Safe Haskell | None |
---|---|
Language | Haskell2010 |
This module helps you manage resources authorization with Keycloak.
In Keycloak, in the client, activate "Authorization Enabled" and set "Valid Redirect URIs" as "*". You then need to create your scopes, policies and permissions in the authorization tab. If you are unsure, set the "Policy Enforcement Mode" as permissive, so that a positive permission will be given with resources without policy.
The example below shows how to retrieve a token from Keycloak, and then retrieve the permissions of a user on a specific resource.
-- Let's get a token for a specific user login/password userToken <- getJWT "demo" "demo" -- Can I access this resource? isAuth <- isAuthorized resId (ScopeName "view") userToken liftIO $ putStrLn $ "Userdemo
can access resourcedemo
: " ++ (show isAuth) -- We can also retrieve all the permissions for our user. perms <- getPermissions [PermReq Nothing [ScopeName "view"]] userToken liftIO $ putStrLn $ "All permissions: " ++ (show perms)
Synopsis
- isAuthorized :: ResourceId -> ScopeName -> JWT -> Keycloak Bool
- getPermissions :: [PermReq] -> JWT -> Keycloak [Permission]
- checkPermission :: ResourceId -> ScopeName -> JWT -> Keycloak ()
- createResource :: Resource -> JWT -> Keycloak ResourceId
- deleteResource :: ResourceId -> JWT -> Keycloak ()
- deleteAllResources :: JWT -> Keycloak ()
- getResource :: ResourceId -> JWT -> Keycloak Resource
- getAllResourceIds :: Keycloak [ResourceId]
- updateResource :: Resource -> JWT -> Keycloak ResourceId
Permissions
isAuthorized :: ResourceId -> ScopeName -> JWT -> Keycloak Bool Source #
Returns true if the resource is authorized under the given scope.
getPermissions :: [PermReq] -> JWT -> Keycloak [Permission] Source #
Return the permissions for the permission requests.
checkPermission :: ResourceId -> ScopeName -> JWT -> Keycloak () Source #
Checks if a scope is permitted on a resource. An HTTP Exception 403 will be thrown if not.
Resource
createResource :: Resource -> JWT -> Keycloak ResourceId Source #
Create an authorization resource in Keycloak, under the configured client.
deleteResource :: ResourceId -> JWT -> Keycloak () Source #
Delete the resource
deleteAllResources :: JWT -> Keycloak () Source #
Delete all resources in Keycloak
getResource :: ResourceId -> JWT -> Keycloak Resource Source #
get a single resource
getAllResourceIds :: Keycloak [ResourceId] Source #
get all resources IDs
updateResource :: Resource -> JWT -> Keycloak ResourceId Source #
Update a resource