keycloak-hs-3.0.2
Safe HaskellSafe-Inferred
LanguageHaskell2010

Keycloak.Authorizations

Description

This module helps you manage resources authorization with Keycloak.

In Keycloak, in the client, activate "Authorization Enabled" and set "Valid Redirect URIs" as "*". You then need to create your scopes, policies and permissions in the authorization tab. If you are unsure, set the "Policy Enforcement Mode" as permissive, so that a positive permission will be given with resources without policy.

The example below shows how to retrieve a token from Keycloak, and then retrieve the permissions of a user on a specific resource.

-- Let's get a token for a specific user login/password
userToken <- getJWT "demo" "demo"

-- Can I access this resource?
isAuth <- isAuthorized resId (ScopeName "view") userToken

liftIO $ putStrLn $ "User demo can access resource demo: " ++ (show isAuth)

-- We can also retrieve all the permissions for our user.
perms <- getPermissions [PermReq Nothing [ScopeName "view"]] userToken

liftIO $ putStrLn $ "All permissions: " ++ (show perms)
Synopsis

Permissions

isAuthorized :: MonadIO m => ResourceId -> ScopeName -> JWT -> KeycloakT m Bool Source #

Returns true if the resource is authorized under the given scope.

getPermissions :: MonadIO m => [PermReq] -> JWT -> KeycloakT m [Permission] Source #

Return the permissions for the permission requests.

checkPermission :: MonadIO m => ResourceId -> ScopeName -> JWT -> KeycloakT m () Source #

Checks if a scope is permitted on a resource. An HTTP Exception 403 will be thrown if not.

Resource

createResource :: MonadIO m => Resource -> JWT -> KeycloakT m ResourceId Source #

Create an authorization resource in Keycloak, under the configured client.

deleteResource :: MonadIO m => ResourceId -> JWT -> KeycloakT m () Source #

Delete the resource

deleteAllResources :: MonadIO m => JWT -> KeycloakT m () Source #

Delete all resources in Keycloak

getResource :: MonadIO m => ResourceId -> JWT -> KeycloakT m Resource Source #

get a single resource

getAllResourceIds :: MonadIO m => KeycloakT m [ResourceId] Source #

get all resources IDs

updateResource :: MonadIO m => Resource -> JWT -> KeycloakT m ResourceId Source #

Update a resource