AuthenticationΒΆ
Keycloak client provides two methods called login and callback, using which you can connect to the authentication endpoints of keycloak server and perform openid authentication easily.
The following snippet is an example written in Flask framework
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 | #! -*- coding: utf-8 -*-
from flask import Flask, redirect, request, jsonify, session, Response
from keycloak import Client
api = Flask(__name__)
api.config['SECRET_KEY'] = 'EYxuFcNqGamVU78GgfupoO5N4z2xokA58XtL0ag'
kc = Client()
@api.route('/login', methods=['GET'])
def login():
""" Initiate authentication """
url, state = kc.login()
session['state'] = state
return redirect(url)
@api.route('/login/callback', methods=['GET'])
def login_callback():
""" Authentication callback handler """
# validate state
state = request.args.get('state', 'unknown')
_state = session.pop('state', None)
if state != _state:
return Response('Invalid state', status=403)
# retrieve tokens
code = request.args.get('code')
tokens = kc.callback(code)
# retrieve userinfo
access_token = tokens["access_token"]
userinfo = kc.fetch_userinfo(access_token)
session["user"] = userinfo
# send userinfo to user
return jsonify(userinfo)
if __name__ == '__main__':
api.run(host='0.0.0.0')
|