gocloak

golang keycloak client

This client is based on : go-keycloak

For Questions either raise an issue, or come to the gopher-slack into the channel #gocloak

If u are using the echo framework have a look at gocloak-echo

https://gopkg.in/nerzal/gocloak.v1

Contribution

(WIP) https://github.com/Nerzal/gocloak/wiki/Contribute

Usage

Importing

Since the version 3 you need to import the gocloak library using v3 suffix:

	import "github.com/Nerzal/gocloak/v3"

Version 2:

	go get gopkg.in/nerzal/gocloak@v2.1.0

	import "github.com/Nerzal/gocloak"

Keycloak Version < 4.8

If you are using a Keycloak Server version <4.8 please use the V1.0 release of gocloak.

	go get gopkg.in/nerzal/gocloak.v1

	import "gopkg.in/nerzal/gocloak.v1"

Create New User

	client := gocloak.NewClient("https://mycool.keycloak.instance")
	token, err := client.LoginAdmin("user", "password", "realmName")
	if err != nil {
		panic("Something wrong with the credentials or url")
	}
	user := gocloak.User{
		FirstName: "Bob",
		LastName:  "Uncle",
		EMail:     "something@really.wrong",
		Enabled:   true,
		Username:  "CoolGuy",
	}
	client.CreateUser(token.AccessToken, "realm", user)
	if err != nil {
		panic("Oh no!, failed to create user :(")
	}

Introspect Token

	client := gocloak.NewClient(hostname)
	token, err := client.LoginClient(clientid, clientSecret, realm)
	if err != nil {
		panic("Login failed:"+ err.Error())
	}

	rptResult, err := client.RetrospectToken(token.AccessToken, clientid, clientSecret, realm)
	if err != nil {
		panic("Inspection failed:"+ err.Error())
	}

	if !rptResult.Active {
		panic("Token is not active")
	}

	permissions := rptResult.Permissions
	//Do something with the permissions ;)

Features

// GoCloak holds all methods a client should fullfill
type GoCloak interface {
	Login(clientID string, clientSecret string, realm string, username string, password string) (*JWT, error)
	Logout(clientID, clientSecret, realm, refreshToken string) error
	LogoutPublicClient(clientID, realm, accessToken, refreshToken string) error
	LoginClient(clientID, clientSecret, realm string) (*JWT, error)
	LoginAdmin(username, password, realm string) (*JWT, error)
	RequestPermission(clientID string, clientSecret string, realm string, username string, password string, permission string) (*JWT, error)
	RefreshToken(refreshToken string, clientID, clientSecret, realm string) (*JWT, error)
	DecodeAccessToken(accessToken string, realm string) (*jwt.Token, *jwt.MapClaims, error)
	DecodeAccessTokenCustomClaims(accessToken string, realm string, claims jwt.Claims) (*jwt.Token, error)
	RetrospectToken(accessToken string, clientID, clientSecret string, realm string) (*RetrospecTokenResult, error)
	GetIssuer(realm string) (*IssuerResponse, error)
	GetCerts(realm string) (*CertResponse, error)
	GetServerInfo(accessToken string) (*ServerInfoRepesentation, error)
	GetUserInfo(accessToken string, realm string) (*UserInfo, error)
	SetPassword(token string, userID string, realm string, password string, temporary bool) error
	ExecuteActionsEmail(token string, realm string, params ExecuteActionsEmail) error

	CreateUser(token string, realm string, user User) (string, error)
	CreateGroup(accessToken string, realm string, group Group) error
	CreateClientRole(accessToken string, realm string, clientID string, role Role) error
	CreateClient(accessToken string, realm string, clientID Client) error
	CreateClientScope(accessToken string, realm string, scope ClientScope) error
	CreateComponent(accessToken string, realm string, component Component) error

	UpdateUser(accessToken string, realm string, user User) error
	UpdateGroup(accessToken string, realm string, updatedGroup Group) error
	UpdateRole(accessToken string, realm string, clientID string, role Role) error
	UpdateClient(accessToken string, realm string, updatedClient Client) error
	UpdateClientScope(accessToken string, realm string, scope ClientScope) error

	DeleteUser(accessToken string, realm, userID string) error
	DeleteComponent(accessToken string, realm, componentID string) error
	DeleteGroup(accessToken string, realm, groupID string) error
	DeleteClientRole(accessToken string, realm, clientID, roleName string) error
	DeleteClient(accessToken string, realm, clientID string) error
	DeleteClientScope(accessToken string, realm, scopeID string) error

	GetClient(accessToken string, realm string, clientID string) (*Client, error)
	GetClientsDefaultScopes(token string, realm string, clientID string) ([]*ClientScope, error)
	AddDefaultScopeToClient(token string, realm string, clientID string, scopeID string) error
	RemoveDefaultScopeFromClient(token string, realm string, clientID string, scopeID string) error
	GetClientsOptionalScopes(token string, realm string, clientID string) ([]*ClientScope, error)
	AddOptionalScopeToClient(token string, realm string, clientID string, scopeID string) error
	RemoveOptionalScopeFromClient(token string, realm string, clientID string, scopeID string) error
	GetDefaultOptionalClientScopes(token string, realm string) ([]*ClientScope, error)
	GetDefaultDefaultClientScopes(token string, realm string) ([]*ClientScope, error)
	GetClientScope(token string, realm string, scopeID string) (*ClientScope, error)
	GetClientScopes(token string, realm string) ([]*ClientScope, error)
	GetClientSecret(token string, realm string, clientID string) (*CredentialRepresentation, error)
	GetClientServiceAccount(token string, realm string, clientID string) (*User, error)
	RegenerateClientSecret(token string, realm string, clientID string) (*CredentialRepresentation, error)
	GetKeyStoreConfig(accessToken string, realm string) (*KeyStoreConfig, error)
	GetUserByID(accessToken string, realm string, userID string) (*User, error)
	GetUserCount(accessToken string, realm string) (int, error)
	GetUsers(accessToken string, realm string, params GetUsersParams) ([]*User, error)
	GetUserGroups(accessToken string, realm string, userID string) ([]*UserGroup, error)
	GetComponents(accessToken string, realm string) ([]*Component, error)
	GetGroups(accessToken string, realm string, params GetGroupsParams) ([]*Group, error)
	GetGroup(accessToken string, realm, groupID string) (*Group, error)
	GetRoleMappingByGroupID(accessToken string, realm string, groupID string) (*MappingsRepresentation, error)
	GetRoleMappingByUserID(accessToken string, realm string, userID string) (*MappingsRepresentation, error)
	GetClientRoles(accessToken string, realm string, clientID string) ([]*Role, error)
	GetClientRole(token string, realm string, clientID string, roleName string) (*Role, error)
	GetClients(accessToken string, realm string, params GetClientsParams) ([]*Client, error)
	GetUsersByRoleName(token string, realm string, roleName string) ([]*User, error)
	UserAttributeContains(attributes map[string][]string, attribute string, value string) bool
	CreateClientProtocolMapper(token, realm, clientID string, mapper ProtocolMapperRepresentation) error
	DeleteClientProtocolMapper(token, realm, clientID, mapperID string) error

	// *** Realm Roles ***

	CreateRealmRole(token string, realm string, role Role) error
	GetRealmRole(token string, realm string, roleName string) (*Role, error)
	GetRealmRoles(accessToken string, realm string) ([]*Role, error)
	GetRealmRolesByUserID(accessToken string, realm string, userID string) ([]*Role, error)
	GetRealmRolesByGroupID(accessToken string, realm string, groupID string) ([]*Role, error)
	UpdateRealmRole(token string, realm string, roleName string, role Role) error
	DeleteRealmRole(token string, realm string, roleName string) error
	AddRealmRoleToUser(token string, realm string, userID string, roles []Role) error
	DeleteRealmRoleFromUser(token string, realm string, userID string, roles []Role) error
	AddRealmRoleComposite(token string, realm string, roleName string, roles []Role) error
	DeleteRealmRoleComposite(token string, realm string, roleName string, roles []Role) error

	// *** Realm ***

	GetRealm(token string, realm string) (*RealmRepresentation, error)
	CreateRealm(token string, realm RealmRepresentation) error
	DeleteRealm(token string, realm string) error

	GetClientUserSessions(token, realm, clientID string) ([]*UserSessionRepresentation, error)
	GetClientOfflineSessions(token, realm, clientID string) ([]*UserSessionRepresentation, error)
	GetUserSessions(token, realm, userID string) ([]*UserSessionRepresentation, error)
	GetUserOfflineSessionsForClient(token, realm, userID, clientID string) ([]*UserSessionRepresentation, error)
}

developing & testing

For local testing you need to start a docker container. Simply run following commands prior to starting the tests:

docker pull quay.io/keycloak/keycloak
docker run -d \
	-e KEYCLOAK_USER=admin \
	-e KEYCLOAK_PASSWORD=secret \
	-e KEYCLOAK_IMPORT=/tmp/gocloak-realm.json \
	-v `pwd`/testdata/gocloak-realm.json:/tmp/gocloak-realm.json \
	-p 8080:8080 \
	--name gocloak-test \
	quay.io/keycloak/keycloak

go test

Or you can run the tests on you own keycloak:

export GOCLOAK_TEST_CONFIG=/path/to/gocloak/config.json

All resources created as a result of unit tests will be deleted, except for the test user defined in the configuration file.

To remove running docker container after completion of tests:

docker stop gocloak-test
docker rm gocloak-test

sauvaget/gocloak