APIErrType is a field containing more specific API error types
that may be checked by the receiver.
func ParseAPIErrType(err error) APIErrType
const APIErrTypeUnknown
ClientMappingsRepresentation is a client role mappingsClient*stringID*stringMappings*[]Role(*ClientMappingsRepresentation) String() string
*ClientMappingsRepresentation : github.com/ChrisTrenkamp/goxpath/tree.Result
*ClientMappingsRepresentation : fmt.Stringer
DecisionStrategy is an enum type for DecisionStrategy of PolicyRepresentation
func DecisionStrategyP(value DecisionStrategy) *DecisionStrategy
func DecisionStrategyP(value DecisionStrategy) *DecisionStrategy
var AFFIRMATIVE *DecisionStrategy
var CONSENSUS *DecisionStrategy
var UNANIMOUS *DecisionStrategy
EnforcedString can be used when the expected value is string but Keycloak in some cases gives you mixed types MarshalJSON return json marshal UnmarshalJSON modify data as string before json unmarshal
*EnforcedString : encoding/json.Marshaler
*EnforcedString : encoding/json.Unmarshaler
GoCloak provides functionalities to talk to Keycloak.Configstruct{CertsInvalidateTime time.Duration; authAdminRealms string; authRealms string; tokenEndpoint string; revokeEndpoint string; logoutEndpoint string; openIDConnect string; attackDetection string} AddClientRoleComposite adds roles as composite AddClientRoleToGroup adds a client role to the group
Deprecated: replaced by AddClientRolesToGroup AddClientRoleToUser adds client-level role mappings
Deprecated: replaced by AddClientRolesToUser AddClientRolesToGroup adds a client role to the group AddClientRolesToUser adds client-level role mappings AddDefaultGroup adds group to the list of default groups AddDefaultScopeToClient adds a client scope to the list of client's default scopes AddOptionalScopeToClient adds a client scope to the list of client's optional scopes AddRealmRoleComposite adds a role to the composite. AddRealmRoleToGroup adds realm-level role mappings AddRealmRoleToUser adds realm-level role mappings AddUserToGroup puts given user to given group ClearKeysCache clears realm cache ClearRealmCache clears realm cache ClearUserCache clears realm cache CreateAuthenticationExecution creates a new execution for the given flow name in the given realm CreateAuthenticationExecutionFlow creates a new execution for the given flow name in the given realm CreateAuthenticationFlow creates a new Authentication flow in a realm CreateChildGroup creates a new child group CreateClient creates the given g. CreateClientProtocolMapper creates a protocol mapper in client scope CreateClientRepresentation creates a new client representation CreateClientRole creates a new role for a client CreateClientScope creates a new client scope CreateClientScopeMappingsClientRoles creates client-level roles from the client’s scope CreateClientScopeMappingsRealmRoles create realm-level roles to the client’s scope CreateClientScopeProtocolMapper creates a new protocolMapper under the given client scope CreateClientScopesScopeMappingsClientRoles attaches a client role to a client scope (not client's scope) CreateClientScopesScopeMappingsRealmRoles creates realm-level roles to the client scope CreateComponent creates the given component. CreateGroup creates a new group. CreateIdentityProvider creates an identity provider in a realm CreateIdentityProviderMapper creates an instance of an identity provider mapper associated with the given alias CreatePermission creates a permission associated with the client CreatePermissionTicket creates a permission ticket, using access token from client CreatePolicy creates a policy associated with the client CreateRealm creates a realm CreateRealmRole creates a role in a realm CreateResource creates a resource associated with the client, using access token from admin CreateResourceClient creates a resource associated with the client, using access token from client CreateResourcePolicy associates a permission with a specific resource, using token obtained by Resource Owner Password Credentials Grant or Token exchange CreateScope creates a scope associated with the client CreateUser creates the given user in the given realm and returns it's userID
Note: Keycloak has not documented what members of the User object are actually being accepted, when creating a user.
Things like RealmRoles must be attached using followup calls to the respective functions. CreateUserFederatedIdentity creates an user federated identity DecodeAccessToken decodes the accessToken DecodeAccessTokenCustomClaims decodes the accessToken and writes claims into the given claims DeleteAuthenticationExecution delete a single execution with the given ID DeleteAuthenticationFlow deletes a flow in a realm with the given ID DeleteClient deletes a given client DeleteClientProtocolMapper deletes a protocol mapper in client scope DeleteClientRepresentation deletes a given client representation. DeleteClientRole deletes a given role. DeleteClientRoleComposite deletes composites from a role DeleteClientRoleFromGroup removes a client role from from the group DeleteClientRoleFromUser adds client-level role mappings
Deprecated: replaced by DeleteClientRolesFrom DeleteClientRolesFromUser adds client-level role mappings DeleteClientScope deletes the scope with the given id. DeleteClientScopeMappingsClientRoles deletes client-level roles from the client’s scope DeleteClientScopeMappingsRealmRoles deletes realm-level roles from the client’s scope DeleteClientScopeProtocolMapper deletes the given protocol mapper from the client scope DeleteClientScopesScopeMappingsClientRoles removes attachment of client roles from a client scope
(not client's scope). DeleteClientScopesScopeMappingsRealmRoles deletes realm-level roles from the client-scope DeleteComponent deletes the component with the given id. DeleteCredentials deletes the given credential for a given user DeleteGroup deletes the group with the given groupID. DeleteIdentityProvider deletes the identity provider in a realm DeleteIdentityProviderMapper deletes an instance of an identity provider mapper associated with the given alias and mapper ID DeletePermission deletes a policy associated with the client DeletePolicy deletes a policy associated with the client DeleteRealm removes a realm DeleteRealmRole deletes a role in a realm by role's name DeleteRealmRoleComposite deletes a role from the composite. DeleteRealmRoleFromGroup deletes realm-level role mappings DeleteRealmRoleFromUser deletes realm-level role mappings DeleteRequiredAction updates a required action for a given realm DeleteResource deletes a resource associated with the client (using an admin token) DeleteResourceClient deletes a resource associated with the client (using a client token) DeleteResourcePolicy deletes a permission for a specific resource, using token obtained by Resource Owner Password Credentials Grant or Token exchange DeleteScope deletes a scope associated with the client DeleteUser delete a given user DeleteUserFederatedIdentity deletes an user federated identity DeleteUserFromGroup deletes given user from given group DeleteUserPermission revokes permissions according query parameters DisableAllCredentialsByType disables all credentials for a user of a specific type ExecuteActionsEmail executes an actions email ExportIDPPublicBrokerConfig exports the broker config for a given alias GetAdapterConfiguration returns a adapter configuration GetAuthenticationExecutions retrieves all executions of a given flow GetAuthenticationFlow get an authentication flow with the given ID GetAuthenticationFlows get all authentication flows from a realm GetAuthorizationPolicyAssociatedPolicies returns a client's associated policies of specific policy with the given policy id, using access token from admin GetAuthorizationPolicyResources returns a client's resources of specific policy with the given policy id, using access token from admin GetAuthorizationPolicyScopes returns a client's scopes of specific policy with the given policy id, using access token from admin GetAvailableClientRolesByGroupID returns all available roles to the given group GetAvailableClientRolesByUserID returns all available client roles to the given user GetAvailableRealmRolesByGroupID returns all available realm roles to the given group GetAvailableRealmRolesByUserID returns all available realm roles to the given user GetCerts fetches certificates for the given realm from the public /open-id-connect/certs endpoint GetClient returns a client GetClientManagementPermissions returns whether client Authorization permissions have been initialized or not and a reference
to the managed permissions GetClientOfflineSessions returns offline sessions associated with the client GetClientRepresentation returns a client representation GetClientRole get a role for the given client in a realm by role name GetClientRoleByID gets role for the given client in realm using role ID GetClientRoles get all roles for the given client in realm GetClientRolesByGroupID returns all client roles assigned to the given group GetClientRolesByUserID returns all client roles assigned to the given user GetClientScope returns a clientscope GetClientScopeMappings returns all scope mappings for the client GetClientScopeMappingsClientRoles returns roles associated with a client’s scope GetClientScopeMappingsClientRolesAvailable returns available roles associated with a client’s scope GetClientScopeMappingsRealmRoles returns realm-level roles associated with the client’s scope GetClientScopeMappingsRealmRolesAvailable returns realm-level roles that are available to attach to this client’s scope GetClientScopeProtocolMapper returns a protocol mapper of a client scope GetClientScopeProtocolMappers returns all protocol mappers of a client scope GetClientScopes returns all client scopes GetClientScopesScopeMappingsClientRoles returns attached client roles for a specific client, for a client scope
(not client's scope). GetClientScopesScopeMappingsClientRolesAvailable returns available (i.e. not attached via
CreateClientScopesScopeMappingsClientRoles) client roles for a specific client, for a client scope
(not client's scope). GetClientScopesScopeMappingsRealmRoles returns roles associated with a client-scope GetClientScopesScopeMappingsRealmRolesAvailable returns realm-level roles that are available to attach to this client scope GetClientSecret returns a client's secret GetClientServiceAccount retrieves the service account "user" for a client if enabled GetClientUserSessions returns user sessions associated with the client GetClients gets all clients in realm GetClientsDefaultScopes returns a list of the client's default scopes GetClientsOptionalScopes returns a list of the client's optional scopes GetComponent get exactly one component by ID GetComponents get all components in realm GetComponentsWithParams get all components in realm with query params GetCompositeClientRolesByGroupID returns all client roles and composite roles assigned to the given group GetCompositeClientRolesByRoleID returns all client composite roles associated with the given client role GetCompositeClientRolesByUserID returns all client roles and composite roles assigned to the given user GetCompositeRealmRoles returns all realm composite roles associated with the given realm role GetCompositeRealmRolesByGroupID returns all realm roles and composite roles assigned to the given group GetCompositeRealmRolesByRoleID returns all realm composite roles associated with the given client role GetCompositeRealmRolesByUserID returns all realm roles and composite roles assigned to the given user GetCompositeRolesByRoleID returns all realm composite roles associated with the given client role GetConfiguredUserStorageCredentialTypes returns credential types, which are provided by the user storage where user is stored GetCredentialRegistrators returns credentials registrators GetCredentials returns credentials available for a given user GetDefaultDefaultClientScopes returns a list of default realm default scopes GetDefaultGroups returns a list of default groups GetDefaultOptionalClientScopes returns a list of default realm optional scopes GetDependentPermissions returns a client's permission with the given policy id GetEvents returns events GetGroup get group with id in realm GetGroupByPath get group with path in realm GetGroupManagementPermissions returns whether group Authorization permissions have been initialized or not and a reference
to the managed permissions GetGroupMembers get a list of users of group with id in realm GetGroups get all groups in realm GetGroupsByClientRole gets groups with specified roles assigned of given client within a realm GetGroupsByRole gets groups assigned with a specific role of a realm GetGroupsCount gets the groups count in the realm GetIdentityProvider gets the identity provider in a realm GetIdentityProviderMapper gets the mapper by id for the given identity provider alias in a realm GetIdentityProviderMapperByID gets the mapper of an identity provider GetIdentityProviderMappers returns list of mappers associated with an identity provider GetIdentityProviders returns list of identity providers in a realm GetIssuer gets the issuer of the given realm GetKeyStoreConfig get keystoreconfig of the realm GetPermission returns a client's permission with the given id GetPermissionResources returns a client's resource attached for the given permission id GetPermissionScope gets the permission scope associated with the client GetPermissionScopes returns a client's scopes configured for the given permission id GetPermissions returns permissions associated with the client GetPolicies returns policies associated with the client GetPolicy returns a client's policy with the given id GetRawUserInfo calls the UserInfo endpoint and returns a raw json object GetRealm returns top-level representation of the realm GetRealmRole returns a role from a realm by role's name GetRealmRoleByID returns a role from a realm by role's ID GetRealmRoles get all roles of the given realm. GetRealmRolesByGroupID returns all roles assigned to the given group GetRealmRolesByUserID returns all roles assigned to the given user GetRealms returns top-level representation of all realms GetRequest returns a request for calling endpoints. GetRequestWithBasicAuth returns a form data base request configured with basic auth. GetRequestWithBearerAuth returns a JSON base request configured with an auth token. GetRequestWithBearerAuthNoCache returns a JSON base request configured with an auth token and no-cache header. GetRequestWithBearerAuthXMLHeader returns an XML base request configured with an auth token. GetRequestingPartyPermissionDecision returns a requesting party permission decision granted by the server GetRequestingPartyPermissions returns a requesting party permissions granted by the server GetRequestingPartyToken returns a requesting party token with permissions granted by the server GetRequiredAction gets a required action for a given realm GetRequiredActions gets a list of required actions for a given realm GetResource returns a client's resource with the given id, using access token from admin GetResourceClient returns a client's resource with the given id, using access token from client GetResourcePolicies returns resources associated with the client, using token obtained by Resource Owner Password Credentials Grant or Token exchange GetResourcePolicy updates a permission for a specific resource, using token obtained by Resource Owner Password Credentials Grant or Token exchange GetResourceServer returns resource server settings.
The access token must have the realm view_clients role on its service
account to be allowed to call this endpoint. GetResources returns resources associated with the client, using access token from admin GetResourcesClient returns resources associated with the client, using access token from client GetRoleMappingByGroupID gets the role mappings by group GetRoleMappingByUserID gets the role mappings by user GetScope returns a client's scope with the given id GetScopes returns scopes associated with the client GetServerInfo fetches the server info. GetToken uses TokenOptions to fetch a token. GetUserBruteForceDetectionStatus fetches a user status regarding brute force protection GetUserByID fetches a user from the given realm with the given userID GetUserCount gets the user count in the realm GetUserFederatedIdentities gets all user federated identities GetUserGroups get all groups for user GetUserInfo calls the UserInfo endpoint GetUserOfflineSessionsForClient returns offline sessions associated with the user and client GetUserPermissions gets granted permissions according query parameters GetUserSessions returns user sessions associated with the user GetUsers get all users in realm GetUsersByClientRoleName returns all users have a given client role GetUsersByRoleName returns all users have a given role GrantUserPermission lets resource owner grant permission for specific resource ID to specific user ID ImportIdentityProviderConfig parses and returns the identity provider config at a given URL ImportIdentityProviderConfigFromFile parses and returns the identity provider config from a given file Login performs a login with user credentials and a client LoginAdmin performs a login with Admin client LoginClient performs a login with client credentials LoginClientSignedJWT performs a login with client credentials and signed jwt claims LoginClientTokenExchange will exchange the presented token for a user's token
Requires Token-Exchange is enabled: https://www.keycloak.org/docs/latest/securing_apps/index.html#_token-exchange LoginOtp performs a login with user credentials and otp token Logout logs out users with refresh token LogoutAllSessions logs out all sessions of a user given an id. LogoutPublicClient performs a logout using a public client and the accessToken. LogoutUserSession logs out a single sessions of a user given a session id MoveCredentialBehind move a credential to a position behind another credential MoveCredentialToFirst move a credential to a first position in the credentials list of the user RefreshToken refreshes the given token.
May return a *APIError with further details about the issue. RegenerateClientSecret triggers the creation of the new client secret. RegisterRequiredAction creates a required action for a given realm RemoveDefaultGroup removes group from the list of default groups RemoveDefaultScopeFromClient removes a client scope from the list of client's default scopes RemoveOptionalScopeFromClient deletes a client scope from the list of client's optional scopes RestyClient returns the internal resty g.
This can be used to configure the g. RetrospectToken calls the openid-connect introspect endpoint RevokeToken revokes the passed token. The token can either be an access or refresh token. RevokeUserConsents revokes the given user consent. SendVerifyEmail sends a verification e-mail to a user. SetPassword sets a new password for the user with the given id. Needs elevated privileges SetRestyClient overwrites the internal resty g. UpdateAuthenticationExecution updates an authentication execution for the given flow in the given realm UpdateAuthenticationFlow a given Authentication Flow UpdateClient updates the given Client UpdateClientManagementPermissions updates the given client management permissions UpdateClientProtocolMapper updates a protocol mapper in client scope UpdateClientRepresentation updates the given client representation UpdateClientScope updates the given client scope. UpdateClientScopeProtocolMapper updates the given protocol mapper for a client scope UpdateComponent updates the given component UpdateCredentialUserLabel updates label for the given credential for the given user UpdateGroup updates the given group. UpdateGroupManagementPermissions updates the given group management permissions UpdateIdentityProvider updates the identity provider in a realm UpdateIdentityProviderMapper updates mapper of an identity provider UpdatePermission updates a permission associated with the client UpdatePermissionScope updates a permission scope associated with the client UpdatePolicy updates a policy associated with the client UpdateRealm updates a given realm UpdateRealmRole updates a role in a realm UpdateRealmRoleByID updates a role in a realm by role's ID UpdateRequiredAction updates a required action for a given realm UpdateResource updates a resource associated with the client, using access token from admin UpdateResourceClient updates a resource associated with the client, using access token from client UpdateResourcePolicy updates a permission for a specific resource, using token obtained by Resource Owner Password Credentials Grant or Token exchange UpdateRole updates the given role. UpdateScope updates a scope associated with the client UpdateUser updates a given user UpdateUserPermission updates user permissions.
func NewClient(basePath string, options ...func(*GoCloak)) *GoCloak
GroupPolicyRepresentation represents group based policiesGroups*[]GroupDefinitionGroupsClaim*string(*GroupPolicyRepresentation) String() string
*GroupPolicyRepresentation : github.com/ChrisTrenkamp/goxpath/tree.Result
*GroupPolicyRepresentation : fmt.Stringer
GroupsCount represents the groups count response from keycloakCountint(*GroupsCount) String() string
*GroupsCount : github.com/ChrisTrenkamp/goxpath/tree.Result
*GroupsCount : fmt.Stringer
HTTPErrorResponse is a model of an error responseDescriptionstringErrorstringMessagestring NotEmpty validates that error is not emptyp String returns a string representation of an error
HTTPErrorResponse : github.com/ChrisTrenkamp/goxpath/tree.Result
HTTPErrorResponse : fmt.Stringer
PermissionTicketPermissionRepresentation represents the individual permissions in a permission ticketRSID*stringScopes*[]string(*PermissionTicketPermissionRepresentation) String() string
*PermissionTicketPermissionRepresentation : github.com/ChrisTrenkamp/goxpath/tree.Result
*PermissionTicketPermissionRepresentation : fmt.Stringer
PermissionTicketRepresentation represents the permission ticket contentsAZP*stringClaims*map[string][]stringPermissions*[]PermissionTicketPermissionRepresentationStandardClaimsjwt.StandardClaimsStandardClaims.AudiencestringStandardClaims.ExpiresAtint64StandardClaims.IdstringStandardClaims.IssuedAtint64StandardClaims.IssuerstringStandardClaims.NotBeforeint64StandardClaims.Subjectstring(*PermissionTicketRepresentation) String() string Valid validates time based claims "exp, iat, nbf". There is no accounting for clock skew.
As well, if any of the above claims are not in the token, it will still
be considered a valid claim. VerifyAudience compares the aud claim against cmp.
If required is false, this method will return true if the value matches or is unset VerifyExpiresAt compares the exp claim against cmp (cmp < exp).
If req is false, it will return true, if exp is unset. VerifyIssuedAt compares the iat claim against cmp (cmp >= iat).
If req is false, it will return true, if iat is unset. VerifyIssuer compares the iss claim against cmp.
If required is false, this method will return true if the value matches or is unset VerifyNotBefore compares the nbf claim against cmp (cmp >= nbf).
If req is false, it will return true, if nbf is unset.
*PermissionTicketRepresentation : github.com/ChrisTrenkamp/goxpath/tree.Result
PermissionTicketRepresentation : github.com/golang-jwt/jwt/v4.Claims
*PermissionTicketRepresentation : fmt.Stringer
PolicyEnforcementMode is an enum type for PolicyEnforcementMode of ResourceServerRepresentation
func PolicyEnforcementModeP(value PolicyEnforcementMode) *PolicyEnforcementMode
func PolicyEnforcementModeP(value PolicyEnforcementMode) *PolicyEnforcementMode
var DISABLED *PolicyEnforcementMode
var ENFORCING *PolicyEnforcementMode
var PERMISSIVE *PolicyEnforcementMode
RolePolicyRepresentation represents role based policiesRoles*[]RoleDefinition(*RolePolicyRepresentation) String() string
*RolePolicyRepresentation : github.com/ChrisTrenkamp/goxpath/tree.Result
*RolePolicyRepresentation : fmt.Stringer
RolesRepresentation represents the roles of a realmClient*map[string][]RoleRealm*[]Role(*RolesRepresentation) String() string
*RolesRepresentation : github.com/ChrisTrenkamp/goxpath/tree.Result
*RolesRepresentation : fmt.Stringer
StringOrArray represents a value that can either be a string or an array of strings MarshalJSON converts the array of strings to a JSON array or JSON string if there is only one item in the array UnmarshalJSON unmarshals a string or an array object from a JSON array or a JSON string
*StringOrArray : encoding/json.Marshaler
*StringOrArray : encoding/json.Unmarshaler
DecisionStrategyP returns a pointer for a DecisionStrategy value
Float32P returns a pointer of a float32 variable
Float64P returns a pointer of a float64 variable
GetQueryParams converts the struct to map[string]string
The fields tags must have `json:"<name>,string,omitempty"` format for all types, except strings
The string fields must have: `json:"<name>,omitempty"`. The `json:"<name>,string,omitempty"` tag for string field
will add additional double quotes.
"string" tag allows to convert the non-string fields of a structure to map[string]string.
"omitempty" allows to skip the fields with default values.
Int32P returns a pointer of an int32 variable
Int64P returns a pointer of an int64 variable
IntP returns a pointer of an integer variable
LogicP returns a pointer for a Logic value
NewClient creates a new Client
NilOrEmpty returns true if string is empty or has a nil value
NilOrEmptyArray returns true if string is empty or has a nil value
NilOrEmptySlice returns true if list is empty or has a nil value
ParseAPIErrType is a convenience method for returning strongly
typed API errors.
PBool returns a boolean value from a pointer
PFloat32 returns an flaot32 value from a pointer
PFloat64 returns an flaot64 value from a pointer
PInt returns an integer value from a pointer
PInt32 returns an int32 value from a pointer
PInt64 returns an int64 value from a pointer
PolicyEnforcementModeP returns a pointer for a PolicyEnforcementMode value
PString returns a string value from a pointer
PStringSlice converts a pointer to []string or returns ampty slice if nill value
UserAttributeContains checks if the given attribute value is set
WithTracer generates a context that has a tracer attached
Package-Level Variables (total 8)
DecisionStrategy values
DecisionStrategy values
PolicyEnforcementMode values
PolicyEnforcementMode values
Logic values
PolicyEnforcementMode values
Logic values
DecisionStrategy values
Package-Level Constants (total 2)
APIErrTypeInvalidGrant corresponds with Keycloak's
OAuthErrorException due to "invalid_grant".
APIErrTypeUnknown is for API errors that are not strongly
typed.
The pages are generated with Goldsv0.6.7. (GOOS=linux GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @Go100and1 (reachable from the left QR code) to get the latest news of Golds.
