Before using Keycloak you must create the necessary resources in the following order: firstly you create a realm that will holds your clients, roles, groups and then users (See the Keycloak concepts section). You can create all theses resources through the Keycloak administration console or keycloak-clojure brings you functions to do that easily that are detailed in the next sections.
In every interaction with keycloak-clojure you must provide a keycloak client object that holds the server reference, password, etc. The keycloak client is created with:
(require '[keycloak.deployment :as deployment
:refer [keycloak-client client-conf]])
(def kc-client
(-> (client-conf {:auth-server-url "http://localhost:8090/auth"
:realm "master"
:client-id "admin-cli"})
(keycloak-client "admin" "secretadmin")))
(require '[keycloak.admin :as admin])
(admin/create-realm! kc-client "example-realm")
(admin/create-client! kc-client "example-realm" "myfrontend")
(admin/create-client! kc-client "example-realm" "mybackend")
(admin/create-role! kc-client "example-realm" "employee")
(admin/create-role! kc-client "example-realm" "manager")
(admin/create-user! kc-client "example-realm" "user1" "pwd1")
;; The keycloak.user namespace contains function with more exhaustive parameters like:
(require '[keycloak.user :as user])
(user/create-or-update-user! kc-client "example-realm" {:username "bcarter" :first-name "Bob" :last-name "Carter" :password "abcdefg" :email "bcarter@example.com"} ["employee" "manager"] nil)
(require '[keycloak.user :as user])
(user/add-realm-roles! kc-client "example-realm" "bcarter" ["manager"])
(admin/create-group! kc-client "example-realm" "mygroup")
(admin/add-username-to-group-name! kc-client "example-realm" "mygroup" "bcarter")
Keycloak-clojure offers a declarative way to create all the Keycloak resources instead of invoking all the imperative functions.
The init!
function to create all the resource sits in the namespace keycloak.starter
.
The function expects the following top-level keys: :realm
, :clients
, :roles
, :groups
, :users
.
Two additional keys provides a way to generate fake users, groups and roles: :generated-users-by-group-and-role
and :username-creator-fn
.
{:name "electre"
:themes {:internationalizationEnabled true
:supportedLocales #{"en" "fr"}
:defaultLocale "fr"
:loginTheme "example-theme"
:accountTheme "example-theme"
:adminTheme nil
:emailTheme "example-theme"}
:login {:bruteForceProtected true
:rememberMe true
:resetPasswordAllowed true}
:tokens {:ssoSessionIdleTimeoutRememberMe (Integer. (* 60 60 48)) ;2 days
:ssoSessionMaxLifespanRememberMe (Integer. (* 60 60 48))}
:smtp {:host "smtp.eu.mailgun.org"
:port 587
:from "admin@example.com"
:auth true
:starttls true
:replyTo "example"
:user "postmaster@mail.example.com"
:password ""}}
{:clients [{:name "api-client"
:public? true
:redirect-uris ["https://api.example.com/*"]
:root-url "https://api.example.com"
:base-url "https://api.example.com"
:web-origins ["https://api.example.com"]}
{:name "myfrontend"
:public? true
:redirect-uris ["https://www.example.com/*"]
:root-url "https://www.example.com"
:base-url "https://www.example.com"
:web-origins ["https://www.example.com"]}
{:name "mybackend"
:public? false
:redirect-uris ["http://localhost:3449/*"]
:web-origins ["http://localhost:3449"]}]}
{:roles #{"employee" "manager" "admin" "org-admin" "group-admin" "api-consumer"}}
{:groups [{:name "group1" :subgroups ["subgroup1" "subgroup2"]}]}
{:users [{:username "bcarter" :password "password" :first-name "Bob" :last-name "Carter"
:realm-roles ["employee" "manager"] :group "group1" :in-subgroups ["subgroup2"] :attributes {"myorg" ["ACME"]}}]}
(require '[keycloak.starter :as starter])
(starter/init! {:realm ...
:clients ...
:roles ...
:groups ...
:users ...
:generated-users-by-group-and-role 3
:username-creator-fn (fn [role group subgroup i & opts] (str (str group) "-" (subs (str role) 0 3) "-" i))})
Can you improve this documentation?Edit on GitHub
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close