Safe Haskell | None |
---|---|
Language | Haskell2010 |
This module helps you manage resources authorization with Keycloak.
In Keycloak, in the client, activate "Authorization Enabled" and set "Valid Redirect URIs" as "*". You then need to create your scopes, policies and permissions in the authorization tab. If you are unsure, set the "Policy Enforcement Mode" as permissive, so that a positive permission will be given with resources without policy.
The example below shows how to retrieve a token from Keycloak, and then retrieve the permissions of a user on a specific resource.
-- Let's get a token for a specific user login/password userToken <- getJWT "demo" "demo" -- Can I access this resource? isAuth <- isAuthorized resId (ScopeName "view") userToken liftIO $ putStrLn $ "Userdemo
can access resourcedemo
: " ++ (show isAuth) -- We can also retrieve all the permissions for our user. perms <- getPermissions [PermReq Nothing [ScopeName "view"]] userToken liftIO $ putStrLn $ "All permissions: " ++ (show perms)
Synopsis
- isAuthorized :: MonadIO m => ResourceId -> ScopeName -> JWT -> KeycloakT m Bool
- getPermissions :: MonadIO m => [PermReq] -> JWT -> KeycloakT m [Permission]
- checkPermission :: MonadIO m => ResourceId -> ScopeName -> JWT -> KeycloakT m ()
- createResource :: MonadIO m => Resource -> JWT -> KeycloakT m ResourceId
- deleteResource :: MonadIO m => ResourceId -> JWT -> KeycloakT m ()
- deleteAllResources :: MonadIO m => JWT -> KeycloakT m ()
- getResource :: MonadIO m => ResourceId -> JWT -> KeycloakT m Resource
- getAllResourceIds :: MonadIO m => KeycloakT m [ResourceId]
- updateResource :: MonadIO m => Resource -> JWT -> KeycloakT m ResourceId
Permissions
isAuthorized :: MonadIO m => ResourceId -> ScopeName -> JWT -> KeycloakT m Bool Source #
Returns true if the resource is authorized under the given scope.
getPermissions :: MonadIO m => [PermReq] -> JWT -> KeycloakT m [Permission] Source #
Return the permissions for the permission requests.
checkPermission :: MonadIO m => ResourceId -> ScopeName -> JWT -> KeycloakT m () Source #
Checks if a scope is permitted on a resource. An HTTP Exception 403 will be thrown if not.
Resource
createResource :: MonadIO m => Resource -> JWT -> KeycloakT m ResourceId Source #
Create an authorization resource in Keycloak, under the configured client.
deleteResource :: MonadIO m => ResourceId -> JWT -> KeycloakT m () Source #
Delete the resource
getResource :: MonadIO m => ResourceId -> JWT -> KeycloakT m Resource Source #
get a single resource
getAllResourceIds :: MonadIO m => KeycloakT m [ResourceId] Source #
get all resources IDs
updateResource :: MonadIO m => Resource -> JWT -> KeycloakT m ResourceId Source #
Update a resource