Open abnerjacobsen opened 1 year ago
If your client has mapped roles - roles are returned under user_info -> resources -> client name -> roles, or do you mean something else?
Using demo app from the README.md:
Hi @CHerSun
I'm with the same question as @abnerjacobsen. I followed your answer and configured client->user role mapping:
I don't see any user_info -> resources property though!
My app.py
is:
from dataclasses import asdict
from streamlit_keycloak import login
import streamlit as st
def main():
st.subheader(f"Welcome {keycloak.user_info['preferred_username']}!")
st.write(f"Here is your user information:")
st.write(asdict(keycloak)["user_info"])
st.write(f"Here is your OAuth2 token: {keycloak.access_token}")
st.title("Streamlit Keycloak example app1")
keycloak = login(
url="http://auth.localhost:8080",
realm="master",
client_id="app1",
)
if keycloak.authenticated:
main()
Am I missing a config or something?
Had to turn on "Add to userinfo" here...
To get the roles..
It's apparently default disabled the latest version of Keycloak.
Hi @CHerSun
I'm with the same question as @abnerjacobsen. I followed your answer and configured client->user role mapping:
I don't see any user_info -> resources property though!
My
app.py
is:from dataclasses import asdict from streamlit_keycloak import login import streamlit as st def main(): st.subheader(f"Welcome {keycloak.user_info['preferred_username']}!") st.write(f"Here is your user information:") st.write(asdict(keycloak)["user_info"]) st.write(f"Here is your OAuth2 token: {keycloak.access_token}") st.title("Streamlit Keycloak example app1") keycloak = login( url="http://auth.localhost:8080", realm="master", client_id="app1", ) if keycloak.authenticated: main()
Am I missing a config or something?
Hi, just passing and saw this, it's not closed and c-bik's solution is nice and simple (didn't know that was there so thanks) but it's outputting all roles under the individual Clients, my solution to this problem is to add a Mapper to the Client for a specific Client which can then be merged under the same Token (although the 'User Client Role' may be able to be modified for this) My solution also allows for specific Roles to be exposed through the mapper for other Clients if you wanted to only allow specific Role(s) to be available. My notes are based on using v21.0.0 (Docker Image keycloak/keycloak:21.0.0-0)
As far as I'm aware your Client should be added to a new Realm, the 'master' Realm (as per the screenshots) shouldn't be used, although I'm guessing this was just to get the screenshots.
Sticking with the default one ('Client Scopes'->'roles'->'Mappers'->'client roles'), it's not do-able as the '${client_id}' only works in the 'Token Claim Name':
If you don't have (or can't) enable 'Add to userinfo', you can extract the roles from the JWT.
Here's how I did it
import base64
import json
def decode_token(encoded_token):
payload_part = encoded_token.split('.')[1]
# Adding padding if necessary
payload_part += '=' * (-len(payload_part) % 4)
# base64Url decode
decoded_bytes = base64.urlsafe_b64decode(payload_part)
# Parse as JSON
payload = json.loads(decoded_bytes)
return payload
def main():
# st.subheader(f"Welcome {keycloak.user_info['preferred_username']}!")
st.write(f"Here is your user information:")
st.write(asdict(keycloak))
access_token = keycloak.access_token
payload = decode_token(access_token)
# Now, you can access the roles like this:
roles = payload['realm_access']['roles']
st.write(roles)
Which returns something like
[ "ROLE_USER", "offline_access", "uma_authorization" ]
Thanks @MPerrymanAW and @yaffol very nice 👍
First of all, congratulations on your project, it works very well.
Now a question: I was able to install streamlit-keycloack and authenticate a user in my app on Streamlit Cloud using the Keycloack server that I configured, including obtaining the list of groups to which the user belongs. There's only one thing I don't know how to do, which is to get the list of user roles. Do you have any tips on how I can do this?