(access-token deployment keycloak-client)
Get an access token extracted in a [[ClojureAccessToken]] record with one additionnal attribute :token
that hold the token as a string
Get an access token extracted in a [[ClojureAccessToken]] record with one additionnal attribute `:token` that hold the token as a string
(client-conf {:keys [realm auth-server-url client-id client-secret] :as conf})
(client-conf auth-server-url realm-name client-id)
(client-conf auth-server-url realm-name client-id client-secret)
returns a keycloak client configuration data structure given the params
returns a keycloak client configuration data structure given the params
(client-conf-input-stream auth-server-url realm-name client-id)
(client-conf-input-stream auth-server-url realm-name client-id client-secret)
return the keycloak client config as an input stream containing JSON, see client-conf
return the keycloak client config as an input stream containing JSON, see [[client-conf]]
(deployment client-conf)
take a keycloak client configuration as EDN and return a KeycloakDeployment object, see client-conf
for getting a proper conf structure
take a keycloak client configuration as EDN and return a KeycloakDeployment object, see [[client-conf]] for getting a proper conf structure
(deployment-for-realm keycloak-client auth-server-url client-id realm-name)
(deployment-for-realms keycloak-client auth-server-url client-id realms-name)
retrieve the secrets and build dynamically a map with realm-name as key and the keycloak deployment as value given a keycloak client with admin role, an array of realm name. This is useful for large number of realms and multi-tenant applications or tests, otherwise you should define them statically
retrieve the secrets and build dynamically a map with realm-name as key and the keycloak deployment as value given a keycloak client with admin role, an array of realm name. This is useful for large number of realms and multi-tenant applications or tests, otherwise you should define them statically
(extract access-token)
Return a [[keycloak.deployment/ClojureAccessToken]] record with :user
and :roles
keys with values extracted from the Keycloak access token along with all the props of the AccessToken bean
Return a [[keycloak.deployment/ClojureAccessToken]] record with `:user` and `:roles` keys with values extracted from the Keycloak access token along with all the props of the AccessToken bean
(keycloak-client conf secret)
(keycloak-client conf username password)
Build a org.keycloak.admin.client.Keycloak object from a client-conf
and a credential (secret or username/password), use the RestEasy client.
This keycloak-client object will be used as the first param for every interactions with the Keycloak server.
Build a [org.keycloak.admin.client.Keycloak](https://www.keycloak.org/docs-api/12.0/javadocs/org/keycloak/admin/client/Keycloak.html) object from a [[client-conf]] and a credential (secret or username/password), use the RestEasy client. This keycloak-client object will be used as the first param for every interactions with the Keycloak server.
(verify deployment token)
(verify deployments realm-name token)
Verify an Access Token given a deployment to check against.
Checks an Access Token for the following:
iss
(issuer) is defined and matches realm url from deployment
sub
is definedtyp
is "Bearer"exp
and nbf
)ES256
ES384
ES512
PS256
PS384
PS512
RS256
RS384
RS512
Verify an Access Token given a deployment to check against. Checks an Access Token for the following: - `iss` (issuer) is defined and matches realm url from `deployment` - `sub` is defined - `typ` is "Bearer" - token is active (both not expired and not used before its validity: `exp` and `nbf`) - token signature: `ES256` `ES384` `ES512` `PS256` `PS384` `PS512` `RS256` `RS384` `RS512`
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close