Metadata-Version: 2.1
Name: keycloakauth
Version: 0.0.3
Summary: Custom Keycloak Worker
Home-page: https://bitbucket.org/VyacheslavKazakov/keycloak_auth/
Author: Vyacheslav Kazakov
Author-email: vyachka@gmail.com
License: MIT
Platform: UNKNOWN
Description-Content-Type: text/markdown
Requires-Dist: django-keycloak-auth (>=0.9.1)
Requires-Dist: requests (==2.24.0)
Requires-Dist: urllib3 (==1.25.11)

# Custom Keyclock Authentication Worker

based on Django Keycloak Auth (https://github.com/marcelo225/django-keycloak-auth) under MIT License

Class KeycloakWorker:
    to introspect the token
    to check if the token is active and which roles it bears
    to get userinfo about the token owner
    to manage Keycloak Group membership

Authentication and Authorization are based on Keycloak Roles: Role mapped to Group, User is a member of the Group.
Roles:
    format: <IS name>:user:manage
    example: crux:user:manage
    example: all:user:manage

Groups:
    format: <IS name>_user_manage
    example: crux_user_manage
    example: all:user:manage

Users:
    Keycloak is supposed to has a User Federation (LDAP catalog, AD)
    Users are being found by username

