keycloak-hs-2.1.0

Safe Haskell	None
Language	Haskell2010

Keycloak.Authorizations

Contents

Permissions
Resource

Description

This module helps you manage resources authorization with Keycloak.

In Keycloak, in the client, activate "Authorization Enabled" and set "Valid Redirect URIs" as "*". You then need to create your scopes, policies and permissions in the authorization tab. If you are unsure, set the "Policy Enforcement Mode" as permissive, so that a positive permission will be given with resources without policy.

The example below shows how to retrieve a token from Keycloak, and then retrieve the permissions of a user on a specific resource.

-- Let's get a token for a specific user login/password
userToken <- getJWT "demo" "demo"

-- Can I access this resource?
isAuth <- isAuthorized resId (ScopeName "view") userToken

liftIO $ putStrLn $ "User demo can access resource demo: " ++ (show isAuth)

-- We can also retrieve all the permissions for our user.
perms <- getPermissions [PermReq Nothing [ScopeName "view"]] userToken

liftIO $ putStrLn $ "All permissions: " ++ (show perms)

Synopsis

isAuthorized :: ResourceId -> ScopeName -> JWT -> Keycloak Bool
getPermissions :: [PermReq] -> JWT -> Keycloak [Permission]
checkPermission :: ResourceId -> ScopeName -> JWT -> Keycloak ()
createResource :: Resource -> JWT -> Keycloak ResourceId
deleteResource :: ResourceId -> JWT -> Keycloak ()
deleteAllResources :: JWT -> Keycloak ()
getResource :: ResourceId -> JWT -> Keycloak Resource
getAllResourceIds :: Keycloak [ResourceId]
updateResource :: Resource -> JWT -> Keycloak ResourceId

Permissions

isAuthorized :: ResourceId -> ScopeName -> JWT -> Keycloak Bool Source #

Returns true if the resource is authorized under the given scope.

getPermissions :: [PermReq] -> JWT -> Keycloak [Permission] Source #

Return the permissions for the permission requests.

checkPermission :: ResourceId -> ScopeName -> JWT -> Keycloak () Source #

Checks if a scope is permitted on a resource. An HTTP Exception 403 will be thrown if not.

Resource

createResource :: Resource -> JWT -> Keycloak ResourceId Source #

Create an authorization resource in Keycloak, under the configured client.

deleteResource :: ResourceId -> JWT -> Keycloak () Source #

Delete the resource

deleteAllResources :: JWT -> Keycloak () Source #

Delete all resources in Keycloak

getResource :: ResourceId -> JWT -> Keycloak Resource Source #

get a single resource

getAllResourceIds :: Keycloak [ResourceId] Source #

get all resources IDs

updateResource :: Resource -> JWT -> Keycloak ResourceId Source #

Update a resource