derlin
Add support in library to call other non-admin REST API calls
My understanding is currently mantelo only supports calling 'admin' related REST APIs of Keycloak. From docs:
Once you have configured how to authenticate to Keycloak, the rest is easy-peasy. mantelo starts with the URL
/admin/realms/ and constructs the URL from there, depending on how you call the client.
This is great! Apart from this, I think there is scope to support calling other REST API requests as well from mantelo. For example, for obtaining permissions, clients are expected to do such a POST call:
curl -X POST \
http://${host}:${port}/realms/${realm}/protocol/openid-connect/token \
-H "Authorization: Bearer ${access_token}" \
--data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \
--data "audience={resource_server_client_id}" \
--data "permission=Resource A#Scope A" \
--data "permission=Resource B#Scope B"
There should be a way in 'mantelo' to call such POST calls as well.
Note:
-
python-keycloak supports this with 'permission_check' function. But it used to lack passing 'claim_token' argument. Recently, python-keycloak fixed this problem universally by allowing to pass 'extra_payload' args. Checkout issue raised and how it was closed: https://github.com/marcospereirampj/python-keycloak/issues/619
-
I can provide steps to setup keycloak for configuration of authorization services feature, if required.
