python-keycloak assign_client_role() error

Related searches

I'm using keycloak python API to assign user roles. Here is the code:

from keycloak import KeycloakAdmin
# make connection        
admin = KeycloakAdmin(server_url = "https://xxx.xx.xx/auth/",
                                   username = 'xx',
                                   password = 'xxx',
                                   realm_name = "xxx-xxx",
                                   verify = True)
# get an user id via user name
userID = admin.get_user_id(self.userName)
# assign user role
admin.assign_client_role(client_id = "client_id", 
                             user_id = userID, 
                             #role_id = "role_id", 
                             role_name = "test")

The make connection and get user id via user name part is successful. But assign_client_role() gives me an error:

TypeError: assign_client_role() got an unexpected keyword argument 'role_name'

It seems that the arguments are not corrsponding to those defined in the function. My code refers to the example from this website. Could anyone tell me how to make it right?

Wang.

Another option is this:

from keycloak import KeycloakAdmin

# make connection            
admin = KeycloakAdmin(server_url = "https://xxx.xx.xx/auth/",
                                   username = 'xx',
                                   password = 'xxx',
                                   realm_name = "xxx-xxx",
                                   verify = True)
# get an user id via user name
user_id = admin.get_user_id("username")

role = admin.get_client_roles(client_id="client_id", role_name="test")

# assign user client role
admin.assign_client_role(client_id = "client_id", 
                         user_id = user_id, 
                         roles=[role])

I will fixe de documentation about that.

The new oficial repository is "python-keycloak".

python-keycloak � PyPI, python-keycloak is a Python package providing access to the Keycloak API. Bug reports. Please report bugs and role_name="test") # Get all roles for the realm or client realm_roles = keycloak_admin.get_roles() # Assign client role to user. Note that BOTH role_name and role_id appear to be required. keycloak_admin. assign_client_role (client_id = client_id, user_id = user_id, role_id = role_id, role_name = "test") # Get all ID Providers idps = keycloak_admin. get_idps () # Create a new Realm keycloak_admin. create_realm (payload = {"realm": "demo"}, skip_exists = False)

Had the same problem. It turns out that the documentation for python-keycloak is not correct. Here's how I managed to fix the issue

First, make sure you're using client_id from url not the client id from keycloak interface (see picture):

client_id picture

Second, make sure your admin user has manage-users and manage-clients roles assigned to it:

roles picture

Third, assign_client_role() accepts argument role_name as an array, not string

Here's my code:

keycloak_admin = KeycloakAdmin(server_url="http://localhost:8088/auth/",
                                        username='azat_admin',
                                        password='some_password',
                                        realm_name="realm_name",
                                        verify=True)

new_user = keycloak_admin.create_user({"email": "some_email",
                                       "username": "some_username",
                                       "enabled": True,
                                       "firstName": "some_firstname",
                                       "lastName": "some_lastname",
                                       "credentials": [{"value": "some_password","type": "password",}]})

roles = keycloak_admin.get_client_roles(client_id="2b50a8e3-dc91-4658-a552-83fb768badc8")
keycloak_admin.assign_client_role(client_id = "2b50a8e3-dc91-4658-a552-83fb768badc8", 
                                                user_id = new_user, 
                                                roles=[roles[0]])

python, 但是assign client role 给了我一个错误: 看来参数与函数中定义的参数不对应。 我的代码引用了该 python-keycloak assign_client_role() error. Hashes for python-keycloak-0.22.0.tar.gz; Algorithm Hash digest; SHA256: 8f2ea277c94cee1de108fd6a018d52d23a603dea6bfb7cdd8eeeb09963bbdade: Copy MD5

As stated in example documentation. You should certainly try first:

# Get client role id from name role_id = keycloak_admin.get_client_role_id(client_id=client_id, role_name="test")

then

# Assign client role to user. Note that BOTH role_name and role_id appear to be required. keycloak_admin.assign_client_role(client_id=client_id, user_id=user_id, role_id=role_id, role_name="test")

Or can you share more of your code and explain why you commented the 'role_id' argument?

Python Keycloak Get Roles and Groups of user, To access all this in my application I am using Python-Keycloak keycloak_openid.well_know() token = keycloak_openid.token("username", be required. keycloak_admin. assign_client_role (client_id = client_id, user_id = user_id, role_id Here is an example of my problem: I have multiple teams that w… keycloak and� Can we use python-keycloak in flask without client_secret_key ? #108 opened Aug 13, 2020 by harish2296 Client Role Mappings with groups

It turns out that the documentation is wrong, I check the source code of keycloak_admin.py found the definition of function assign_client_role():

def assign_client_role(self, user_id, client_id, roles):
    """
    Assign a client role to a user

    :param client_id: id of client (not client-id)
    :param user_id: id of user
    :param client_id: id of client containing role,
    :param roles: roles list or role (use RoleRepresentation)
    :return Keycloak server response
    """

    payload = roles if isinstance(roles, list) else [roles]
    params_path = {"realm-name": self.realm_name, "id": user_id, "client-id":client_id}
    data_raw = self.connection.raw_post(URL_ADMIN_USER_CLIENT_ROLES.format(**params_path),
                                    data=json.dumps(payload))
    return raise_error_from_response(data_raw, KeycloakGetError, expected_code=204)

The URL_ADMIN_USER_CLIENT_ROLES is defined in urls_patterns.py:

URL_ADMIN_USER_CLIENT_ROLES = "admin/realms/{realm-name}/users/{id}/role-mappings/clients/{client-id}" As you can see, the realm-name, userid and client-id is used to form the url, if one of these parameters goes wrong, there will be 404 error because of the incorrect url. Content of parameter roles is warpped into post data, so if the format of roles parameter is wrong, there will probably be 500 error.

In order to get the right url example and the correct roles data structure, I used browser to manually assign a role, and check the url and post json data sent by the browser. Then change the code to produce the correct url and json data. Below is the final code that works:

from keycloak import KeycloakAdmin
# make connection        
admin = KeycloakAdmin(server_url = "https://xxx.xx.xx/auth/",
                      username = 'xx',
                      password = 'xxx',
                      realm_name = "xxx-xxx",
                      verify = True)
# get user id
userID = admin.get_user_id('one user's name')
# make sure you have the right realm name
realmName = 'xxx-xxx'
clientID = admin.get_client_id(realmName)
admin.assign_client_role(user_id = userID,
                         client_id = clientID, 
                         roles = [{"id":"34a02t60-2435-40da-v911-a3ee1xm58921",
                                   "name":"USER",
                                   "description":"xxxxx",
                                   "composite":False,
                                   "clientRole":True,
                                   "containerId":"aa102d71-4jk1-4u2a-a8w4-a6cv5j7626i1"}])

Unable to perform any actions with the REST API, I'm having problems performing any actions whatsoever with the REST API in my python script. so far, both with direct requests, and with the python-keycloak library. print(x) print(x.content) print(x.text) return x.content create_client() but when I perform any actions I get a 403 with “unknown error”. AkrutoSync syncs your entire Outlook calendar. If you do not want to sync old appointments, you can use Archive feature in Outlook. Reply Sync Outlook with

python-keycloak, Installation ### Via Pypi Package: ``` $ pip install python-keycloak unittest * [ httmock](https://github.com/patrys/httmock) ## Bug reports realm or client realm_roles = keycloak_admin.get_roles() # Assign client role to user. # KeyCloak integration python-keycloak==0.12.0 python-jose==3.0.0 We need a Middleware to handle request, parse the token, take Authorization decisions (whether to allow access or not)

Using Keycloak Admin Client to create user with roles (Realm and Client level) - KeycloakAdminClientExample.java

keycloak-client(fork from python-keycloak) is a Python package providing access to the Keycloak API.

Comments
  • # Assign client role to user. Note that BOTH role_name and role_id appear to be required.?