Skip to content

Instantly share code, notes, and snippets.

Last active July 19, 2024 02:17
Show Gist options
  • Save thomasdarimont/145dc9aa857b831ff2eff221b79d179a to your computer and use it in GitHub Desktop.
Save thomasdarimont/145dc9aa857b831ff2eff221b79d179a to your computer and use it in GitHub Desktop.
Simple python example using flask, flask_oidc and keycloak
import json
import logging
from flask import Flask, g
from flask_oidc import OpenIDConnect
import requests
app = Flask(__name__)
'SECRET_KEY': 'SomethingNotEntirelySecret',
'TESTING': True,
'DEBUG': True,
'OIDC_CLIENT_SECRETS': 'client_secrets.json',
'OIDC_OPENID_REALM': 'flask-demo',
'OIDC_SCOPES': ['openid', 'email', 'profile'],
'OIDC_INTROSPECTION_AUTH_METHOD': 'client_secret_post'
oidc = OpenIDConnect(app)
def hello_world():
if oidc.user_loggedin:
return ('Hello, %s, <a href="/private">See private</a> '
'<a href="/logout">Log out</a>') % \
return 'Welcome anonymous, <a href="/private">Log in</a>'
def hello_me():
"""Example for protected endpoint that extracts private information from the OpenID Connect id_token.
Uses the accompanied access_token to access a backend service.
info = oidc.user_getinfo(['preferred_username', 'email', 'sub'])
username = info.get('preferred_username')
email = info.get('email')
user_id = info.get('sub')
if user_id in oidc.credentials_store:
from oauth2client.client import OAuth2Credentials
access_token = OAuth2Credentials.from_json(oidc.credentials_store[user_id]).access_token
print 'access_token=<%s>' % access_token
headers = {'Authorization': 'Bearer %s' % (access_token)}
greeting = requests.get('http://localhost:8080/greeting', headers=headers).text
print "Could not access greeting-service"
greeting = "Hello %s" % username
return ("""%s your email is %s and your user_id is %s!
<li><a href="/">Home</a></li>
<li><a href="//localhost:8081/auth/realms/pysaar/account?referrer=flask-app&referrer_uri=http://localhost:5000/private&">Account</a></li>
</ul>""" %
(greeting, email, user_id))
@app.route('/api', methods=['POST'])
@oidc.accept_token(require_token=True, scopes_required=['openid'])
def hello_api():
"""OAuth 2.0 protected API endpoint accessible via AccessToken"""
return json.dumps({'hello': 'Welcome %s' % g.oidc_token_info['sub']})
def logout():
"""Performs local logout by removing the session cookie."""
return 'Hi, you have been logged out! <a href="/">Return</a>'
if __name__ == '__main__':
"web": {
"issuer": "http://localhost:8081/auth/realms/pysaar",
"auth_uri": "http://localhost:8081/auth/realms/pysaar/protocol/openid-connect/auth",
"client_id": "flask-app",
"client_secret": "a41060dd-b5a8-472e-a91f-6a3ab0e04714",
"redirect_uris": [
"userinfo_uri": "http://localhost:8081/auth/realms/pysaar/protocol/openid-connect/userinfo",
"token_uri": "http://localhost:8081/auth/realms/pysaar/protocol/openid-connect/token",
"token_introspection_uri": "http://localhost:8081/auth/realms/pysaar/protocol/openid-connect/token/introspect"
Copy link

LUCIFERsDen26 commented Mar 12, 2024

Hello! @alex27riva

I got it working! 🎉 GitHub Gist Link

docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin start-dev

Then I built the realm and client, and modified the code according to the latest release of flask-oidc (1.2.0) (Sep 28, 2017).

Thank you!

If you've discovered a new way to deal with Flask Keycloak, please let me know too!

Copy link

Hello! @alex27riva

I got it working! 🎉 GitHub Gist Link

docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin start-dev

Then I built the realm and client, and modified the code according to the latest release of flask-oidc (1.2.0) (Sep 28, 2017).

Thank you!

If you've discovered a new way to deal with Flask Keycloak, please let me know too!

Hi @LUCIFERsDen26 , thank your for your reply.
I tried your code, but I'm getting the same error as before.
Are these client setting correct?

Copy link

Hello! @alex27riva
I got it working! 🎉 GitHub Gist Link

docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin start-dev

Then I built the realm and client, and modified the code according to the latest release of flask-oidc (1.2.0) (Sep 28, 2017).
Thank you!
If you've discovered a new way to deal with Flask Keycloak, please let me know too!

Hi @LUCIFERsDen26 , thank your for your reply. I tried your code, but I'm getting the same error as before. immagine Are these client setting correct?

thanks for reaching out!
the adress should be same as you python flask app is running on like shown in image!

BTW it has username : lucifer
password: test (i guess, i dont remenber, i change it from admin account)


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment