class Keycloak::Client

Attributes

auth_server_url[R]
realm[R]

Public Class Methods

new(auth_server_url, realm) click to toggle source
# File lib/keycloak/client.rb, line 15
def initialize(auth_server_url, realm)
  @auth_server_url = auth_server_url
  @realm = realm
end

Public Instance Methods

access_token_valid?() click to toggle source
# File lib/keycloak/client.rb, line 69
def access_token_valid?
  @expires_in && @expires_in > DateTime.now
end
admin_realm_url() click to toggle source
# File lib/keycloak/client.rb, line 24
def admin_realm_url
  "#{@auth_server_url}/admin/realms/#{@realm}"
end
authenticate(username, password, grant_type, client_id, realm = @realm, auto: true) click to toggle source
# File lib/keycloak/client.rb, line 28
def authenticate(username, password, grant_type, client_id, realm = @realm, auto: true)
  @authenticate_realm = realm
  @authenticate_client_id = client_id
  if auto
    @authenticate_username = username
    @authenticate_password = password
    @authenticate_grant_type = grant_type
  end

  now = DateTime.now
  url = "#{@auth_server_url}/realms/#{realm}/protocol/openid-connect/token"
  res = JSON.parse post(url, {
    username: username,
    password: password,
    grant_type: grant_type,
    client_id: client_id,
    scope: "offline_access"
  }, try_refresh_token: false).body
  @access_token = res["access_token"]
  @refresh_token = res["refresh_token"]
  @refresh_expires_in = now + res["refresh_expires_in"].seconds
  @expires_in = now + res["expires_in"].seconds
  true
end
delete(url, headers: {}, payload: nil, try_refresh_token: true) click to toggle source
# File lib/keycloak/client.rb, line 108
def delete(url, headers: {}, payload: nil, try_refresh_token: true)
  try_refresh_token! if try_refresh_token

  RestClient::Request.execute(
    method: :delete, url: url, payload: payload,
    headers: {
      authorization: "Bearer #{@access_token}",
      accept: "application/json"
    }.merge(headers)
  )
end
get(url, headers: {}, params: {}, try_refresh_token: true) click to toggle source
# File lib/keycloak/client.rb, line 98
def get(url, headers: {}, params: {}, try_refresh_token: true)
  try_refresh_token! if try_refresh_token

  RestClient.get(url, {
    authorization: "Bearer #{@access_token}",
    accept: "application/json",
    params: params
  }.merge(headers))
end
post(url, payload, headers: {}, try_refresh_token: true) click to toggle source
# File lib/keycloak/client.rb, line 89
def post(url, payload, headers: {}, try_refresh_token: true)
  try_refresh_token! if try_refresh_token

  RestClient.post(url, payload, {
    authorization: "Bearer #{@access_token}",
    accept: "application/json"
  }.merge(headers))
end
put(url, payload, headers: {}, try_refresh_token: true) click to toggle source
# File lib/keycloak/client.rb, line 120
def put(url, payload, headers: {}, try_refresh_token: true)
  try_refresh_token! if try_refresh_token

  RestClient.put(url, payload, {
    authorization: "Bearer #{@access_token}",
    accept: "application/json"
  }.merge(headers))
end
realm_url() click to toggle source
# File lib/keycloak/client.rb, line 20
def realm_url
  "#{@auth_server_url}/realms/#{@realm}"
end
refresh_token!() click to toggle source
# File lib/keycloak/client.rb, line 53
def refresh_token!
  raise "need to call `authenticate` first" unless @refresh_token

  url = "#{@auth_server_url}/realms/#{@authenticate_realm}/protocol/openid-connect/token"
  res = JSON.parse post(url, {
    grant_type: "refresh_token",
    client_id: @authenticate_client_id,
    refresh_token: @refresh_token
  }, try_refresh_token: false)
  @access_token = res["access_token"]
  @refresh_token = res["refresh_token"]
  now = DateTime.now
  @refresh_expires_in = now + res["refresh_expires_in"].seconds
  @expires_in = now + res["expires_in"].seconds
end
refresh_token_valid?() click to toggle source
# File lib/keycloak/client.rb, line 73
def refresh_token_valid?
  @refresh_expires_in && @refresh_expires_in > DateTime.now
end
try_refresh_token!() click to toggle source
# File lib/keycloak/client.rb, line 77
def try_refresh_token!
  return if access_token_valid?

  if refresh_token_valid?
    refresh_token!
  elsif @authenticate_username && @authenticate_password
    authenticate(@authenticate_username, @authenticate_password, @authenticate_grant_type, @authenticate_client_id, @authenticate_realm, auto: false)
  else
    raise("Refresh token expired, you should re-authenticate to obtain an access token or enable auto authentication")
  end
end