KeyCloakProvider

Bases: OIDCProvider

Keycloak identity provider based on OIDC.

Inherits from OIDCProvider with default claim mappings tailored for Keycloak.

Source code in src/alpha/providers/oidc_provider.py 
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
class KeyCloakProvider(OIDCProvider):
    """Keycloak identity provider based on OIDC.

    Inherits from OIDCProvider with default claim mappings tailored for
    Keycloak.
    """

    protocol = "oidc"

    def __init__(
        self,
        connector: OIDCConnector,
        token_factory: TokenFactory | None = None,
        claim_mappings: Mapping[str, str | Sequence[str]] | None = None,
        populate_groups: bool = True,
        populate_permissions: bool = False,
        populate_claims: bool = False,
        change_password_supported: bool = False,
    ) -> None:
        """Initialize KeyCloakProvider.

        Uses `DEFAULT_KEYCLOAK_MAPPINGS` by default for claim mappings.

        Parameters
        ----------
        connector
            Connector to use for OIDC operations.
        token_factory
            Factory used to issue/validate local tokens.
        claim_mappings
            Mapping of OIDC claims to Identity fields. Defaults to common
            Keycloak claim mappings. The mapping values can be either a single
            claim name or a sequence of claim names. If a sequence is provided,
            the claims will be checked in order and the first non-empty value
            will be used.
        populate_groups
            Whether to populate group memberships on the Identity.
        populate_permissions
            Whether to populate permissions on the Identity.
        populate_claims
            Whether to include raw claims on the Identity.
        change_password_supported
            Whether this provider supports changing passwords.
        """
        super().__init__(
            connector=connector,
            token_factory=token_factory,
            claim_mappings=claim_mappings or DEFAULT_KEYCLOAK_MAPPINGS,
            populate_groups=populate_groups,
            populate_permissions=populate_permissions,
            populate_claims=populate_claims,
            change_password_supported=change_password_supported,
        )

Methods:

__init__ 

__init__(connector, token_factory=None, claim_mappings=None, populate_groups=True, populate_permissions=False, populate_claims=False, change_password_supported=False)

Initialize KeyCloakProvider.

Uses DEFAULT_KEYCLOAK_MAPPINGS by default for claim mappings.

Parameters:
  • connector (OIDCConnector) –

    Connector to use for OIDC operations.

  • token_factory (TokenFactory | None, default: None ) –

    Factory used to issue/validate local tokens.

  • claim_mappings (Mapping[str, str | Sequence[str]] | None, default: None ) –

    Mapping of OIDC claims to Identity fields. Defaults to common Keycloak claim mappings. The mapping values can be either a single claim name or a sequence of claim names. If a sequence is provided, the claims will be checked in order and the first non-empty value will be used.

  • populate_groups (bool, default: True ) –

    Whether to populate group memberships on the Identity.

  • populate_permissions (bool, default: False ) –

    Whether to populate permissions on the Identity.

  • populate_claims (bool, default: False ) –

    Whether to include raw claims on the Identity.

  • change_password_supported (bool, default: False ) –

    Whether this provider supports changing passwords.
Source code in src/alpha/providers/oidc_provider.py 
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
def __init__(
    self,
    connector: OIDCConnector,
    token_factory: TokenFactory | None = None,
    claim_mappings: Mapping[str, str | Sequence[str]] | None = None,
    populate_groups: bool = True,
    populate_permissions: bool = False,
    populate_claims: bool = False,
    change_password_supported: bool = False,
) -> None:
    """Initialize KeyCloakProvider.

    Uses `DEFAULT_KEYCLOAK_MAPPINGS` by default for claim mappings.

    Parameters
    ----------
    connector
        Connector to use for OIDC operations.
    token_factory
        Factory used to issue/validate local tokens.
    claim_mappings
        Mapping of OIDC claims to Identity fields. Defaults to common
        Keycloak claim mappings. The mapping values can be either a single
        claim name or a sequence of claim names. If a sequence is provided,
        the claims will be checked in order and the first non-empty value
        will be used.
    populate_groups
        Whether to populate group memberships on the Identity.
    populate_permissions
        Whether to populate permissions on the Identity.
    populate_claims
        Whether to include raw claims on the Identity.
    change_password_supported
        Whether this provider supports changing passwords.
    """
    super().__init__(
        connector=connector,
        token_factory=token_factory,
        claim_mappings=claim_mappings or DEFAULT_KEYCLOAK_MAPPINGS,
        populate_groups=populate_groups,
        populate_permissions=populate_permissions,
        populate_claims=populate_claims,
        change_password_supported=change_password_supported,
    )