Skip to content
This repository has been archived by the owner on Mar 16, 2024. It is now read-only.

Commit

Permalink
Merge pull request #108 from odnobit/oidc_scope
Browse files Browse the repository at this point in the history
Add OIDC scope
  • Loading branch information
alexbarcelo authored Jan 24, 2024
2 parents 25967e3 + 2990097 commit ff31f09
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 3 deletions.
8 changes: 6 additions & 2 deletions fastapi_keycloak/api.py
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,7 @@ def __init__(
admin_client_secret: str,
callback_uri: str,
admin_client_id: str = "admin-cli",
scope: str = "openid profile email",
timeout: int = 10,
):
"""FastAPIKeycloak constructor
Expand All @@ -150,6 +151,7 @@ def __init__(
callback_uri (str): Callback URL of the instance, used for auth flows. Must match at least one
`Valid Redirect URIs` of Keycloak and should point to an endpoint that utilizes the authorization_code flow.
timeout (int): Timeout in seconds to wait for the server
scope (str): OIDC scope
"""
self.server_url = server_url
self.realm = realm
Expand All @@ -159,6 +161,7 @@ def __init__(
self.admin_client_secret = admin_client_secret
self.callback_uri = callback_uri
self.timeout = timeout
self.scope = scope
self._get_admin_token() # Requests an admin access token on startup

@property
Expand Down Expand Up @@ -979,6 +982,7 @@ def user_login(self, username: str, password: str) -> KeycloakToken:
"username": username,
"password": password,
"grant_type": "password",
"scope": self.scope,
}
response = requests.post(url=self.token_uri, headers=headers, data=data, timeout=self.timeout)
if response.status_code == 401:
Expand Down Expand Up @@ -1062,9 +1066,9 @@ def _admin_request(

@functools.cached_property
def login_uri(self):
"""The URL for users to login on the realm. Also adds the client id and the callback."""
"""The URL for users to login on the realm. Also adds the client id, the callback and the scope."""
params = {
"scope": "openid profile email",
"scope": self.scope,
"response_type": "code",
"client_id": self.client_id,
"redirect_uri": self.callback_uri,
Expand Down
1 change: 1 addition & 0 deletions tests/app.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
admin_client_secret="BIcczGsZ6I8W5zf0rZg5qSexlloQLPKB",
realm="Test",
callback_uri="http://localhost:8081/callback",
scope="openid profile email",
)
idp.add_swagger_config(app)

Expand Down
3 changes: 2 additions & 1 deletion tests/test_functional.py
Original file line number Diff line number Diff line change
Expand Up @@ -426,10 +426,11 @@ def test_user_groups(self, idp, user):
)
def test_login_exceptions(self, idp, action, exception, user):

# Get access and refresh for the users
# Get access, refresh and id token for the users
tokens = idp.user_login(username=user.username, password=TEST_PASSWORD)
assert tokens.access_token
assert tokens.refresh_token
assert tokens.id_token

user.requiredActions.append(action) # Add an action
user: KeycloakUser = idp.update_user(user=user) # Save the change
Expand Down

0 comments on commit ff31f09

Please sign in to comment.