keycloak

package

v1.3.12 Latest Latest Go to latest Published: Apr 17, 2026 License: MIT Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/andyle182810/gframework

Links

Open Source Insights

Documentation ¶

Overview ¶

Package keycloak provides a Keycloak integration with two complementary clients:

AdminClient: a service-account-backed wrapper around gocloak/v13 for user and realm-role lifecycle management. A service-account token is cached in-memory behind an RWMutex with double-check locking and refreshed on expiry with a configurable safety buffer (default 60 s). Safe for concurrent use.
UMAClient: a stateless UMA 2.0 permission-decision client. Given an end-user access token, it calls the realm token endpoint with the uma-ticket grant type and decision response mode to answer a single resource#scope check.

Basic usage:

admin := keycloak.NewAdminClient(
    "https://kc.example.com",
    "my-realm",
    "svc-account",
    "svc-secret",
)

id, err := admin.CreateUser(ctx, keycloak.CreateUserParams{
    Username: "alice",
    Email:    "alice@example.com",
    Password: "s3cret",
})

uma := keycloak.NewUMAClient(
    "https://kc.example.com/realms/my-realm/protocol/openid-connect/token",
    "my-resource-server",
)

allowed, err := uma.Check(ctx, userToken, "document:42", "read")

Index ¶

Variables
func RoleNames(roles []*gocloak.Role) []string
type AdminClient
- func NewAdminClient(baseURL string, realm string, clientID string, clientSecret string, ...) *AdminClient
type AdminOption
- func WithRestyClient(restyClient *resty.Client) AdminOption
- func WithTokenSafetyBuffer(buffer time.Duration) AdminOption
type CreateUserParams
type UMAClient
- func NewUMAClient(tokenEndpoint string, audience string, opts ...UMAOption) *UMAClient
- func (c *UMAClient) Check(ctx context.Context, userToken, resource, scope string) (bool, error)
type UMAOption
- func WithUMAHTTPClient(httpClient *http.Client) UMAOption
type UpdateUserParams

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrRoleNotFound = errors.New("keycloak: realm role not found")
	ErrInvalidInput = errors.New("keycloak: invalid input")
)

View Source

var (
	ErrUMARequestFailed   = errors.New("keycloak uma: request failed")
	ErrUMAResponseInvalid = errors.New("keycloak uma: unexpected response")
)

Functions ¶

func RoleNames ¶

func RoleNames(roles []*gocloak.Role) []string

Types ¶

type AdminClient ¶

type AdminClient struct {
	// contains filtered or unexported fields
}

func NewAdminClient ¶

func NewAdminClient(
	baseURL string,
	realm string,
	clientID string,
	clientSecret string,
	opts ...AdminOption,
) *AdminClient

func (*AdminClient) AddRole ¶

func (c *AdminClient) AddRole(ctx context.Context, id, name string) error

func (*AdminClient) CreateUser ¶

func (c *AdminClient) CreateUser(ctx context.Context, params CreateUserParams) (string, error)

func (*AdminClient) GetUser ¶

func (c *AdminClient) GetUser(ctx context.Context, id string) (*gocloak.User, error)

func (*AdminClient) InvalidateToken ¶

func (c *AdminClient) InvalidateToken()

func (*AdminClient) ListUsers ¶

func (c *AdminClient) ListUsers(ctx context.Context, offset, limit int) ([]*gocloak.User, error)

func (*AdminClient) RemoveRole ¶

func (c *AdminClient) RemoveRole(ctx context.Context, id, name string) error

func (*AdminClient) Roles ¶

func (c *AdminClient) Roles(ctx context.Context) ([]*gocloak.Role, error)

func (*AdminClient) SendActionsEmail ¶

func (c *AdminClient) SendActionsEmail(ctx context.Context, id string, actions []string) error

func (*AdminClient) SetEnabled ¶

func (c *AdminClient) SetEnabled(ctx context.Context, id string, enabled bool) error

func (*AdminClient) UpdateUser ¶

func (c *AdminClient) UpdateUser(ctx context.Context, id string, params UpdateUserParams) error

func (*AdminClient) UserRoles ¶

func (c *AdminClient) UserRoles(ctx context.Context, id string) ([]*gocloak.Role, error)

type AdminOption ¶

type AdminOption func(*AdminClient)

func WithRestyClient ¶

func WithRestyClient(restyClient *resty.Client) AdminOption

func WithTokenSafetyBuffer ¶

func WithTokenSafetyBuffer(buffer time.Duration) AdminOption

type CreateUserParams ¶

type CreateUserParams struct {
	Username  string
	Email     string
	FirstName string
	LastName  string
	Password  string
}

type UMAClient ¶

type UMAClient struct {
	// contains filtered or unexported fields
}

func NewUMAClient ¶

func NewUMAClient(
	tokenEndpoint string,
	audience string,
	opts ...UMAOption,
) *UMAClient

func (*UMAClient) Check ¶

func (c *UMAClient) Check(ctx context.Context, userToken, resource, scope string) (bool, error)

type UMAOption ¶

type UMAOption func(*UMAClient)

func WithUMAHTTPClient ¶

func WithUMAHTTPClient(httpClient *http.Client) UMAOption

type UpdateUserParams ¶

type UpdateUserParams struct {
	Email     string
	FirstName string
	LastName  string
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL