python-keycloak icon indicating copy to clipboard operation
python-keycloak copied to clipboard

Published 20 hours ago verified publisher icon marcospereirampj

Update client scopes

Open pablo-de-andres opened this issue 2 years ago • 8 comments

Hey guys, thanks for the great work!

I have been mainly using your library (apart from authentication) to register and update clients. It mostly works perfectly, except that I cannot change the scopes of a client once it has been registered (unless I go to the admin console and do it manually).

my code is basically:

client_representation = {
  'clientId': <client-id>,
  'id': <id-of-a-client>,
  'redirectUris': [
    'https://www.test.com/callback'
  ],
  'defaultClientScopes': [
    'openid',
    'roles',
    'email',
    'profile'
  ]
}

keycloak_admin.update_client(
        client_id="<id-of-a-client>", payload=client_representation
)

Note that:

  • There is no error raised.
  • Updating the redirectUris works without any issue.
  • Next time I fetch the information, the unchanged values are shown.
  • Registering a new client works as it should, and I can set the defaultClientScopes properly.

Is anyone familiar with this issue?

pablo-de-andres avatar Jun 22 '22 07:06 pablo-de-andres

Hi @pablo-de-andres

I believe that's a feature of Keycloak itself. Client scopes have their own API endpoints for both default and optional client scopes (https://www.keycloak.org/docs-api/18.0/rest-api/index.html#_clients_resource if you scroll down a bit you'll see).

AFAIK these endpoints are not available by any methods, so indeed this is a missing feature :) It's a good first issue to look into and pretty simple to add, feel free to contribute if you feel like it :) Otherwise, I'll have a look and implement these when I find some spare time :)

ryshoooo avatar Jun 22 '22 16:06 ryshoooo

Great, thanks for the quick answer! I will try to contribute if I have time in the near future :)

pablo-de-andres avatar Jun 24 '22 10:06 pablo-de-andres

@pablo-de-andres now you can use that commit

https://github.com/marcospereirampj/python-keycloak/pull/353

Zerek-Cheng avatar Jul 12 '22 16:07 Zerek-Cheng

@pablo-de-andres Hi, how do you regsiter clients ? couldn't find it in docs.

arieltoledo avatar Sep 07 '22 12:09 arieltoledo

@arieltoledo this method of the library, which calls this section of the API.

pablo-de-andres avatar Sep 07 '22 13:09 pablo-de-andres

@pablo-de-andres found it, thanks. Now docs says that the method returns Client ID https://python-keycloak.readthedocs.io/en/latest/reference/keycloak/index.html?highlight=create%20client#keycloak.KeycloakAdmin.create_client but I only get an empty string. Client gets registered at keycloak fine.

arieltoledo avatar Sep 07 '22 14:09 arieltoledo

@arieltoledo For me it works fine. But I would suggest opening an issue specific for that, and providing some context on what your request/response and configurations are. Then you might be able to get more help.

This specific issue is about something else.

pablo-de-andres avatar Sep 07 '22 14:09 pablo-de-andres

@pablo-de-andres found it, thanks. Now docs says that the method returns Client ID https://python-keycloak.readthedocs.io/en/latest/reference/keycloak/index.html?highlight=create%20client#keycloak.KeycloakAdmin.create_client but I only get an empty string. Client gets registered at keycloak fine.

What version of python-keycloak are you using? You are looking at the documentation for the latest version and the change of python-keycloak library returning the ID of the client is relatively recent (https://python-keycloak.readthedocs.io/en/latest/_modules/keycloak/keycloak_admin.html#KeycloakAdmin.create_client), I'd recommend to check the version before creating a new issue.

ryshoooo avatar Sep 07 '22 21:09 ryshoooo