sqsc-keycloak-ruby 1.0.0.pre
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +2 -0
- data/.rspec +2 -0
- data/.travis.yml +5 -0
- data/.vscode/launch.json +65 -0
- data/CODE_OF_CONDUCT.md +74 -0
- data/Gemfile +3 -0
- data/Gemfile.lock +57 -0
- data/LICENSE.txt +21 -0
- data/README.md +535 -0
- data/README.pt-BR.md +532 -0
- data/Rakefile +6 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/keycloak-ruby.gemspec +39 -0
- data/lib/generators/keycloak.rb +12 -0
- data/lib/generators/keycloak/config/config_generator.rb +10 -0
- data/lib/keycloak/exceptions.rb +7 -0
- data/lib/keycloak/version.rb +3 -0
- data/lib/sqsc-keycloak-ruby.rb +972 -0
- metadata +148 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 8243fc8232d4c3dc5a170fecd87fd5b6c658385e1e4289228cedaae39f011a2c
|
4
|
+
data.tar.gz: 8cb59dd3fcd621d870e3bd0ef5b06198e02324d4bc99550c5d6a60b0d5471aa6
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 229150602a2096cd49351e5a50cf457510698709c5a61dc00b9b810f062193093af91a8a90f2d6c5962fff84062b6fbc96636e4a661461b5787b52e2a5a9a140
|
7
|
+
data.tar.gz: ab5a4dcd302a1469fbe09acfd3a2edbb27f035e05ed4c3d978644c3e1715242f80a20224424d891b71495a2baf71e24de079c02e532a4438ff064fa50e53008d
|
data/.gitignore
ADDED
data/.rspec
ADDED
data/.travis.yml
ADDED
data/.vscode/launch.json
ADDED
@@ -0,0 +1,65 @@
|
|
1
|
+
{
|
2
|
+
// Use IntelliSense to learn about possible attributes.
|
3
|
+
// Hover to view descriptions of existing attributes.
|
4
|
+
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
|
5
|
+
"version": "0.2.0",
|
6
|
+
"configurations": [
|
7
|
+
|
8
|
+
{
|
9
|
+
"name": "Debug Local File",
|
10
|
+
"type": "Ruby",
|
11
|
+
"request": "launch",
|
12
|
+
"cwd": "${workspaceRoot}",
|
13
|
+
"program": "${workspaceRoot}/main.rb"
|
14
|
+
},
|
15
|
+
{
|
16
|
+
"name": "Listen for rdebug-ide",
|
17
|
+
"type": "Ruby",
|
18
|
+
"request": "attach",
|
19
|
+
"cwd": "${workspaceRoot}",
|
20
|
+
"remoteHost": "127.0.0.1",
|
21
|
+
"remotePort": "1234",
|
22
|
+
"remoteWorkspaceRoot": "${workspaceRoot}"
|
23
|
+
},
|
24
|
+
{
|
25
|
+
"name": "Rails server",
|
26
|
+
"type": "Ruby",
|
27
|
+
"request": "launch",
|
28
|
+
"cwd": "${workspaceRoot}",
|
29
|
+
"program": "${workspaceRoot}/bin/rails",
|
30
|
+
"args": [
|
31
|
+
"server"
|
32
|
+
]
|
33
|
+
},
|
34
|
+
{
|
35
|
+
"name": "RSpec - all",
|
36
|
+
"type": "Ruby",
|
37
|
+
"request": "launch",
|
38
|
+
"cwd": "${workspaceRoot}",
|
39
|
+
"program": "${workspaceRoot}/bin/rspec",
|
40
|
+
"args": [
|
41
|
+
"-I",
|
42
|
+
"${workspaceRoot}"
|
43
|
+
]
|
44
|
+
},
|
45
|
+
{
|
46
|
+
"name": "RSpec - active spec file only",
|
47
|
+
"type": "Ruby",
|
48
|
+
"request": "launch",
|
49
|
+
"cwd": "${workspaceRoot}",
|
50
|
+
"program": "${workspaceRoot}/bin/rspec",
|
51
|
+
"args": [
|
52
|
+
"-I",
|
53
|
+
"${workspaceRoot}",
|
54
|
+
"${file}"
|
55
|
+
]
|
56
|
+
},
|
57
|
+
{
|
58
|
+
"name": "Cucumber",
|
59
|
+
"type": "Ruby",
|
60
|
+
"request": "launch",
|
61
|
+
"cwd": "${workspaceRoot}",
|
62
|
+
"program": "${workspaceRoot}/bin/cucumber"
|
63
|
+
}
|
64
|
+
]
|
65
|
+
}
|
data/CODE_OF_CONDUCT.md
ADDED
@@ -0,0 +1,74 @@
|
|
1
|
+
# Contributor Covenant Code of Conduct
|
2
|
+
|
3
|
+
## Our Pledge
|
4
|
+
|
5
|
+
In the interest of fostering an open and welcoming environment, we as
|
6
|
+
contributors and maintainers pledge to making participation in our project and
|
7
|
+
our community a harassment-free experience for everyone, regardless of age, body
|
8
|
+
size, disability, ethnicity, gender identity and expression, level of experience,
|
9
|
+
nationality, personal appearance, race, religion, or sexual identity and
|
10
|
+
orientation.
|
11
|
+
|
12
|
+
## Our Standards
|
13
|
+
|
14
|
+
Examples of behavior that contributes to creating a positive environment
|
15
|
+
include:
|
16
|
+
|
17
|
+
* Using welcoming and inclusive language
|
18
|
+
* Being respectful of differing viewpoints and experiences
|
19
|
+
* Gracefully accepting constructive criticism
|
20
|
+
* Focusing on what is best for the community
|
21
|
+
* Showing empathy towards other community members
|
22
|
+
|
23
|
+
Examples of unacceptable behavior by participants include:
|
24
|
+
|
25
|
+
* The use of sexualized language or imagery and unwelcome sexual attention or
|
26
|
+
advances
|
27
|
+
* Trolling, insulting/derogatory comments, and personal or political attacks
|
28
|
+
* Public or private harassment
|
29
|
+
* Publishing others' private information, such as a physical or electronic
|
30
|
+
address, without explicit permission
|
31
|
+
* Other conduct which could reasonably be considered inappropriate in a
|
32
|
+
professional setting
|
33
|
+
|
34
|
+
## Our Responsibilities
|
35
|
+
|
36
|
+
Project maintainers are responsible for clarifying the standards of acceptable
|
37
|
+
behavior and are expected to take appropriate and fair corrective action in
|
38
|
+
response to any instances of unacceptable behavior.
|
39
|
+
|
40
|
+
Project maintainers have the right and responsibility to remove, edit, or
|
41
|
+
reject comments, commits, code, wiki edits, issues, and other contributions
|
42
|
+
that are not aligned to this Code of Conduct, or to ban temporarily or
|
43
|
+
permanently any contributor for other behaviors that they deem inappropriate,
|
44
|
+
threatening, offensive, or harmful.
|
45
|
+
|
46
|
+
## Scope
|
47
|
+
|
48
|
+
This Code of Conduct applies both within project spaces and in public spaces
|
49
|
+
when an individual is representing the project or its community. Examples of
|
50
|
+
representing a project or community include using an official project e-mail
|
51
|
+
address, posting via an official social media account, or acting as an appointed
|
52
|
+
representative at an online or offline event. Representation of a project may be
|
53
|
+
further defined and clarified by project maintainers.
|
54
|
+
|
55
|
+
## Enforcement
|
56
|
+
|
57
|
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
58
|
+
reported by contacting the project team at g_portugues@hotmail.com. All
|
59
|
+
complaints will be reviewed and investigated and will result in a response that
|
60
|
+
is deemed necessary and appropriate to the circumstances. The project team is
|
61
|
+
obligated to maintain confidentiality with regard to the reporter of an incident.
|
62
|
+
Further details of specific enforcement policies may be posted separately.
|
63
|
+
|
64
|
+
Project maintainers who do not follow or enforce the Code of Conduct in good
|
65
|
+
faith may face temporary or permanent repercussions as determined by other
|
66
|
+
members of the project's leadership.
|
67
|
+
|
68
|
+
## Attribution
|
69
|
+
|
70
|
+
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
|
71
|
+
available at [http://contributor-covenant.org/version/1/4][version]
|
72
|
+
|
73
|
+
[homepage]: http://contributor-covenant.org
|
74
|
+
[version]: http://contributor-covenant.org/version/1/4/
|
data/Gemfile
ADDED
data/Gemfile.lock
ADDED
@@ -0,0 +1,57 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
keycloak-ruby (1.0.0.pre)
|
5
|
+
json
|
6
|
+
jwt
|
7
|
+
rest-client
|
8
|
+
|
9
|
+
GEM
|
10
|
+
remote: https://rubygems.org/
|
11
|
+
specs:
|
12
|
+
diff-lcs (1.3)
|
13
|
+
domain_name (0.5.20190701)
|
14
|
+
unf (>= 0.0.5, < 1.0.0)
|
15
|
+
http-accept (1.7.0)
|
16
|
+
http-cookie (1.0.3)
|
17
|
+
domain_name (~> 0.5)
|
18
|
+
json (2.3.0)
|
19
|
+
jwt (2.2.1)
|
20
|
+
mime-types (3.3)
|
21
|
+
mime-types-data (~> 3.2015)
|
22
|
+
mime-types-data (3.2019.1009)
|
23
|
+
netrc (0.11.0)
|
24
|
+
rake (13.0.1)
|
25
|
+
rest-client (2.1.0)
|
26
|
+
http-accept (>= 1.7.0, < 2.0)
|
27
|
+
http-cookie (>= 1.0.2, < 2.0)
|
28
|
+
mime-types (>= 1.16, < 4.0)
|
29
|
+
netrc (~> 0.8)
|
30
|
+
rspec (3.9.0)
|
31
|
+
rspec-core (~> 3.9.0)
|
32
|
+
rspec-expectations (~> 3.9.0)
|
33
|
+
rspec-mocks (~> 3.9.0)
|
34
|
+
rspec-core (3.9.0)
|
35
|
+
rspec-support (~> 3.9.0)
|
36
|
+
rspec-expectations (3.9.0)
|
37
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
38
|
+
rspec-support (~> 3.9.0)
|
39
|
+
rspec-mocks (3.9.0)
|
40
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
41
|
+
rspec-support (~> 3.9.0)
|
42
|
+
rspec-support (3.9.0)
|
43
|
+
unf (0.1.4)
|
44
|
+
unf_ext
|
45
|
+
unf_ext (0.0.7.6)
|
46
|
+
|
47
|
+
PLATFORMS
|
48
|
+
ruby
|
49
|
+
|
50
|
+
DEPENDENCIES
|
51
|
+
bundler (~> 1.17)
|
52
|
+
keycloak-ruby!
|
53
|
+
rake (~> 13.0)
|
54
|
+
rspec (~> 3.9)
|
55
|
+
|
56
|
+
BUNDLED WITH
|
57
|
+
1.17.3
|
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2017 Guilherme Portugues
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,535 @@
|
|
1
|
+
# Keycloak
|
2
|
+
|
3
|
+
* [pt-BR translation](https://github.com/imagov/keycloak/blob/master/README.pt-BR.md)
|
4
|
+
|
5
|
+
This is a fork from [keycloak](https://github.com/imagov/keycloak) in order to add support for some needed features.
|
6
|
+
|
7
|
+
Keycloak gem was developed to integrate applications and services into [Red Hat](https://www.redhat.com)'s [Keycloak](http://www.keycloak.org/) system for user control, authentication, authorization, and session management.
|
8
|
+
|
9
|
+
Its development was based on version 3.2 of Keycloak, whose documentation can be found [here](http://www.keycloak.org/archive/documentation-3.2.html).
|
10
|
+
|
11
|
+
Publication of gem: https://rubygems.org/gems/keycloak
|
12
|
+
|
13
|
+
Exemple: https://github.com/imagov/example-gem-keycloak
|
14
|
+
|
15
|
+
## Installation
|
16
|
+
|
17
|
+
Add this line in your application's <b>gemfile</b>:
|
18
|
+
|
19
|
+
```ruby
|
20
|
+
gem 'keycloak'
|
21
|
+
```
|
22
|
+
|
23
|
+
Install the gem by running:
|
24
|
+
|
25
|
+
$ bundle install
|
26
|
+
|
27
|
+
Or install it yourself:
|
28
|
+
|
29
|
+
$ gem install keycloak
|
30
|
+
|
31
|
+
To add the configuration file:
|
32
|
+
|
33
|
+
$ rails generate keycloak:config
|
34
|
+
|
35
|
+
|
36
|
+
## Use
|
37
|
+
|
38
|
+
Since you already have a Keycloak environment configured and the gem already installed, the next step is to define how the application will authenticate. Keycloak works with key authentication protocols, such as OpenID Connect, Oauth 2.0 and SAML 2.0, integrating system access through Single-Sign On, and can also provide access to <b>LDAP</b> or <b>Active Directory</b> users.
|
39
|
+
|
40
|
+
When you register a realm and also a Client in your Keycloak environment, you can download the Client installation file into the `config` folder of the application so that gem gets the information it needs to interact with Keycloak. To download this, simply access your Client's registry, click the <b>Installation</b> tab, select <b>Keycloak OIDC JSON</b> in the <b>Format option</b> field and click <b>Download</b>. If your application does not only work with a specific client (application server for APIs, for example), then you can tell what is the realm that gem will interact in the `keycloak.rb` configuration file.
|
41
|
+
|
42
|
+
Gem has a main module called <b>Keycloak</b>. Within this module there are three other modules: <b>Client</b>, <b>Admin</b> and <b>Internal</b>.
|
43
|
+
|
44
|
+
### Module Keycloak
|
45
|
+
|
46
|
+
The Keycloak module has some attributes and its definitions are fundamental for the perfect functioning of the gem in the application.
|
47
|
+
|
48
|
+
```ruby
|
49
|
+
Keycloak.installation_file = 'path/to/file.json'
|
50
|
+
```
|
51
|
+
|
52
|
+
Allows you to set the location of installation file if you have one. If not set, it will default to `keycloak.json` in the `config` folder of your repository. In any case, it will use installation file only if it's present.
|
53
|
+
|
54
|
+
```ruby
|
55
|
+
Keycloak.realm
|
56
|
+
```
|
57
|
+
|
58
|
+
If your application does not only work with a specific client (application server for APIs, for example), then you can tell the realm name that gem will interact in that attribute. When installed, gem creates the `keycloak.rb` file in `config / initializers`. This attribute can be found and defined in this file.
|
59
|
+
|
60
|
+
|
61
|
+
```ruby
|
62
|
+
Keycloak.auth_server_url
|
63
|
+
```
|
64
|
+
|
65
|
+
For the same scenario as the above attribute, you can tell the url of the realm that the gem will interact in that attribute. When installed, gem creates the `keycloak.rb` file in `config / initializers`. This attribute can be found and defined in this file.
|
66
|
+
|
67
|
+
|
68
|
+
```ruby
|
69
|
+
Keycloak.proxy
|
70
|
+
```
|
71
|
+
|
72
|
+
If the environment where your application will be used requires the use of proxy for the consumption of the Keycloak APIs, then define it in this attribute. When it is installed, gem creates the `keycloak.rb` file in `config/initializers`. This attribute can be found and defined in this file.
|
73
|
+
|
74
|
+
|
75
|
+
```ruby
|
76
|
+
Keycloak.generate_request_exception
|
77
|
+
```
|
78
|
+
|
79
|
+
This attribute is to define whether the HTTP exceptions generated in the returns of the requests made to Keycloak will or will not burst in the application. If set to `false`, then the exception will not be blown and the HTTP response will be returned to the application to do its own processing. The default value of this attribute is `true`. When it is installed, gem creates the `keycloak.rb` file in `config/initializers`. This attribute can be found and defined in this file.
|
80
|
+
|
81
|
+
|
82
|
+
```ruby
|
83
|
+
Keycloak.keycloak_controller
|
84
|
+
```
|
85
|
+
|
86
|
+
It is recommended that your application has a controller that centralizes the session actions that Keycloak will manage, such as login action, logout, session update, password reset, among others. Define in this attribute what is the name of the controller that will play this role. If your controller name is `SessionController`, then the value of this attribute should be `session` only. When it is installed, gem creates the `keycloak.rb` file in `config/initializers`. This attribute can be found and defined in this file.
|
87
|
+
|
88
|
+
|
89
|
+
```ruby
|
90
|
+
Keycloak.proc_cookie_token
|
91
|
+
```
|
92
|
+
|
93
|
+
This attribute is an anonymous method (lambda). The same must be implemented in the application so that the gem has access to the authentication token which, in turn, must be stored in the cookie. When performing the keycloak authentication through gem, the system must store the token returned in the browser cookie, such as:
|
94
|
+
```ruby
|
95
|
+
cookies.permanent[:keycloak_token] = Keycloak::Client.get_token(params[:user_login], params[:user_password])
|
96
|
+
```
|
97
|
+
|
98
|
+
The application can retrieve the token in the cookie by implementing the `Keycloak.proc_cookie_token` method as follows:
|
99
|
+
```ruby
|
100
|
+
Keycloak.proc_cookie_token = -> do
|
101
|
+
cookies.permanent[:keycloak_token]
|
102
|
+
end
|
103
|
+
```
|
104
|
+
This way, every time gem needs to use the token information to consume a Keycloak service, it will invoke this lambda method.
|
105
|
+
|
106
|
+
```ruby
|
107
|
+
Keycloak.proc_external_attributes
|
108
|
+
```
|
109
|
+
|
110
|
+
Keycloak gives the possibility that new attributes are mapped to the user registry. However, when these attributes are application specific, it is recommended that you manage them yourself. To do this, the best solution is to create these attributes in the application - example: create a table in the database of the application itself containing the columns representing each of the attributes, also inserting in this table a unique key column, same as the User Id created in Keycloak, indicating that the one belonging to that Id has those attributes.
|
111
|
+
In order for gem to have access to these attributes, set the `Keycloak.proc_external_attributes` attribute to a lambda method by obtaining the attributes of the logged-in user. Example:
|
112
|
+
```ruby
|
113
|
+
Keycloak.proc_external_attributes = -> do
|
114
|
+
attribute = UsuariosAtributo.find_or_create_by(user_keycloak_id: Keycloak::Client.get_attribute('sub'))
|
115
|
+
if attribute.status.nil?
|
116
|
+
attribute.status = false
|
117
|
+
attribute.save
|
118
|
+
end
|
119
|
+
attribute
|
120
|
+
end
|
121
|
+
```
|
122
|
+
|
123
|
+
|
124
|
+
<b>Note:</b> The `Keycloak.proc_cookie_token` and `Keycloak.proc_external_attributes` attributes can be defined in the `initialize` of the controller `ApplicationController`.
|
125
|
+
|
126
|
+
```ruby
|
127
|
+
Keycloak.validate_token_when_call_has_role
|
128
|
+
```
|
129
|
+
|
130
|
+
The introspect of the token will be executed every time the `Keycloak::Client.has_role?` method is invoked, if this setting is set to `true`.
|
131
|
+
|
132
|
+
|
133
|
+
### Keycloak::Client
|
134
|
+
|
135
|
+
The `Keycloak::Client` module has the methods that represent the <b>endpoint</b> services. These services are fundamental for creating and updating tokens, logging in and logout, and also for obtaining the synthetic information of a logged in user. What enables gem to make use of all these services is the previously mentioned client installation file.
|
136
|
+
|
137
|
+
We will detail each of these methods:
|
138
|
+
|
139
|
+
```ruby
|
140
|
+
Keycloak::Client.get_token(user, password, client_id = '', secret = '')
|
141
|
+
```
|
142
|
+
|
143
|
+
If you choose to authenticate users using the screen of your own application, then use this method. Simply invoke it in the method of login in the `controller` defined with the session controller of your application, passing as parameter the <b>user</b> and the <b>password</b> informed by the user. If the authentication is valid, then a JSON containing the `access_token` and the `refresh_token` is returned.
|
144
|
+
|
145
|
+
|
146
|
+
```ruby
|
147
|
+
Keycloak::Client.url_login_redirect(redirect_uri, response_type = 'code')
|
148
|
+
```
|
149
|
+
|
150
|
+
To authenticate the users of your application using a template configured in Keycloak, redirect the request to the url returned in this method. Pass as a parameter the url that the user will have access in case of successful authentication (`redirect_uri`) and also the type of response (`response_type`), which if not informed, gem will assume the `code` value. If the authentication is successful, then a `code` will be returned that will enable you to request a token from <b>Keycloak</b>.
|
151
|
+
|
152
|
+
|
153
|
+
```ruby
|
154
|
+
Keycloak::Client.get_token_by_code(code, redirect_uri, client_id = '', secret = '')
|
155
|
+
```
|
156
|
+
|
157
|
+
When using the `Keycloak::Client.url_login_redirect` method to get a `code`, pass it as a parameter in this method so that Keycloak returns a token, thus logging the user in the application. The second parameter (`redirect_uri`) must be passed so that when a token is made available, Keycloak redirects to the url informed.
|
158
|
+
|
159
|
+
|
160
|
+
```ruby
|
161
|
+
Keycloak::Client.get_token_by_exchange(issuer, issuer_token, client_id = '', secret = '')
|
162
|
+
```
|
163
|
+
|
164
|
+
To get a token through a token previously obtained from a trusted provider (OpenID standard), such as Facebook, Gooble, Twitter, or even another realm configured in the keycloak, simply invoke this method, passing in the `issuer` parameter the provider alias configured in the realm, and in the `issuer_token` parameter the token obtained by that provider. This will return a token authenticated by your realm.
|
165
|
+
|
166
|
+
|
167
|
+
```ruby
|
168
|
+
Keycloak::Client.get_userinfo_issuer(access_token = '', userinfo_endpoint = '')
|
169
|
+
```
|
170
|
+
|
171
|
+
This method returns the user information of a provider (`issuer` of the `get_token_by_exchange` method represented by the `access_token` passed as parameter. If the `access_token` parameter is not informed, then the gem will get this information in the cookie.
|
172
|
+
|
173
|
+
|
174
|
+
```ruby
|
175
|
+
Keycloak::Client.get_token_by_refresh_token(refresh_token = '', client_id = '', secret = '')
|
176
|
+
```
|
177
|
+
|
178
|
+
When the user is already logged in and your application internally tracks the token expiration time provided by Keycloak, then this method can be used to renew that token if it is still valid. To do this, simply pass the `refresh_token` as a parameter. If you do not inform `refresh_token`, gem will use the `refresh_token` stored in the cookie.
|
179
|
+
|
180
|
+
|
181
|
+
```ruby
|
182
|
+
Keycloak::Client.get_token_introspection(token = '', client_id = '', secret = '', token_introspection_endpoint = '')
|
183
|
+
```
|
184
|
+
|
185
|
+
This method returns the information from the `token` session passed as parameter. Among the information returned, the most important is the `active` field, since it informs whether the token session passed in the parameter is active or not. This will help your application control whether the logged-in user session has expired or not. If no token is passed as a parameter, gem will use the last `access_token` stored in the application's cookie.
|
186
|
+
|
187
|
+
|
188
|
+
```ruby
|
189
|
+
Keycloak::Client.get_token_by_client_credentials(client_id = '', secret = '')
|
190
|
+
```
|
191
|
+
|
192
|
+
There are some Keycloak services like <b>password reset</b>, <b>user registration</b> in the initial screen of the application or even authentication following the standard <b>OAuth 2.0</b>, that the authentication of a user becomes unnecessary. Therefore, we can obtain a token using the credentials of its own application (Client) registered in Keycloak. To obtain this token, pass the `client_id` - informed by the person who registered your application in Keycloak - and the `secret` of your application generated by Keycloak - to generate a `secret`, the Access Type of your Client must be configured as `confidential`. If you do not pass any of these parameters, gem will use the credentials contained in the installation file mentioned above.
|
193
|
+
|
194
|
+
|
195
|
+
```ruby
|
196
|
+
Keycloak::Client.logout(redirect_uri = '', refresh_token = '', client_id = '', secret = '', end_session_endpoint = '')
|
197
|
+
```
|
198
|
+
|
199
|
+
When used before the expiration of the logged on user's session, this method terminates the session. If the `redirect_uri` parameter is fed, then Keycloak will redirect your application to the url informed after logout. The second parameter is `refresh_token`, obtained at the time of authentication or session update. If the latter is not informed, then the gem will use the `refresh_token` of the cookie
|
200
|
+
|
201
|
+
|
202
|
+
```ruby
|
203
|
+
Keycloak::Client.get_userinfo(access_token = '', userinfo_endpoint = '')
|
204
|
+
```
|
205
|
+
|
206
|
+
This method returns synthetic information from the user represented by the `access_token` passed as a parameter, such as `sub` - which is the authenticated user id -, `preferred_username` - which is the authenticated user name - and `email` - which is the user's email address. If the `access_token` parameter is not informed, then the gem will get this information in the cookie.
|
207
|
+
|
208
|
+
|
209
|
+
```ruby
|
210
|
+
Keycloak::Client.url_user_account
|
211
|
+
```
|
212
|
+
|
213
|
+
Returns the <b>url</b> for access to the realm user registry of the installation file (`keycloak.json`). To access the screen, Keycloak will require user authentication. After connected, and if has permission, the user will have access to his own personal information and could even change them.
|
214
|
+
|
215
|
+
|
216
|
+
```ruby
|
217
|
+
Keycloak::Client.has_role?(user_role, access_token = '', client_id = '', secret = '', token_introspection_endpoint = '')
|
218
|
+
```
|
219
|
+
|
220
|
+
The `has_role?` method decodes the JWT `access_token` and verifies that the user who owns the token has the <b>role</b> informed in the `user_role` parameter. If `access_token` is not informed then gem will use the `access_token` of the cookie.
|
221
|
+
|
222
|
+
|
223
|
+
```ruby
|
224
|
+
Keycloak::Client.user_signed_in?(access_token = '', client_id = '', secret = '', token_introspection_endpoint = '')
|
225
|
+
```
|
226
|
+
|
227
|
+
This method checks whether the `access_token` passed in the parameter is still active. To check whether the user is active or not, the gem invokes the `get_token_introspection` method internally. If `access_token` is not informed then gem will use the `access_token` of the cookie.
|
228
|
+
|
229
|
+
|
230
|
+
```ruby
|
231
|
+
Keycloak::Client.get_attribute(attribute_name, access_token = '')
|
232
|
+
```
|
233
|
+
|
234
|
+
This method decodes the JWT `access_token` and returns the value of the name attribute passed in the `attribute_name` parameter. This attribute can be a <b>mapper</b> - registered in the <b>Mappers</b> section of the Realm <b>Client</b> registry. If `access_token` is not informed then gem will use the `access_token` of the cookie.
|
235
|
+
|
236
|
+
|
237
|
+
```ruby
|
238
|
+
Keycloak::Client.token
|
239
|
+
```
|
240
|
+
|
241
|
+
Returns the last authenticated token stored in the cookie. When the `Keycloak.proc_cookie_token` method is implemented in the application and a user authenticates the application, this method returns the token of that user.
|
242
|
+
|
243
|
+
|
244
|
+
```ruby
|
245
|
+
Keycloak::Client.external_attributes
|
246
|
+
```
|
247
|
+
|
248
|
+
When the `Keycloak.proc_external_attributes` method is implemented, the `external_attributes` method returns it. The purpose of this method is to return the application-specific attributes not mapped in Keycloak.
|
249
|
+
|
250
|
+
|
251
|
+
### Keycloak::Admin
|
252
|
+
|
253
|
+
The `Keycloak :: Admin` module provides methods that represent the [REST APIs do Keycloak](http://www.keycloak.org/docs-api/3.2/rest-api/index.html). In order to use these APIs, an active `access_token` is required, that is, authentication must occur before using the methods for a valid token to be used as a credential. If `access_token` is not informed then gem will use the `access_token` of the cookie. The authenticated user must have the `role` of the respective service invoked - roles of the `realm-management` client, which represents the management of the realm.
|
254
|
+
|
255
|
+
The list of methods is shown below. The `{realm}` route parameter of all APIs will be obtained from the `keycloak.json` installation file:
|
256
|
+
|
257
|
+
```ruby
|
258
|
+
# GET /admin/realms/{realm}/users
|
259
|
+
Keycloak::Admin.get_users(query_parameters = nil, access_token = nil)
|
260
|
+
```
|
261
|
+
|
262
|
+
`get_users` returns a list of users, filtered according to the parameters <b>hash</b> passed in` query_parameters`.
|
263
|
+
|
264
|
+
|
265
|
+
```ruby
|
266
|
+
# POST /admin/realms/{realm}/users
|
267
|
+
Keycloak::Admin.create_user(user_representation, access_token = nil)
|
268
|
+
```
|
269
|
+
|
270
|
+
`create_user` creates a new user in Keycloak. The `user_representation` parameter must be a hash according to Keycloak [UserRepresentation](http://www.keycloak.org/docs-api/3.2/rest-api/index.html#_userrepresentation). The return of this method will be `true` for success.
|
271
|
+
|
272
|
+
|
273
|
+
```ruby
|
274
|
+
# GET /admin/realms/{realm}/users/count
|
275
|
+
Keycloak::Admin.count_users(access_token = nil)
|
276
|
+
```
|
277
|
+
`count_users` returns the number of users in the realm.
|
278
|
+
|
279
|
+
|
280
|
+
```ruby
|
281
|
+
# GET /admin/realms/{realm}/users/{id}
|
282
|
+
Keycloak::Admin.get_user(id, access_token = nil)
|
283
|
+
```
|
284
|
+
|
285
|
+
`get_user` returns the user representation identified by the `id` parameter - which is the <b>ID</b> created by Keycloak when creating a new user.
|
286
|
+
|
287
|
+
|
288
|
+
```ruby
|
289
|
+
# PUT /admin/realms/{realm}/users/{id}
|
290
|
+
Keycloak::Admin.update_user(id, user_representation, access_token = nil)
|
291
|
+
```
|
292
|
+
|
293
|
+
`update_user` updates the user registry identified by `id` - which is the <b>ID</b> created by Keycloak when creating a new user. In the `user_representation` parameter should be a hash with the fields that will be changed, respecting the [UserRepresentation](http://www.keycloak.org/docs-api/3.2/rest-api/index.html#_userrepresentation) of Keycloak. The return of this method will be `true` for success.
|
294
|
+
|
295
|
+
|
296
|
+
```ruby
|
297
|
+
# DELETE /admin/realms/{realm}/users/{id}
|
298
|
+
Keycloak::Admin.delete_user(id, access_token = nil)
|
299
|
+
```
|
300
|
+
|
301
|
+
`delete_user` excludes the user ID identified by the `id` - which is the <b>ID</b> created by Keycloak when creating a new user. The return of this method will be `true` for success.
|
302
|
+
|
303
|
+
|
304
|
+
```ruby
|
305
|
+
# DELETE /admin/realms/{realm}/users/{id}/consents/{client}
|
306
|
+
Keycloak::Admin.revoke_consent_user(id, client_id = nil, access_token = nil)
|
307
|
+
```
|
308
|
+
|
309
|
+
`revoke_consent_user` revokes the tokens of a user identified by `id` - which is the <b>ID</b> created by Keycloak when creating a new user - on the client identified by the `client_id` parameter.
|
310
|
+
|
311
|
+
|
312
|
+
```ruby
|
313
|
+
# PUT /admin/realms/{realm}/users/{id}/execute-actions-email
|
314
|
+
Keycloak::Admin.update_account_email(id, actions, redirect_uri = '', client_id = nil, access_token = nil)
|
315
|
+
```
|
316
|
+
|
317
|
+
`update_account_email` sends an account update email to the user represented by the `id` parameter. The email contains a link that the user can click to execute a set of actions represented by the `actions` parameter - which awaits an `array` of [actions defined by Keycloak](http://www.keycloak.org/docs/3.2/server_admin/topics/users/required-actions.html). An example value that can be passed to the `actions` parameter is `['UPDATE_PASSWORD']`, which indicates that the action that the user must take when clicking the link in the email is to change their password. In the `redirect_uri` parameter, if necessary, a url must be passed so that, at the end of sending the e-mail, the application is redirected. The `client_id` parameter should be informed if the Client responsible for the actions to be performed is not the same as the `keycloak.json` installation file.
|
318
|
+
|
319
|
+
|
320
|
+
```ruby
|
321
|
+
# GET /admin/realms/{realm}/users/{id}/role-mappings
|
322
|
+
Keycloak::Admin.get_role_mappings(id, access_token = nil)
|
323
|
+
```
|
324
|
+
|
325
|
+
`get_role_mappings` returns all <b>Role Mappings</b> in the realm assigned to the user identified by the `id` parameter, regardless of the Client.
|
326
|
+
|
327
|
+
|
328
|
+
```ruby
|
329
|
+
# GET /admin/realms/{realm}/groups
|
330
|
+
Keycloak::Admin.get_groups(query_parameters = nil, access_token = nil)
|
331
|
+
```
|
332
|
+
|
333
|
+
`get_groups` returns a list of [GroupRepresentation](http://www.keycloak.org/docs-api/3.2/rest-api/index.html#_grouprepresentation) for the realm. The optional `query_parameters` parameter expects a hash with properties matching any of the [query parameters](https://www.keycloak.org/docs-api/3.2/rest-api/index.html#_groups_resource) accepted by the API.
|
334
|
+
|
335
|
+
|
336
|
+
```ruby
|
337
|
+
# GET /admin/realms/{realm}/clients
|
338
|
+
Keycloak::Admin.get_clients(query_parameters = nil, access_token = nil)
|
339
|
+
```
|
340
|
+
|
341
|
+
`get_clients` returns a list of [ClientRepresentation](http://www.keycloak.org/docs-api/3.2/rest-api/index.html#_clientrepresentation) pertaining to the realm. The `query_parameters` parameter expects a hash with `clientId` attributes - if you want the list to be filtered by `client_id` - and `viewableOnly` - to filter whether the Keycloak Administration Clients will be returned in the list.
|
342
|
+
|
343
|
+
|
344
|
+
```ruby
|
345
|
+
# GET /admin/realms/{realm}/clients/{id}/roles
|
346
|
+
Keycloak::Admin.get_all_roles_client(id, access_token = nil)
|
347
|
+
```
|
348
|
+
|
349
|
+
`get_all_roles_client` returns a [RoleRepresentation](http://www.keycloak.org/docs-api/3.2/rest-api/index.html#_rolerepresentation) list with all client <b>roles</b> identified by the `id` parameter - this parameter must be passed in the ID of the Clint and not `client_id`.
|
350
|
+
|
351
|
+
|
352
|
+
```ruby
|
353
|
+
# GET /admin/realms/{realm}/clients/{id}/roles/{role-name}
|
354
|
+
Keycloak::Admin.get_roles_client_by_name(id, role_name, access_token = nil)
|
355
|
+
```
|
356
|
+
|
357
|
+
`get_roles_client_by_name` returns the [RoleRepresentation](http://www.keycloak.org/docs-api/3.2/rest-api/index.html#_rolerepresentation) of the role identified by the parameter `role_name` - which is the name of the role.
|
358
|
+
|
359
|
+
|
360
|
+
```ruby
|
361
|
+
# POST /admin/realms/{realm}/users/{id}/role-mappings/clients/{client}
|
362
|
+
Keycloak::Admin.add_client_level_roles_to_user(id, client, role_representation, access_token = nil)
|
363
|
+
```
|
364
|
+
|
365
|
+
`add_client_level_roles_to_user` inserts a <b>role</b> from the Client (represented by the `client` parameter) to the user represented by the `id` parameter. The `role_representation` parameter should receive an `array` of [RoleRepresentation](http://www.keycloak.org/docs-api/3.2/rest-api/index.html#_rolerepresentation) that will be entered into the user. On success, the return will be `true`.
|
366
|
+
|
367
|
+
|
368
|
+
```ruby
|
369
|
+
# DELETE /admin/realms/{realm}/users/{id}/role-mappings/clients/{client}
|
370
|
+
Keycloak::Admin.delete_client_level_roles_from_user(id, client, role_representation, access_token = nil)
|
371
|
+
```
|
372
|
+
|
373
|
+
`delete_client_level_roles_from_user` deletes a <b>Client-Role</b> (representado pelo parâmetro `client`) of the user represented by the `id` parameter. The `role_representation` parameter should receive an `array` of [RoleRepresentation](http://www.keycloak.org/docs-api/3.2/rest-api/index.html#_rolerepresentation) that will be removed on the user. On success, the return will be `true`.
|
374
|
+
|
375
|
+
|
376
|
+
```ruby
|
377
|
+
# GET /admin/realms/{realm}/users/{id}/role-mappings/clients/{client}
|
378
|
+
Keycloak::Admin.get_client_level_role_for_user_and_app(id, client, access_token = nil)
|
379
|
+
```
|
380
|
+
|
381
|
+
`get_client_level_role_for_user_and_app` return a list of [RoleRepresentation](http://www.keycloak.org/docs-api/3.2/rest-api/index.html#_rolerepresentation) of client <b>Client-Roles</b>, represented by `client` parameter linked to the user represented by the `id` parameter.
|
382
|
+
|
383
|
+
|
384
|
+
```ruby
|
385
|
+
Keycloak::Admin.update_effective_user_roles(id, client_id, roles_names, access_token = nil)
|
386
|
+
```
|
387
|
+
|
388
|
+
`update_effective_user_roles` is not on the Keycloak <b>Admin APIs</b> list. This method binds to the user represented by the `id` parameter all the roles passed in an` array` in the `roles_names` parameter. The roles passed in the `roles_names` parameter must belong to the Client represented by the` client_id` parameter. If the user has the link with a role that is not in the `roles_names` parameter, this link will be removed because the purpose of this method is for the user to effectively assume the roles passed in this parameter. On success, the return will be `true`.
|
389
|
+
|
390
|
+
|
391
|
+
```ruby
|
392
|
+
PUT /admin/realms/{realm}/users/{id}/reset-password
|
393
|
+
Keycloak::Admin.reset_password(id, credential_representation, access_token = nil)
|
394
|
+
```
|
395
|
+
|
396
|
+
`reset_password` change the user password represented by `id` parameter. The new password is represented by `credential_representation` parameter, which is a set of information formatted under the [CredentialRepresentation](http://www.keycloak.org/docs-api/3.2/rest-api/index.html#_credentialrepresentation) section of the Keycloak API manual.
|
397
|
+
|
398
|
+
|
399
|
+
```ruby
|
400
|
+
GET /admin/realms/{realm}/groups/{id}/role-mappings/clients/{client}/composite
|
401
|
+
Keycloak::Admin.get_effective_client_level_role_composite_user(id, client, access_token = nil)
|
402
|
+
```
|
403
|
+
|
404
|
+
`get_effective_client_level_role_composite_user` return a list (array) of [RoleRepresentation](http://www.keycloak.org/docs-api/3.2/rest-api/index.html#_rolerepresentation) of a <b>Group</b> represented by `id` parameter attached to a <b>Client</b> represented by `client` parameter.
|
405
|
+
|
406
|
+
|
407
|
+
If there is any service in the manual [Keycloak Admin REST API](http://www.keycloak.org/docs-api/3.2/rest-api/index.html) that has not been implemented in this gem, there is a possibility of being invoked using the <b>Generics Methods</b> of the `Keycloak::Admin` model. The <b>Generics Methods</b> allow you to request any of the APIs, either `GET`,` POST`, `PUT` or` DELETE`, passing the request parameters as `hashes` in the parameters` query_parameters` and `body_parameter` of the <b>Generics Methods</b>.
|
408
|
+
<br>
|
409
|
+
The following are the <b>Generics Methods</b>:
|
410
|
+
<br>
|
411
|
+
|
412
|
+
```ruby
|
413
|
+
Keycloak::Admin.generic_get(service, query_parameters = nil, access_token = nil)
|
414
|
+
```
|
415
|
+
|
416
|
+
`generic_get` allows you to make <b>Keycloak</b> `GET` service requests. The part of the URI that identifies the service must be passed in the `service` parameter, already with the route parameters (such as `{client}`, for example) properly replaced. In the `query_parameters` parameter you can pass a `hash` containing the <b>Queries Parameters</b> of the request.<br>
|
417
|
+
Example:
|
418
|
+
```ruby
|
419
|
+
Keycloak::Admin.generic_get("users/", {email: 'admin@test.com'}, "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldU...")
|
420
|
+
```
|
421
|
+
|
422
|
+
|
423
|
+
```ruby
|
424
|
+
Keycloak::Admin.generic_post(service, query_parameters, body_parameter, access_token = nil)
|
425
|
+
```
|
426
|
+
|
427
|
+
`generic_post` allows you to make <b>Keycloak</b> `POST` service requests. The part of the URI that identifies the service must be passed in the `service` parameter, already with the route parameters (such as `{client}`, for example) properly replaced. In the `query_parameters` parameter you can pass a `hash` containing the <b>Query Parameters</b> of the request. In the `body_parameter` parameter you can pass a `hash` containing the <b>Body Parameters</b> of the request.<br>
|
428
|
+
Example:
|
429
|
+
```ruby
|
430
|
+
Keycloak::Admin.generic_post("users/", nil, { username: "admin", email: "admin@test.com", enabled: true }, "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldU...")
|
431
|
+
```
|
432
|
+
|
433
|
+
```ruby
|
434
|
+
Keycloak::Admin.generic_put(service, query_parameters, body_parameter, access_token = nil)
|
435
|
+
```
|
436
|
+
|
437
|
+
`generic_put` allows you to make <b>Keycloak</b> `PUT` service requests. The part of the URI that identifies the service must be passed in the `service` parameter, already with the route parameters (such as `{client}`, for example) properly replaced. In the `query_parameters` parameter you can pass a `hash` containing the <b>Query Parameters</b> of the request. In the `body_parameter` parameter you can pass a `hash` containing the <b>Body Parameters</b> of the request.
|
438
|
+
|
439
|
+
|
440
|
+
```ruby
|
441
|
+
Keycloak::Admin.generic_delete(service, query_parameters = nil, body_parameter = nil, access_token = nil)
|
442
|
+
```
|
443
|
+
|
444
|
+
`generic_delete` allows you to make <b>Keycloak</b> `DELETE` service requests. The part of the URI that identifies the service must be passed in the `service` parameter, already with the route parameters (such as `{client}`, for example) properly replaced. In the `query_parameters` parameter you can pass a `hash` containing the <b>Query Parameters</b> of the request. In the `body_parameter` parameter you can pass a `hash` containing the <b>Body Parameters</b> of the request.
|
445
|
+
|
446
|
+
|
447
|
+
### Keycloak::Internal
|
448
|
+
|
449
|
+
The `Keycloak::internal` module provides methods designed to facilitate interaction between the application and <b>Keycloak</b>. From the information found in the `keycloak.json` installation file, all invoked methods will be authenticated automatically, using the application credentials (`grant_type = client_credentials`), depending on the assigned roles assigned to it. request is authorized.
|
450
|
+
|
451
|
+
|
452
|
+
```ruby
|
453
|
+
Keycloak::Internal.get_users(query_parameters = nil, client_id = '', secret = '')
|
454
|
+
```
|
455
|
+
|
456
|
+
`get_users` invokes the `Keycloak::Admin.get_users` method that returns a list of users, filtered according to the parameters hash passed in `query_parameters`.
|
457
|
+
|
458
|
+
|
459
|
+
```ruby
|
460
|
+
Keycloak::Internal.get_groups(query_parameters = nil, client_id = '', secret = '')
|
461
|
+
```
|
462
|
+
|
463
|
+
`get_groups` invokes the `Keycloak::Admin.get_groups` method that returns the group hierarchy for the realm, filtered according to the parameters hash passed in `query_parameters`.
|
464
|
+
|
465
|
+
|
466
|
+
```ruby
|
467
|
+
Keycloak::Internal.change_password(user_id, redirect_uri = '', client_id = '', secret = '')
|
468
|
+
```
|
469
|
+
|
470
|
+
`change_password` will invoke the Keycloak `PUT /admin/realms/{realm}/users/{id}/execute-actions-email` API requesting the `UPDATE_PASSWORD` action. This will cause Keycloak to trigger an email to the user represented by the `user_id` parameter. The `redirect_uri` parameter is optional. If it is not filled, then there will be no link to click after the password reset action has been completed.
|
471
|
+
|
472
|
+
|
473
|
+
```ruby
|
474
|
+
Keycloak::Internal.get_user_info(user_login, whole_word = false, client_id = '', secret = ''))
|
475
|
+
```
|
476
|
+
|
477
|
+
`get_user_info`, based on the `user_login` parameter, which will be able to receive the `username` or the `email` of the user, will return an array of [UserRepresentation](http://www.keycloak.org/docs-api/3.2/rest-api/index.html#_userrepresentation) in the case where the `whole_word` parameter is `false`, or it will return a [UserRepresentation](http://www.keycloak.org/docs-api/3.2/rest-api/index.html#_userrepresentation) when the `whole_word` parameter is `true`. The `whole_word` parameter indicates whether the method should consider users that have `username` or `email` part of the expression passed in the `user_login` parameter - for the cases of `whole_word = false` - or that has exactly the last expression in this parameter - for the cases of `whole_word = true`.
|
478
|
+
|
479
|
+
|
480
|
+
```ruby
|
481
|
+
Keycloak::Internal.forgot_password(user_login, redirect_uri = '', client_id = '', secret = '')
|
482
|
+
```
|
483
|
+
|
484
|
+
`forgot_password` will invoke the `Keycloak::Internal.change_password` method after invoking the `Keycloak::Internal.get_user_info` method - passing in the `user_login` parameter of the described method the `user_login` parameter of this topic and passing `true` in the parameter `whole_word`. The use of this method is indicated for the cases of applications allow the reset of the password of the users without it is logged in.
|
485
|
+
|
486
|
+
|
487
|
+
```ruby
|
488
|
+
Keycloak::Internal.exists_name_or_email(value, user_id = '', client_id = '', secret = '')
|
489
|
+
```
|
490
|
+
|
491
|
+
`exists_name_or_email` checks whether a user with `username` or `email` already exists in the `value` parameter in the realm. The `user_id` parameter is used to pass the `ID` of a user in cases where it is desired to change the `username` or `email` of the same, so that they are considered in the `username` and `email verification` different users of the user with the `ID` informed in `user_id`.
|
492
|
+
|
493
|
+
|
494
|
+
```ruby
|
495
|
+
Keycloak::Internal.get_logged_user_info(client_id = '', secret = '')
|
496
|
+
```
|
497
|
+
|
498
|
+
`get_logged_user_info` returns the [UserRepresentation](http://www.keycloak.org/docs-api/3.2/rest-api/index.html#_userrepresentation) of the user logged into the application.
|
499
|
+
|
500
|
+
|
501
|
+
```ruby
|
502
|
+
# GET /admin/realms/{realm}/users
|
503
|
+
Keycloak::Internal.logged_federation_user?(client_id = '', secret = '')
|
504
|
+
```
|
505
|
+
|
506
|
+
`logged_federation_user?` method invokes the `Keycloak::Internal.get_logged_user_info` method and checks to see if it is an <b>Federation User</b> (an LDAP user for example).
|
507
|
+
|
508
|
+
|
509
|
+
```ruby
|
510
|
+
# GET /admin/realms/{realm}/users
|
511
|
+
Keycloak::Internal.create_starter_user(username, password, email, client_roles_names, proc = nil, client_id = '', secret = '')
|
512
|
+
```
|
513
|
+
|
514
|
+
`create_starter_user` is suitable for applications that allow the creation of new users without a user being logged in or even to create new users from `rake db: seed`. In the `username`, `password` and `email` parameters, the user name, password, and email, respectively, must be passed. In the `client_roles_names` parameter, a list (array) with the name of the `roles` of the Client that will be assigned to the user must be passed. The `proc` parameter is a <b>lambda</b> method that will make available the [UserRepresentation](http://www.keycloak.org/docs-api/3.2/rest-api/index.html#_userrepresentation) of the created user as a parameter, so that actions should be defined by the application. This method returns the same return of the `proc` parameter method if it is set, otherwise it will return to [UserRepresentation](http://www.keycloak.org/docs-api/3.2/rest-api/index.html#_userrepresentation) of the created user.
|
515
|
+
|
516
|
+
|
517
|
+
```ruby
|
518
|
+
Keycloak::Internal.get_client_roles(client_id = '', secret = '')
|
519
|
+
```
|
520
|
+
|
521
|
+
`get_client_roles` will return an array of [RoleRepresentation](http://www.keycloak.org/docs-api/3.2/rest-api/index.html#_rolerepresentation) from the Client indicated in the `client_id` parameter or, in the absence of this, by the client of the `keycloak.json` installation file.
|
522
|
+
|
523
|
+
|
524
|
+
```ruby
|
525
|
+
Keycloak::Internal.get_client_user_roles(user_id, client_id = '', secret = '')
|
526
|
+
```
|
527
|
+
|
528
|
+
`get_client_user_roles` will invoke the `Keycloak::Admin.get_effective_client_level_role_composite_user` method by considering the Client indicated in the `client_id` parameter or, if not, by the client of the `keycloak.json` installation file and the user represented by the `user_id` parameter.
|
529
|
+
|
530
|
+
|
531
|
+
```ruby
|
532
|
+
Keycloak::Internal.has_role?(user_id, user_role, client_id = '', secret = '')
|
533
|
+
```
|
534
|
+
|
535
|
+
`has_role?` informing the user represented by the `user_id` parameter has <b>role</b> with the name represented by the `user_role` parameter.
|