{"id":40824187,"url":"https://github.com/jaddek/pykeycloak","last_synced_at":"2026-01-21T22:10:54.982Z","repository":{"id":331966482,"uuid":"1132352024","full_name":"jaddek/pykeycloak","owner":"jaddek","description":"HTTP Client to Keycloak API","archived":false,"fork":false,"pushed_at":"2026-01-20T19:27:47.000Z","size":188,"stargazers_count":0,"open_issues_count":9,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-20T19:45:30.735Z","etag":null,"topics":["api","authentication","authorization","http-client","keycloak","openid","realm"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jaddek.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-11T19:54:33.000Z","updated_at":"2026-01-20T19:22:33.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/jaddek/pykeycloak","commit_stats":null,"previous_names":["jaddek/pykeycloak"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/jaddek/pykeycloak","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaddek%2Fpykeycloak","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaddek%2Fpykeycloak/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaddek%2Fpykeycloak/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaddek%2Fpykeycloak/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jaddek","download_url":"https://codeload.github.com/jaddek/pykeycloak/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaddek%2Fpykeycloak/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28645191,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-21T21:29:11.980Z","status":"ssl_error","status_checked_at":"2026-01-21T21:24:31.872Z","response_time":86,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","authentication","authorization","http-client","keycloak","openid","realm"],"created_at":"2026-01-21T22:10:54.915Z","updated_at":"2026-01-21T22:10:54.977Z","avatar_url":"https://github.com/jaddek.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PyKeycloak\n\nPyKeycloak is a library for working with Keycloak that provides asynchronous methods for authentication, token management, and permission handling.\n\n## Installation\n\nFor local development to install dependencies, use the following command:\n\n```bash\nmake install\n```\n\n## Usage Examples\n\nThe library can be used in 3 different ways:\n\n1. Make requests directly through the client\n2. Use the provider to get response with content\n3. Use the service to get either raw responses or Representation objects corresponding to the data received from Keycloak\n\n### Core Entities\n\n#### Payloads\n\n- `TokenIntrospectionPayload` - Payload for token introspection containing the token.\n\n- `RTPIntrospectionPayload` - Payload for token introspection inherited from `TokenIntrospectionPayload`, containing the token type.\n\n- `ObtainTokenPayload` - Base class for obtaining a token, containing the scope and grant type.\n\n- `UserCredentialsLoginPayload` - Payload for user authentication containing username and password.\n\n- `ClientCredentialsLoginPayload` - Payload for client authentication used to obtain a client token.\n\n- `RefreshTokenPayload` - Payload for refreshing a token containing the refresh token.\n\n- `UMAAuthorizationPayload` - Payload for UMA authorization containing audience, permissions, and other parameters.\n\n#### Providers\n\n- `KeycloakProviderAsync` - Asynchronous provider for working with Keycloak that provides methods for authentication, token refresh, user information retrieval, logout, token introspection, device authentication, and certificate retrieval.\n\n```python\nfrom pykeycloak.providers.providers import KeycloakInMemoryProviderAsync\nfrom pykeycloak.core.realm import RealmClient\n\nprovider = KeycloakInMemoryProviderAsync(\n    realm=\"kc_realm\",\n    realm_client=RealmClient.from_env(),\n)\n```\n\n#### Services\n\n`AuthService` - Service that provides methods for authentication, token refresh, user information retrieval, logout, token introspection, device authentication, and certificate retrieval.\n\n```python\nfrom pykeycloak.services.services import AuthService\nfrom pykeycloak.providers.providers import KeycloakInMemoryProviderAsync\nfrom pykeycloak.core.realm import RealmClient\n\nprovider = KeycloakInMemoryProviderAsync(\n    realm=\"kc_realm\",\n    realm_client=RealmClient.from_env(),\n)\n\nauth = AuthService(provider)\n```\n\n---\n\n`UmaService` - Service that provides a method for obtaining UMA permissions.\n\n```python\nfrom pykeycloak.services.services import UmaService\nfrom pykeycloak.providers.providers import KeycloakInMemoryProviderAsync\nfrom pykeycloak.core.realm import RealmClient\n\nprovider = KeycloakInMemoryProviderAsync(\n    realm=\"kc_realm\",\n    realm_client=RealmClient.from_env(),\n)\n\numa = UmaService(provider)\n```\n\n#### Representations\n\nRepresentations duplicate the data from Keycloak documentation based on the actual values they return.\n\n`TokenRepresentation` - Representation of a token containing information about the access token, expiration time, scope, and token type.\n\n`UserInfoRepresentation` - Representation of user information containing user data such as first name, last name, email address, and other attributes.\n\n`RealmAccessRepresentation` - Representation of realm access containing user roles in the realm.\n\n`IntrospectRepresentation` - Representation of token introspection result containing token information such as audience, expiration time, token type, and other attributes.\n\n#### Client\n\n`RealmClient` - Entity that stores realm data:\n\n```python\nimport os\nfrom pykeycloak.core.realm import RealmClient\n\nRealmClient.from_env()\n\n# or\nRealmClient(\n    client_id=os.getenv(\"KEYCLOAK_REALM_CLIENT_ID\"),\n    client_uuid=os.getenv(\"KEYCLOAK_REALM_CLIENT_UUID\"),\n    client_secret=os.getenv(\"KEYCLOAK_REALM_CLIENT_SECRET\")\n)\n```\n\n#### Sanitizer\n\nProcesses headers and request/response logs, hiding all critical information and marking it as hidden.\n\n```python\nimport os\nfrom pykeycloak.core.sanitizer import SensitiveDataSanitizer\n\nSensitiveDataSanitizer.from_env()\n\nSensitiveDataSanitizer(\n    sensitive_keys=frozenset(os.getenv(\"EXTRA_SENSITIVE_KEYS\", None))\n)\n```\n\n### Client Initialization\n\nTo get started, you need to initialize the client using environment variables:\n\n### User Authentication\n\nTo authenticate a user, use the `user_login_async` method:\n\n```python\nfrom pykeycloak.providers.payloads import UserCredentialsLoginPayload\n\ntoken = await auth_service.user_login_async(\n    payload=UserCredentialsLoginPayload(\n        username=username,\n        password=password,\n    ))\n```\n\n### Token Refresh\n\nTo refresh a token, use the `refresh_token_async` method:\n\n```python\nfrom pykeycloak.providers.payloads import RefreshTokenPayload\n\nrefresh_token = await auth_service.refresh_token_async(\n    payload=RefreshTokenPayload(refresh_token=token.refresh_token)\n)\n```\n\n### Token Introspection\n\nTo introspect a token, use the `introspect_async` method:\n\n```python\nfrom pykeycloak.providers.payloads import TokenIntrospectionPayload\n\nintrospect = await auth_service.introspect_async(\n    payload=TokenIntrospectionPayload(\n        token=refresh.auth_token,\n    )\n)\n```\n\n### UMA Permission Retrieval\n\nTo retrieve UMA permissions, use the `get_uma_permissions_async` method:\n\n```python\nfrom pykeycloak.providers.payloads import UMAAuthorizationPayload\n\npermissions = await uma_service.get_uma_permissions_async(\n    access_token=token.auth_token,  # user token\n    payload=UMAAuthorizationPayload(\n        audience=client.client_id,\n        permissions={'/otago/users': ['view']}\n    )\n)\n```\n\n### User Information Retrieval\n\nTo retrieve user information, use the `get_user_info_async` method:\n\n```python\nuser_info = await auth_service.get_user_info_async(\n    access_token=refresh.auth_token\n)\n```\n\n### Logout\n\nTo log out, use the `logout_async` method:\n\n```python\nawait auth_service.logout_async(refresh.refresh_token)\n```\n\n### Certificate Retrieval\n\nTo retrieve certificates, use the `get_certs_raw_async` method:\n\n```python\ncerts = await auth_service.get_certs_raw_async()\n```\n\n## License\n\nThis project is licensed under the MIT License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjaddek%2Fpykeycloak","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjaddek%2Fpykeycloak","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjaddek%2Fpykeycloak/lists"}