Module: Keycloak::Client

Defined in:
lib/keycloak.rb

Class Attribute Summary collapse

Class Method Summary collapse

Class Attribute Details

.auth_server_urlObject

Returns the value of attribute auth_server_url.



73
74
75
# File 'lib/keycloak.rb', line 73

def auth_server_url
  @auth_server_url
end

.client_idObject (readonly)

Returns the value of attribute client_id.



74
75
76
# File 'lib/keycloak.rb', line 74

def client_id
  @client_id
end

.configurationObject (readonly)

Returns the value of attribute configuration.



74
75
76
# File 'lib/keycloak.rb', line 74

def configuration
  @configuration
end

.public_keyObject (readonly)

Returns the value of attribute public_key.



74
75
76
# File 'lib/keycloak.rb', line 74

def public_key
  @public_key
end

.realmObject

Returns the value of attribute realm.



73
74
75
# File 'lib/keycloak.rb', line 73

def realm
  @realm
end

.secretObject (readonly)

Returns the value of attribute secret.



74
75
76
# File 'lib/keycloak.rb', line 74

def secret
  @secret
end

Class Method Details

.decoded_access_token(access_token = '') ⇒ Object



354
355
356
357
# File 'lib/keycloak.rb', line 354

def self.decoded_access_token(access_token = '')
  access_token = self.token["access_token"] if access_token.empty?
  JWT.decode access_token, @public_key, false, { :algorithm => 'RS256' }
end

.decoded_refresh_token(refresh_token = '') ⇒ Object



359
360
361
362
# File 'lib/keycloak.rb', line 359

def self.decoded_refresh_token(refresh_token = '')
  refresh_token = self.token["access_token"] if refresh_token.empty?
  JWT.decode refresh_token, @public_key, false, { :algorithm => 'RS256' }
end

.external_attributesObject



346
347
348
349
350
351
352
# File 'lib/keycloak.rb', line 346

def self.external_attributes
  if !Keycloak.proc_external_attributes.nil?
    Keycloak.proc_external_attributes.call
  else
    raise Keycloak::ProcExternalAttributesNotDefined
  end
end

.get_attribute(attributeName, access_token = '') ⇒ Object



331
332
333
334
335
336
# File 'lib/keycloak.rb', line 331

def self.get_attribute(attributeName, access_token = '')
  verify_setup

  attr = decoded_access_token(access_token)[0]
  attr[attributeName]
end

.get_token(user, password, client_id = '', secret = '') ⇒ Object



77
78
79
80
81
82
83
84
85
86
87
88
89
90
# File 'lib/keycloak.rb', line 77

def self.get_token(user, password, client_id = '', secret = '')
  setup_module

  client_id = @client_id if isempty?(client_id)
  secret = @secret if isempty?(secret)

  payload = { 'client_id' => client_id,
              'client_secret' => secret,
              'username' => user,
              'password' => password,
              'grant_type' => 'password'}

  mount_request_token(payload)
end

.get_token_by_client_credentials(client_id = '', secret = '') ⇒ Object



170
171
172
173
174
175
176
177
178
179
180
181
# File 'lib/keycloak.rb', line 170

def self.get_token_by_client_credentials(client_id = '', secret = '')
  setup_module

  client_id = @client_id if isempty?(client_id)
  secret = @secret if isempty?(secret)

  payload = { 'client_id' => client_id,
              'client_secret' => secret,
              'grant_type' => 'client_credentials' }

  mount_request_token(payload)
end

.get_token_by_code(code, redirect_uri, client_id = '', secret = '', client_session_state = '', client_session_host = '') ⇒ Object



92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# File 'lib/keycloak.rb', line 92

def self.get_token_by_code(code, redirect_uri, client_id = '', secret = '', client_session_state = '', client_session_host = '')
  verify_setup

  client_id = @client_id if isempty?(client_id)
  secret = @secret if isempty?(secret)

  payload = { 'client_id' => client_id,
              'client_secret' => secret,
              'code' => code,
              'grant_type' => 'authorization_code',
              'redirect_uri' => redirect_uri,
              'client_session_state' => client_session_state,
              'client_session_host' => client_session_host}

  mount_request_token(payload)
end

.get_token_by_exchange(issuer, issuer_token, client_id = '', secret = '', token_endpoint = '') ⇒ Object



109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# File 'lib/keycloak.rb', line 109

def self.get_token_by_exchange(issuer, issuer_token, client_id = '', secret = '', token_endpoint = '')
  setup_module

  client_id = @client_id if isempty?(client_id)
  secret = @secret if isempty?(secret)
  token_endpoint = @configuration['token_endpoint'] if isempty?(token_endpoint)

  payload = { 'client_id' => client_id,
              'client_secret' => secret,
              'audience' => client_id,
              'grant_type' => 'urn:ietf:params:oauth:grant-type:token-exchange',
              'subject_token_type' => 'urn:ietf:params:oauth:token-type:access_token',
              'subject_issuer' => issuer,
              'subject_token' => issuer_token}
  header = { 'Content-Type' => 'application/x-www-form-urlencoded' }
  _request = -> do
    RestClient.post(token_endpoint, payload, header){|response, request, result|
    # case response.code
    # when 200
    # response.body
    # else
    # response.return!
    # end
      response.body
    }
  end
  exec_request _request
end

.get_token_by_refresh_token(refresh_token = '', client_id = '', secret = '') ⇒ Object



155
156
157
158
159
160
161
162
163
164
165
166
167
168
# File 'lib/keycloak.rb', line 155

def self.get_token_by_refresh_token(refresh_token = '', client_id = '', secret = '')
  verify_setup

  client_id = @client_id if isempty?(client_id)
  secret = @secret if isempty?(secret)
  refresh_token = token['refresh_token'] if refresh_token.empty?

  payload = { 'client_id' => client_id,
              'client_secret' => secret,
              'refresh_token' => refresh_token,
              'grant_type' => 'refresh_token' }

  mount_request_token(payload)
end

.get_token_introspection(token = '', client_id = '', secret = '', introspection_endpoint = '') ⇒ Object



183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
# File 'lib/keycloak.rb', line 183

def self.get_token_introspection(token = '', client_id = '', secret = '', introspection_endpoint = '')
  verify_setup

  client_id = @client_id if isempty?(client_id)
  secret = @secret if isempty?(secret)
  token = self.token['access_token'] if isempty?(token)
  introspection_endpoint = @configuration['introspection_endpoint'] if isempty?(introspection_endpoint)

  payload = { 'token' => token }

  authorization = Base64.strict_encode64("#{client_id}:#{secret}")
  authorization = "Basic #{authorization}"

  header = { 'Content-Type' => 'application/x-www-form-urlencoded',
             'authorization' => authorization }

  _request = -> do
    RestClient.post(introspection_endpoint, payload, header){|response, request, result|
      case response.code
      when 200..399
        response.body
      else
        response.return!
      end
    }
  end

  exec_request _request
end

.get_userinfo(access_token = '', userinfo_endpoint = '') ⇒ Object



264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
# File 'lib/keycloak.rb', line 264

def self.get_userinfo(access_token = '', userinfo_endpoint = '')
  verify_setup

  access_token = self.token['access_token'] if access_token.empty?
  userinfo_endpoint = @configuration['userinfo_endpoint'] if isempty?(userinfo_endpoint)

  payload = { 'access_token' => access_token }

  header = { 'Content-Type' => 'application/x-www-form-urlencoded' }

  _request = -> do
    RestClient.post(userinfo_endpoint, payload, header){ |response, request, result|
      case response.code
      when 200
        response.body
      else
        response.return!
      end
    }
  end

  exec_request _request
end

.get_userinfo_issuer(access_token = '', userinfo_endpoint = '') ⇒ Object



138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
# File 'lib/keycloak.rb', line 138

def self.get_userinfo_issuer(access_token = '', userinfo_endpoint = '')
  verify_setup

  userinfo_endpoint = @configuration['userinfo_endpoint'] if isempty?(userinfo_endpoint)

  access_token = self.token["access_token"] if access_token.empty?
  payload = { 'access_token' => access_token }
  header = { 'Content-Type' => 'application/x-www-form-urlencoded' }
  _request = -> do
    RestClient.post(userinfo_endpoint, payload, header){ |response, request, result|
      response.body
    }
  end

  exec_request _request
end

.has_role?(user_role, access_token = '', client_id = '', secret = '', introspection_endpoint = '') ⇒ Boolean

Returns:

  • (Boolean)


294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
# File 'lib/keycloak.rb', line 294

def self.has_role?(user_role, access_token = '', client_id = '', secret = '', introspection_endpoint = '')
  verify_setup

  client_id = @client_id if isempty?(client_id)
  secret = @secret if isempty?(secret)
  introspection_endpoint = @configuration['introspection_endpoint'] if isempty?(introspection_endpoint)

  if !Keycloak.validate_token_when_call_has_role || user_signed_in?(access_token, client_id, secret, introspection_endpoint)
    dt = decoded_access_token(access_token)[0]
    dt = dt['resource_access'][client_id]
    unless dt.nil?
      dt['roles'].each do |role|
        return true if role.to_s == user_role.to_s
      end
    end
  end
  false
end

.logout(redirect_uri = '', refresh_token = '', client_id = '', secret = '', end_session_endpoint = '') ⇒ Object



225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
# File 'lib/keycloak.rb', line 225

def self.logout(redirect_uri = '', refresh_token = '', client_id = '', secret = '', end_session_endpoint = '')
  verify_setup

  if self.token || !refresh_token.empty?

    refresh_token = self.token['refresh_token'] if refresh_token.empty?
    client_id = @client_id if isempty?(client_id)
    secret = @secret if isempty?(secret)
    end_session_endpoint = @configuration['end_session_endpoint'] if isempty?(end_session_endpoint)

    payload = { 'client_id' => client_id,
                'client_secret' => secret,
                'refresh_token' => refresh_token }

    header = { 'Content-Type' => 'application/x-www-form-urlencoded' }

    final_url = if redirect_uri.empty?
                  end_session_endpoint
                else
                  "#{end_session_endpoint}?#{URI.encode_www_form(redirect_uri: redirect_uri)}"
                end

    _request = -> do
      RestClient.post(final_url, payload, header){ |response, request, result|
        case response.code
        when 200..399
          true
        else
          response.return!
        end
      }
    end

    exec_request _request
  else
    true
  end
end

.tokenObject



338
339
340
341
342
343
344
# File 'lib/keycloak.rb', line 338

def self.token
  if !Keycloak.proc_cookie_token.nil?
    JSON Keycloak.proc_cookie_token.call
  else
    raise Keycloak::ProcCookieTokenNotDefined
  end
end

.url_login_redirect(redirect_uri, response_type = 'code', client_id = '', authorization_endpoint = '', scope: []) ⇒ Object



213
214
215
216
217
218
219
220
221
222
223
# File 'lib/keycloak.rb', line 213

def self.(redirect_uri, response_type = 'code', client_id = '', authorization_endpoint = '', scope: [])
  verify_setup

  client_id = @client_id if isempty?(client_id)
  authorization_endpoint = @configuration['authorization_endpoint'] if isempty?(authorization_endpoint)

  params = { response_type: response_type, client_id: client_id, redirect_uri: redirect_uri }
  params[:scope] = scope.join(',') if scope.any?
  encoded_uri = URI.encode_www_form(params)
  "#{authorization_endpoint}?#{encoded_uri}"
end

.url_user_accountObject



288
289
290
291
292
# File 'lib/keycloak.rb', line 288

def self.
  verify_setup

  "#{@auth_server_url}/realms/#{@realm}/account"
end

.user_signed_in?(access_token = '', client_id = '', secret = '', introspection_endpoint = '') ⇒ Boolean

Returns:

  • (Boolean)


313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
# File 'lib/keycloak.rb', line 313

def self.user_signed_in?(access_token = '', client_id = '', secret = '', introspection_endpoint = '')
  verify_setup

  client_id = @client_id if isempty?(client_id)
  secret = @secret if isempty?(secret)
  introspection_endpoint = @configuration['introspection_endpoint'] if isempty?(introspection_endpoint)

  begin
    JSON(get_token_introspection(access_token, client_id, secret, introspection_endpoint))['active'] === true
  rescue => e
    if e.class < Keycloak::KeycloakException
      raise
    else
      false
    end
  end
end