Hi! I’m having problems performing any actions whatsoever with the REST API in my python script. At the moment, just for testing I want to login and create a user (or a client), this is what I have so far, both with direct requests, and with the python-keycloak library.
Directly with requests, trying to create a client:
import requests
import argparse
import ast
def get_token():
url = f"{kc['SERVER_URL']}realms/my-realm-name/protocol/openid-connect/token"
params = {
'client_id': 'admin-cli',
'client_secret': kc['CLIENT_SECRET'],
'grant_type': 'client_credentials',
#'username': kc['USER'],
#'password': kc['PASS']
}
x = requests.post(url, params, verify=True).content.decode('utf-8')
print(x)
print('\n')
return ast.literal_eval(x)['access_token']
# return requests.post(url, params, verify=False).content.decode('utf-8')
def create_client():
url = f"{kc['SERVER_URL']}admin/realms/my-realm-name/clients"
headers = {
'content-type': 'application/json',
'Authorization': 'Bearer ' + str(get_token())
}
params = {
"clientId": "testclient",
"id":"3",
"name": "testclient-3",
"description": "TESTCLIENT-3",
"enabled": True,
"redirectUris":[ "\\" ],
"publicClient": True
}
x = requests.post(url, headers=headers, json=params)
print(x)
print(x.content)
print(x.text)
return x.content
create_client()
With python-keycloak library creating a user:
from keycloak import KeycloakAdmin, KeycloakOpenID
from .settings import KEYCLOAK as kc
keycloak_access = KeycloakAdmin(server_url=kc['SERVER_URL'],
username=kc['USER'],
password=kc['PASS'],
realm_name=kc['REALM'],
client_id=kc['CLIENT_ID'],
client_secret_key=kc['CLIENT_SECRET'],
user_realm_name='master',
verify=True)
print(keycloak_access)
# Add user
new_user = keycloak_access.create_user({
"email": "example@example.com",
"username": "example",
"enabled": True,
"firstName": "Example",
"lastName": "Example",
"realmRoles": ["test_role", ],
"attributes": {"example": "1,2,3,3,"}})
Both login correctly (I get the token etc.) but when I perform any actions I get a 403 with “unknown error”.
Any clue on why this is happening? The clients have full scopes active, they are confidential type with service accounts enabled, etc.