mantelo.client#

Classes#

`BearerAuth`	An authentication class that uses a Bearer token.
`KeycloakAdmin`	A client to interact with the Keycloak Admin API.

Module Contents#

class mantelo.client.BearerAuth#

Bases: requests.auth.AuthBase

An authentication class that uses a Bearer token.

This requests authentication class adds a Bearer token to the request headers. The token is provided by a callable (called for every request).

Parameters:: token_getter – A callable that returns the token to use for authentication.

token_getter: collections.abc.Callable[[], str]#: The callable that returns the token to use for authentication.

__call__(r: requests.PreparedRequest) → requests.PreparedRequest#

class mantelo.client.KeycloakAdmin(server_url: str, realm_name: str, auth: requests.auth.AuthBase, session: requests.Session | None = None)#

Bases: mantelo.internal.api.API

A client to interact with the Keycloak Admin API.

Highly inspired by the awesome slumber library, KeycloakAdmin is a lightweight object offering a more Pythonic interface to the Keycloak Admin API.

The authentication is handled by the a subclass of requests.auth.AuthBase. Use the class methods such as from_client_credentials() or from_username_password() to instantiate a KeycloakAdmin instance with authentication already configured.

Parameters:

server_url (str) – The URL of the Keycloak server (e.g. “https://my-keycloak.com”).
realm_name (str) – The name of the realm to interact with for all Admin API calls.
auth (requests.auth.AuthBase) – The authentication instance to use for all requests. See BearerAuth.
session (requests.Session, optional) – The session to use for all request (API and authentication). Useful if you need to attach e.g. custom headers to every call. Note that auth will be overridden, as well as some headers (e.g. Accept and Content-Type).

property session: requests.Session#

The session used for all requests.

Getter:: Get the session.
Type:: requests.Session

property base_url: str#

The base URL of the Keycloak Admin REST API (including the realm).

Getter:: Get the base_url.
Type:: string

property realm_name: str#

Getter:: Get the current realm name.
Setter:: Set the realm name. This updates the base_url and impact all future requests.
Seealso:: realms

property realms: mantelo.internal.api.Resource#

Special resource to interact with the /admin/realms/ endpoint.

By default, the client base URL contains a realm name, making it impossible to query the /admin/realms/ endpoint. This special property allows you to start the URL at /realms/ instead of /realms/{realm_name}.

Some example usages:

# List all realms
client.realms.get()
# Get users in another realm
client.realms("test").users.get()
# Get users in the current realm
client.get() == client.realms(client.realm_name).get()

classmethod create(connection: mantelo.connection.OpenidConnection, realm_name: str | None = None) → KeycloakAdmin#

Create a KeycloakAdmin from an OpenidConnection. The session from the connection will also be used for all Admin requests. You may set a different realm than the one used for authentication by setting the realm_name parameter.

Parameters:

connection (OpenidConnection) – The connection to use for authentication.
realm_name (str, optional) – The name of the realm to interact with for all Admin API calls. If not set, the realm name from the connection will be used.

classmethod from_client_credentials(server_url: str, realm_name: str, client_id: str, client_secret: str, authentication_realm_name: str | None = None, session: requests.Session | None = None) → KeycloakAdmin#

Create a KeycloakAdmin instance using username and password authentication.

Parameters:

server_url (str) – The URL of the Keycloak server (e.g. “https://my-keycloak.com”).
realm_name (str) – The name of the realm to interact with for all Admin API calls. If you need to authenticate against a different realm, set authentication_realm_name.
client_id (str) – The client ID to authenticate with (e.g. “admin-cli”).
username (str) – The username to authenticate with.
password (str) – The password to authenticate with.
authentication_realm_name (str, optional) – The realm to authenticate against. If omitted, realm_name will be used.
session (requests.Session, optional) – The session to use for all request (API and authentication).

classmethod from_username_password(server_url: str, realm_name: str, client_id: str, username: str, password: str, authentication_realm_name: str | None = None, session: requests.Session | None = None) → KeycloakAdmin#

Create a KeycloakAdmin instance using username and password authentication.

Parameters:

server_url (str) – The URL of the Keycloak server (e.g. “https://my-keycloak.com”).
realm_name (str) – The name of the realm to interact with for all Admin API calls. If you need to authenticate against a different realm, set authentication_realm_name.
client_id (str) – The client ID to authenticate with (e.g. “admin-cli”).
username (str) – The username to authenticate with.
password (str) – The password to authenticate with.
authentication_realm_name (str, optional) – The realm to authenticate against. If omitted, realm_name will be used.
session (requests.Session, optional) – The session to use for all request (API and authentication).

mantelo.client

On this page

mantelo.client#

Classes#

Module Contents#