(access-token deployment keycloak-client)

Get an access token extracted in a ClojureAccessToken record with one additionnal attribute :token that hold the token as a string


(client-conf {:keys [realm auth-server-url client-id client-secret], :as conf})(client-conf auth-server-url realm-name client-id)(client-conf auth-server-url realm-name client-id client-secret)

returns a keycloak client configuration data structure given the params


(client-conf-input-stream auth-server-url realm-name client-id)(client-conf-input-stream auth-server-url realm-name client-id client-secret)

return the keycloak client config as an input stream containing JSON, see client-conf


(deployment client-conf)

take a keycloak client configuration as EDN and return a KeycloakDeployment object, see client-conf for getting a proper conf structure


(deployment-for-realm keycloak-client auth-server-url client-id realm-name)


(deployment-for-realms keycloak-client auth-server-url client-id realms-name)

retrieve the secrets and build dynamically a map with realm-name as key and the keycloak deployment as value given a keycloak client with admin role, an array of realm name. This is useful for large number of realms and multi-tenant applications or tests, otherwise you should define them statically


(extract access-token)

Return a keycloak.deployment/ClojureAccessToken record with :user and :roles keys with values extracted from the Keycloak access token along with all the props of the AccessToken bean


(keycloak-client conf secret)(keycloak-client conf username password)

Build a org.keycloak.admin.client.Keycloak object from a client-conf and a credential (secret or username/password), use the RestEasy client. This keycloak-client object will be used as the first param for every interactions with the Keycloak server.


(verify deployment token)(verify deployments realm-name token)

Verify an Access Token given a deployment to check against