlencoded',
            'authorization' => authorization}

  _request = -> do
    RestClient.post(@configuration['token_introspection_endpoint'], payload, header){|response, request, result|
      case response.code
      when 200..399
        response.body

      else
        response.return!
      end
    }
  end

  exec_request _request
end

.get_userinfo(access_token = '') ⇒ Object

# File 'lib/keycloak.rb', line 152

def self.get_userinfo(access_token = '')
  verify_setup

  access_token = self.token["access_token"] if access_token.empty?

  payload = { 'access_token' => access_token }

  header = { 'Content-Type' => 'application/x-www-form-urlencoded' }

  _request = -> do
    RestClient.post(@configuration['userinfo_endpoint'], payload, header){ |response, request, result|
      case response.code
      when 200
        response.body
      else
        response.return!
      end
    }
  end

  exec_request _request
end

.has_role?(user_role, access_token = '') ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/keycloak.rb', line 181

def self.has_role?(user_role, access_token = '')
  verify_setup

  if user_signed_in?(access_token)
    dt = decoded_access_token(access_token)[0]
    dt = dt["resource_access"][@client_id]
    if dt != nil
      dt["roles"].each do |role|
        return true if role.to_s == user_role.to_s
      end
      false
    else
      false
    end
  else
    false
  end
end

.logout(redirect_uri = '', refresh_token = '') ⇒ Object

# File 'lib/keycloak.rb', line 115

def self.logout(redirect_uri = '', refresh_token = '')
  verify_setup

  if self.token || !refresh_token.empty?

    refresh_token = self.token['refresh_token'] if refresh_token.empty?

    payload = { 'client_id' => @client_id,
                'client_secret' => @secret,
                'refresh_token' => refresh_token
          }

    header = {'Content-Type' => 'application/x-www-form-urlencoded'}

    if redirect_uri.empty?
      final_url = @configuration['end_session_endpoint']
    else
      final_url = "#{@configuration['end_session_endpoint']}?#{URI.encode_www_form({ redirect_uri: redirect_uri })}"
    end

    _request = -> do
      RestClient.post(final_url, payload, header){ |response, request, result|
        case response.code
        when 200..399
          true
        else
          response.return!
        end
      }
    end

    exec_request _request
  else
    true
  end
end

.mount_request_token(payload) ⇒ Object

# File 'lib/keycloak.rb', line 292

def self.mount_request_token(payload)
  header = {'Content-Type' => 'application/x-www-form-urlencoded'}

  _request = -> do
    RestClient.post(@configuration['token_endpoint'], payload, header){|response, request, result|
      case response.code
      when 200
        response.body
      else
        response.return!
      end
    }
  end

  exec_request _request
end

.openid_configuration ⇒ Object

# File 'lib/keycloak.rb', line 278

def self.openid_configuration
  RestClient.proxy = Keycloak.proxy unless Keycloak.proxy.empty?
  config_url = "#{@url}/realms/#{@realm}/.well-known/openid-configuration"
  _request = -> do
    RestClient.get config_url
  end
  response = exec_request _request
  if response.code == 200
    @configuration = JSON response.body
  else
    response.return!
  end
end

.setup_module ⇒ Object

# File 'lib/keycloak.rb', line 260

def self.setup_module
  Keycloak.proxy ||= ''
  Keycloak.keycloak_controller ||= KEYCLOACK_CONTROLLER_DEFAULT
  get_installation
end

.token ⇒ Object

# File 'lib/keycloak.rb', line 221

def self.token
  if !Keycloak.proc_cookie_token.nil?
    JSON Keycloak.proc_cookie_token.call
  else
    raise Keycloak::ProcCookieTokenNotDefined
  end
end

.url_login_redirect(redirect_uri, response_type = 'code') ⇒ Object

# File 'lib/keycloak.rb', line 108

def self.url_login_redirect(redirect_uri, response_type = 'code')
  verify_setup

  p = URI.encode_www_form({ response_type: response_type, client_id: @client_id, redirect_uri: redirect_uri })
  "#{@configuration['authorization_endpoint']}?#{p}"
end

.url_user_account ⇒ Object

# File 'lib/keycloak.rb', line 175

def self.url_user_account
  verify_setup

  "#{@url}/realms/#{@realm}/account"
end

.user_signed_in?(access_token = '') ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/keycloak.rb', line 200

def self.user_signed_in?(access_token = '')
  verify_setup

  begin
    JSON(get_token_introspection(access_token))['active'] === true
  rescue => e
    if e.class < Keycloak::KeycloakException
      raise
    else
      false
    end
  end
end

.verify_setup ⇒ Object

# File 'lib/keycloak.rb', line 256

def self.verify_setup
  get_installation if @configuration.nil?
end