Created
March 7, 2025 06:38
-
-
Save turicas/1e86c5d34167229db38fbc376ddc1c3c to your computer and use it in GitHub Desktop.
Script to create keycloak realm, backend and frontend clients and user accounts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # pip install python-keycloak | |
| import os | |
| from keycloak import KeycloakAdmin | |
| from keycloak.exceptions import KeycloakGetError | |
| server_url = "http://keycloak:8080/auth/" | |
| admin_username = "admin" | |
| admin_password = "admin" | |
| default_realm_name = "master" | |
| new_realm_name = "myrealm" | |
| frontend_client_id = "my-frontend" | |
| backend_client_id = "my-backend" | |
| new_user_email = "[email protected]" | |
| new_user_username = "11111111111" | |
| new_user_first_name = "João" | |
| new_user_last_name = "da Silva" | |
| new_user_password = "very-secret" | |
| def get_client(set_realm=True): | |
| client = KeycloakAdmin( | |
| server_url=server_url, username=admin_username, password=admin_password, realm_name=default_realm_name, | |
| verify=True, | |
| ) | |
| if set_realm: | |
| client.realm_name = new_realm_name | |
| return client | |
| try: | |
| get_client(set_realm=False).create_realm({"realm": new_realm_name, "enabled": True}) | |
| print(f"Realm {repr(new_realm_name)} created!") | |
| except Exception as exp: | |
| print(f"Error creating realm {repr(new_realm_name)}: {exp}") | |
| client = get_client() | |
| try: | |
| res = client.create_client( | |
| { | |
| "clientId": frontend_client_id, | |
| "enabled": True, | |
| "protocol": "openid-connect", | |
| "redirectUris": ["*"], | |
| "webOrigins": ["*"], | |
| }, | |
| ) | |
| print(f"Frontend client {repr(frontend_client_id)} created! {res}") | |
| except Exception as exp: | |
| print(f"Error creating frontend client {repr(frontend_client_id)}: {exp}") | |
| try: | |
| res = get_client().create_client( | |
| {"clientId": backend_client_id, "enabled": True, "protocol": "openid-connect", "bearerOnly": True}, | |
| ) | |
| print(f"Backend client {repr(backend_client_id)} created! {res}") | |
| except Exception as exp: | |
| print(f"Error creating backend client {repr(backend_client_id)}: {exp}") | |
| client = get_client() | |
| try: | |
| client_backend_id = client.get_client_id(backend_client_id) | |
| secret_data = client.generate_client_secrets(client_backend_id) | |
| secret = secret_data.get("value") | |
| print(f"Secret for {repr(backend_client_id)}: {secret}") | |
| except Exception as exp: | |
| print(f"Error reading backend client secret for {repr(backend_client_id)}: {exp}") | |
| try: | |
| user_id = get_client().create_user( | |
| { | |
| "username": new_user_username, | |
| "email": new_user_email, | |
| "firstName": new_user_first_name, | |
| "lastName": new_user_last_name, | |
| "enabled": True, | |
| "emailVerified": True | |
| }, | |
| ) | |
| print(f"User {repr(new_user_username)} created! {user_id}") | |
| except KeycloakGetError as exp: | |
| print(f"Error creating user {repr(new_user_username)}: {exp}") | |
| try: | |
| get_client().set_user_password(user_id, new_user_password, temporary=False) | |
| print(f"Password set for user {repr(new_user_username)} ({new_user_password})!") | |
| except Exception as exp: | |
| print(f"Error setting password for user {repr(new_user_username)}: {exp}") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment