我是KeyCloak的新手,在使用示例客户端时遇到了问题。
我正在使用以下版本:
from keycloak.realm import KeycloakRealm
realm = KeycloakRealm(server_url=‘https://auth/.******.’, realm_name=‘jasonrealm’)
oidc_client = realm.open_id_connect(client_id=‘jason-test-client’,
client_secret=‘*********’)
creds = oidc_client.client_credentials()
print(creds)
admin_client = realm.admin
root = admin_client.root()
我得到的错误如下:
Traceback (most recent call last):
File "keystore-client1.py", line 9, in
creds = oidc_client.client_credentials()
File "/home/jason/keycloak-client/.venv/lib/python3.8/site-packages/keycloak/openid_connect.py", line 227, in client_credentials
return self._token_request(grant_type='client_credentials', **kwargs)
File "/home/jason/keycloak-client/.venv/lib/python3.8/site-packages/keycloak/openid_connect.py", line 307, in _token_request
return self._realm.client.post(self.get_url('token_endpoint'),
File "/home/jason/keycloak-client/.venv/lib/python3.8/site-packages/keycloak/openid_connect.py", line 34, in get_url
return self.well_known[name]
File "/home/jason/keycloak-client/.venv/lib/python3.8/site-packages/keycloak/well_known.py", line 35, in getitem
return self.contents[key]
File "/home/jason/keycloak-client/.venv/lib/python3.8/site-packages/keycloak/well_known.py", line 27, in contents
self._contents = self._realm.client.get(self._path)
File "/home/jason/keycloak-client/.venv/lib/python3.8/site-packages/keycloak/client.py", line 74, in get
return self._handle_response(
File "/home/jason/keycloak-client/.venv/lib/python3.8/site-packages/keycloak/client.py", line 89, in _handle_response
raise KeycloakClientError(original_exc=err)
keycloak.exceptions.KeycloakClientError: 404 Client Error: Not Found for url: https://auth.******.***/auth/realms/jasonrealm/.well-known/openid-configuration
我希望连接到KeyCloak服务器。
我尝试了我能找到的所有python-keycroak-client版本。行为没有变化。
python-keyCloak-client
(v0.2.3)不支持KeyCloak 20. x和19.x您必须使用旧(旧)KeyCloak 18.x
存储库URL
https://github.com/Peter-Slump/python-keycloak-client
原因是,python-keycloak-client
寻找OIDC配置URL但new Keycloak v20. x改变了新的ULR。(不同的是/auth
)所以该步骤从python-keycloak-client
的内部例程失败。
我想你有两个选择,一个是使用旧的KeyCloak v.18,另一个是使用其他Python适配器python-keyCloak
老URL
http://keycloakhost:keycloakport/auth/realms/{realm}/.well-known/openid-configuration
新URL
http://keycloakhost:keycloakport/realms/{realm}/.well-known/openid-configuration
我用v18.0.2-遗留https://quay.io/repository/keycloak/keycloak?tab=tags测试了你的代码
它与python-keyCloak-client
一起工作
from keycloak.realm import KeycloakRealm
realm = KeycloakRealm(server_url='http://localhost:8080', realm_name='jasonrealm')
oidc_client = realm.open_id_connect(client_id='jason-test-client', client_secret='qJYGwvwnPBAXpFC4oIW2yek9Mo404msU')
creds = oidc_client.client_credentials()
print(creds)
结果
$ python3 test.py
{'access_token': 'eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI2TjUzczZHQXdkREI3QXM3RFRsX2pQanp4MGU4dlJvQlNTUjNXakhnQi1VIn0.eyJleHAiOjE2NzMyOTAyMTEsImlhdCI6MTY3MzI4NjYxMSwianRpIjoiYTI1NWE2NGMtMDE3MC00YWViLThlZmUtODhiNDc2NDc5NDE3IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2F1dGgvcmVhbG1zL2phc29ucmVhbG0iLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNWI2MzQ0MWUtZGM5Ni00OTk0LTliZWUtMzViMmNkYTVmOTQ3IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiamFzb24tdGVzdC1jbGllbnQiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9sb2NhbGhvc3Q6MzAwMCJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiZGVmYXVsdC1yb2xlcy1qYXNvbnJlYWxtIiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7Imphc29uLXRlc3QtY2xpZW50Ijp7InJvbGVzIjpbInVtYV9wcm90ZWN0aW9uIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6ImVtYWlsIHByb2ZpbGUiLCJjbGllbnRIb3N0IjoiMTcyLjE4LjAuMSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwiY2xpZW50SWQiOiJqYXNvbi10ZXN0LWNsaWVudCIsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC1qYXNvbi10ZXN0LWNsaWVudCIsImNsaWVudEFkZHJlc3MiOiIxNzIuMTguMC4xIn0.CfeVngrlAwg95YVsRwhbyNPrp-cu_3oD7CUF0hTVSA4XbJEP7nTgq34a0AT_zxgjywRSmxnqbmbGJkA3V660fpEyvdAzy5XWLV50bTEuvLY-4tJVyqye8ORFj_CtnCxbHv6sQqlIismBNUVF7GyaBAHrwzLUPoPvTGj7crExKbppImx-VZBlZ1QaE9Pucu0ckR0ke4OYZzAq8Mu7NWzrwXf1WmDoPR-Gwr74UO2E-N12KeLHPQjhEKJ9zaBZ0uhf_nuhNl4LwwAj3fYw6r4vYPIffzSTRzqoRMpXcnX9mvVSfcqCliIlNRpvY-IAswpojwOS5o4PZJwrubI0ZwAvmA', 'expires_in': 3600, 'refresh_expires_in': 0, 'token_type': 'Bearer', 'not-before-policy': 0, 'scope': 'email profile'}
from keycloak import KeycloakOpenID
# Configure client
keycloak_openid = KeycloakOpenID(server_url="http://localhost:8080/",
client_id="example_client",
realm_name="example_realm",
client_secret_key="CoZmMflBVmPRiek5dJqXap7ew0vDFyMk")
token = keycloak_openid.token("user1", "1234")
print(token['access_token'])
Python钥匙扣留档
GitHubPythonKeyCloak
对于那些有问题的旧版本的密钥斗篷,使用python-keyCloak只是通知 /realms /auth后,因为最新版本的python-keyCloak删除 /auth从请求,如果只通知。
KeycloakOpenID(server_url="http://localhost:8080/auth/realms",
client_id=client_id,
realm_name=realm,
client_secret_key=secret_key)