keycloak group item is missing from UserInfo class
flynn1973 opened this issue · 2 comments
flynn1973 commented
Describe the bug
data from session originates from keycloak
{'exp': 1686052038, 'iat': 1686051738, 'auth_time': 1686051738, 'jti': '53f39860-e50a-46ea-9b98-207277f9840c', 'iss': 'http://lpgaixmgmtlx01.sozvers.at:8989/realms/aix', 'aud': 'flask-oid-test', 'sub': '98fb0c33-d141-4a0d-a344-e118ae3efb91', 'typ': 'ID', 'azp': 'flask-oid-test', 'nonce': 'MrgTvE6BF3gUQiVAsNYO', 'session_state': 'fa213142-b8d1-4969-9c43-0708879efbdc', 'at_hash': 'QIh8_TNx7XBfa9UT1MlpOQ', 'acr': '1', 'sid': 'fa213142-b8d1-4969-9c43-0708879efbdc', 'email_verified': False, 'preferred_username': 'dabatestuser', 'given_name': '', 'family_name': '', 'group': ['dabatestgrp']}
trying to print "user.group" value
Traceback (most recent call last):
File "/opt/freeware/lib/python3.7/site-packages/werkzeug/middleware/dispatcher.py", line 78, in __call__
return app(environ, start_response)
File "/opt/freeware/lib/python3.7/site-packages/flask/app.py", line 2552, in __call__
return self.wsgi_app(environ, start_response)
File "/opt/freeware/lib/python3.7/site-packages/flask/app.py", line 2532, in wsgi_app
response = self.handle_exception(e)
File "/opt/freeware/lib/python3.7/site-packages/flask/app.py", line 2529, in wsgi_app
response = self.full_dispatch_request()
File "/opt/freeware/lib/python3.7/site-packages/flask/app.py", line 1825, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/opt/freeware/lib/python3.7/site-packages/flask/app.py", line 1823, in full_dispatch_request
rv = self.dispatch_request()
File "/opt/freeware/lib/python3.7/site-packages/flask/app.py", line 1799, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
File "/home/tremch/flask/authlib_keycloak_client_test/frontend/__init__.py", line 74, in index
print(str(user.group))
File "/opt/freeware/lib/python3.7/site-packages/authlib/oidc/core/claims.py", line 228, in __getattr__
raise error
File "/opt/freeware/lib/python3.7/site-packages/authlib/oidc/core/claims.py", line 224, in __getattr__
return object.__getattribute__(self, key)
AttributeError: 'UserInfo' object has no attribute 'group'
after adding 'group' to UserInfo class
class UserInfo(dict):
"""The standard claims of a UserInfo object. Defined per `Section 5.1`_.
.. _`Section 5.1`: http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
"""
#: registered claims that UserInfo supports
REGISTERED_CLAIMS = [
'sub', 'name', 'given_name', 'family_name', 'middle_name', 'nickname',
'preferred_username', 'profile', 'picture', 'website', 'email',
'email_verified', 'gender', 'birthdate', 'zoneinfo', 'locale',
'phone_number', 'phone_number_verified', 'address', 'updated_at', 'group',
]
works
root@host: /home/tremch/flask/authlib_keycloak_client_test # /opt/freeware/bin/python3 run.py
Using cacerts from /opt/freeware/lib/python3.7/site-packages/certifi/cacert.pem
WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
* Running on all addresses (0.0.0.0)
* Running on http://127.0.0.1:8700
* Running on http://172.16.84.106:8700
Press CTRL+C to quit
* Restarting with stat
Using cacerts from /opt/freeware/lib/python3.7/site-packages/certifi/cacert.pem
* Debugger is active!
* Debugger PIN: 240-630-255
['dabatestgrp']
10.133.90.37 - - [06/Jun/2023 14:10:47] "GET / HTTP/1.1" 200 -
['dabatestgrp']
10.133.90.37 - - [06/Jun/2023 14:19:50] "GET / HTTP/1.1" 200 -
flynn1973 commented
oh...just noticed there seems to be some kind of odd "standard" behind what claims/items are allowed or not...so not sure if this is really a bug.
lepture commented
This is not a bug. You can access non-standards via
user.get("groups")