keycloak-hs-3.0.1

Safe Haskell	None
Language	Haskell2010

Keycloak.Authorizations

Contents

Permissions
Resource

Description

This module helps you manage resources authorization with Keycloak.

In Keycloak, in the client, activate "Authorization Enabled" and set "Valid Redirect URIs" as "*". You then need to create your scopes, policies and permissions in the authorization tab. If you are unsure, set the "Policy Enforcement Mode" as permissive, so that a positive permission will be given with resources without policy.

The example below shows how to retrieve a token from Keycloak, and then retrieve the permissions of a user on a specific resource.

-- Let's get a token for a specific user login/password
userToken <- getJWT "demo" "demo"

-- Can I access this resource?
isAuth <- isAuthorized resId (ScopeName "view") userToken

liftIO $ putStrLn $ "User demo can access resource demo: " ++ (show isAuth)

-- We can also retrieve all the permissions for our user.
perms <- getPermissions [PermReq Nothing [ScopeName "view"]] userToken

liftIO $ putStrLn $ "All permissions: " ++ (show perms)

Synopsis

isAuthorized :: MonadIO m => ResourceId -> ScopeName -> JWT -> KeycloakT m Bool
getPermissions :: MonadIO m => [PermReq] -> JWT -> KeycloakT m [Permission]
checkPermission :: MonadIO m => ResourceId -> ScopeName -> JWT -> KeycloakT m ()
createResource :: MonadIO m => Resource -> JWT -> KeycloakT m ResourceId
deleteResource :: MonadIO m => ResourceId -> JWT -> KeycloakT m ()
deleteAllResources :: MonadIO m => JWT -> KeycloakT m ()
getResource :: MonadIO m => ResourceId -> JWT -> KeycloakT m Resource
getAllResourceIds :: MonadIO m => KeycloakT m [ResourceId]
updateResource :: MonadIO m => Resource -> JWT -> KeycloakT m ResourceId

Permissions

isAuthorized :: MonadIO m => ResourceId -> ScopeName -> JWT -> KeycloakT m Bool Source #

Returns true if the resource is authorized under the given scope.

getPermissions :: MonadIO m => [PermReq] -> JWT -> KeycloakT m [Permission] Source #

Return the permissions for the permission requests.

checkPermission :: MonadIO m => ResourceId -> ScopeName -> JWT -> KeycloakT m () Source #

Checks if a scope is permitted on a resource. An HTTP Exception 403 will be thrown if not.

Resource

createResource :: MonadIO m => Resource -> JWT -> KeycloakT m ResourceId Source #

Create an authorization resource in Keycloak, under the configured client.

deleteResource :: MonadIO m => ResourceId -> JWT -> KeycloakT m () Source #

Delete the resource

deleteAllResources :: MonadIO m => JWT -> KeycloakT m () Source #

Delete all resources in Keycloak

getResource :: MonadIO m => ResourceId -> JWT -> KeycloakT m Resource Source #

get a single resource

getAllResourceIds :: MonadIO m => KeycloakT m [ResourceId] Source #

get all resources IDs

updateResource :: MonadIO m => Resource -> JWT -> KeycloakT m ResourceId Source #

Update a resource