keycloak-hs-3.0.0
Safe HaskellNone
LanguageHaskell2010

Keycloak.Tokens

Description

Authentication with Keycloak is based on JWTs. This module helps you retrieve tokens from Keycloak, and use them to authenticate your users. In Keycloak, you need to configure a realm, a client and a user.

Users can also have additional attributes. To see them in the Token, you need to add "protocol mappers" in the Client, that will copy the User attribute in the Token.

The example below retrieves a User token using Login/password, verifies it, and extract all the user details from it.

main :: IO ()
main = do

  --configure Keycloak with the adapter config file. You can retrieve this file in your Client/Installation tab (JSON format).
  --This function will also get the signing keys from Keycloak, so make sure that Keycloak is on and configured!
  kcConfig <- configureKeycloak "keycloak.json"

  void $ flip runKeycloak kcConfig $ do
  
    -- Get a JWT from Keycloak. A JWT can then be used to authenticate yourself with an application.
    jwt <- getJWT "demo" "demo" 
    liftIO $ putStrLn $ "Got JWT: n" ++ (show jwt) ++ "nn"
  
    -- Retrieve the claims contained in the JWT.
    claims <- verifyJWT jwt
    liftIO $ putStrLn $ "Claims decoded from Token: n" ++ (show claims) ++ "nn"
    
    -- get the user from the claim
    let user = getClaimsUser claims
    liftIO $ putStrLn $ "User decoded from claims: n" ++ (show user) ++ "nn"
Synopsis

Documentation

getJWT :: MonadIO m => Username -> Password -> KeycloakT m JWT Source #

Retrieve the user's token. This token can be used to authenticate the user. This token can be also used for every other Keycloak calls.

getClientJWT :: MonadIO m => KeycloakT m JWT Source #

return a Client token (linked to a Client, not a User). It is useful to create Resources in that Client in Keycloak.

verifyJWT :: (MonadTime m, MonadIO m) => JWT -> KeycloakT m ClaimsSet Source #

Verify a JWT. If sucessful, the claims are returned. Otherwise, a JWTError is thrown.

getClaimsUser :: ClaimsSet -> User Source #

Extract the user identity from a token. Additional attributes can be encoded in the token.

getJWKs :: Realm -> ServerURL -> IO [JWK] Source #

return JWKs from Keycloak. Its a set of keys that can be used to check signed tokens (JWTs) This is done for you in the configureKeycloak function. JWKs are stored in the Keycloak State Monad.