Hello!

really good project, i love keycloak and fastapi :-). Unfortunately I am not able to get it running and I guess this is due to a bug:

The error happens, when I the token is decoded:

PS C:\Users\User\Desktop\KeyCloakFastAPI> python .\app.py
{'exp': 1649355552, 'iat': 1649355252, 'jti': '51e67522-19f7-45b0-9894-e862b440106b', 'iss': 'http://localhost:8085/auth/realms/Test', 'sub': '33b940e2-0bdb-49a7-9356-e6e230f49619', 'ty
p': 'Bearer', 'azp': 'admin-cli', 'acr': '1', 'scope': 'profile email', 'clientId': 'admin-cli', 'clientHost': '172.23.0.1', 'email_verified': False, 'preferred_username': 'service-acco
unt-admin-cli', 'clientAddress': '172.23.0.1'}

I my token I don´t have "resource_access, which leads to "None" and to a follow up error:

AttributeError: 'NoneType' object has no attribute 'get'

traceback:

Traceback (most recent call last):
  File ".\app.py", line 7, in <module>
    idp = FastAPIKeycloak(
  File "C:\Users\User\anaconda3\lib\site-packages\fastapi_keycloak\api.py", line 129, in __init__
    self._get_admin_token()  # Requests an admin access token on startup
  File "C:\Users\User\anaconda3\lib\site-packages\fastapi_keycloak\api.py", line 292, in _get_admin_token
    self.admin_token = response.json()['access_token']
  File "C:\Users\User\anaconda3\lib\site-packages\fastapi_keycloak\api.py", line 159, in admin_token
    if not decoded_token.get('resource_access').get('realm-management') or not decoded_token.get('resource_access').get('account'):
AttributeError: 'NoneType' object has no attribute 'get'

Is there something I did wrong or is this an error in the lib?

How to reproduce ?

Env preparation.

pipenv install fastapi fastapi-keycloak

I followed your quickstart and full example instructions then :

pipenv run python main.py

What the result?

pipenv run python main.py 
Traceback (most recent call last):
  File "main.py", line 10, in <module>
    idp = FastAPIKeycloak(
  File "/home/germainlef/.local/share/virtualenvs/auth-keycloak-WIW7vmvr/lib/python3.8/site-packages/fastapi_keycloak/api.py", line 125, in __init__
    self._get_admin_token()  # Requests an admin access token on startup
  File "/home/germainlef/.local/share/virtualenvs/auth-keycloak-WIW7vmvr/lib/python3.8/site-packages/fastapi_keycloak/api.py", line 285, in _get_admin_token
    self.admin_token = response.json()['access_token']
  File "/home/germainlef/.local/share/virtualenvs/auth-keycloak-WIW7vmvr/lib/python3.8/site-packages/fastapi_keycloak/api.py", line 154, in admin_token
    if not decoded_token.get('resource_access').get('realm-management') or not decoded_token.get('resource_access').get('account'):
AttributeError: 'NoneType' object has no attribute 'get'

It seems that if the search of users based on a query string return no users, the code assumes that there will always be some results and it "chokes" when none are found.

I want to use this example locally without docker https://fastapi-keycloak.code-specialist.com/full_example/ but this give me this error message

• client_secret = client > client_id > credential > Secret
• admin_client_secret = admin_cli > credential > Secret

and please specify that fastapi_keycloak will work for new keycloak version 17

The error message is

(venv) (base) sana@sana:/office/My Projects/keycloak_implementation$ uvicorn main:app --reload --port 8001 INFO: Will watch for changes in these directories: ['/office/My Projects/keycloak_implementation'] INFO: Uvicorn running on http://127.0.0.1:8001 (Press CTRL+C to quit) INFO: Started reloader process [18160] using watchgod Process SpawnProcess-1: Traceback (most recent call last): File "/usr/lib/python3.8/multiprocessing/process.py", line 315, in _bootstrap self.run() File "/usr/lib/python3.8/multiprocessing/process.py", line 108, in run self._target(*self._args, **self._kwargs) File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/uvicorn/subprocess.py", line 76, in subprocess_started target(sockets=sockets) File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/uvicorn/server.py", line 60, in run return asyncio.run(self.serve(sockets=sockets)) File "/usr/lib/python3.8/asyncio/runners.py", line 44, in run return loop.run_until_complete(main) File "uvloop/loop.pyx", line 1501, in uvloop.loop.Loop.run_until_complete File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/uvicorn/server.py", line 67, in serve config.load() File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/uvicorn/config.py", line 458, in load self.loaded_app = import_from_string(self.app) File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/uvicorn/importer.py", line 21, in import_from_string module = importlib.import_module(module_str) File "/usr/lib/python3.8/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1014, in _gcd_import File "", line 991, in _find_and_load File "", line 975, in _find_and_load_unlocked File "", line 671, in _load_unlocked File "", line 848, in exec_module File "", line 219, in _call_with_frames_removed File "/office/My Projects/keycloak_implementation/./main.py", line 7, in idp = FastAPIKeycloak( File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/fastapi_keycloak/api.py", line 129, in init self._get_admin_token() # Requests an admin access token on startup File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/fastapi_keycloak/api.py", line 288, in _get_admin_token response = requests.post(url=self.token_uri, headers=headers, data=data) File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/requests/api.py", line 117, in post return request('post', url, data=data, json=json, **kwargs) File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/requests/api.py", line 61, in request return session.request(method=method, url=url, **kwargs) File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/requests/sessions.py", line 515, in request prep = self.prepare_request(req) File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/requests/sessions.py", line 443, in prepare_request p.prepare( File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/requests/models.py", line 318, in prepare self.prepare_url(url, params) File "/office/My Projects/keycloak_implementation/venv/lib/python3.8/site-packages/requests/models.py", line 392, in prepare_url raise MissingSchema(error) requests.exceptions.MissingSchema: Invalid URL 'None': No scheme supplied. Perhaps you meant http://None?

I've been using https://github.com/elbernv/fastapi-keycloack to add security to my routes. I was trying to switch to using this library, seeing as though it is getting regular updates. I was wondering if it's currently possible to decode more from the token than what the OIDCUser object currently returns?

For example, I've added the users group memberships to the profile scope, I've also added it as it's own scope, so two questions:

1. Is it possible to fetch the group memberships from the token when using the profile scope?
2. Is it possible to add more scopes? It seems like only profile and email are currently available when adding security to the FastAPI application.

Thank you.

We figured that current_user(line 220) function when receiving a token, doesn't validate the token like lib does in admin_token(line 141) method.

Is it by design or can I create a fix for that?

@yannicschroeer ,

Any timeline for uploading the FastAPI scopes check example using this library?

Also, I would like to know, if there is an example to configure SSO for multiple microservices and MFA

Thanks, Uday

FastAPIs Depends function expects a callable. get_current_user is returning a callable but its type hint did not reflect this.

It's just a small change but PyCharms type checker annoyed me...

Hi,

it seems that the keycloak image tag used in the docker-compose file example in doc/getting_started does not exist: ERROR: manifest for jboss/keycloak:16.0.1 not found The existing tags are shown here (I used 16.1.1).

Unable to connect with user (here [email protected]) using the "Authorize" button and "OAuth2PasswordBearer" form.

A CORS error is achieved on non-https website.

I suggest adding the parameter on your documentation to allow testing the whole process on dev platform (that i the point of playing the quickstart guide).

Client> test-client : Fil lthe WebOrigins attribute to *.

Done

• Initial version proposal
• Docs: https://fastapi-keycloak.code-specialist.com/

TODO before merging

• [x] Unit tests - [ ] 100% test coverage - [ ] Test infrastructure running on actions runner

I am looking for a multi-tenant-based solution, where the customer maintains different realms for different vendors. How could we manage the FastAPIKeycloak() creation and .get_current_user() authentication/authorisation?

Based on the URL I am figuring out the tenant and getting the relevant Database details, but now confused about how we could use the below OIDCUser in the Endpoint definition.

user: OIDCUser = Depends(keycloak_obj.get_current_user())

@yannicschroeer

Hello,

pip fails to install fastapi_keycloak on the following docker images:

• python3.8
• python3.8-slim
• python3.9-slim
• python3.10-slim

I have no clue why it fails (tested with pip==22.3, 22.1.2, 22.2)

Obtaining file:///tmp/fastapi-keycloak
  Installing build dependencies: started
  Installing build dependencies: finished with status 'done'
  Checking if build backend supports build_editable: started
  Checking if build backend supports build_editable: finished with status 'done'
  Getting requirements to build editable: started
  Getting requirements to build editable: finished with status 'error'
  error: subprocess-exited-with-error
  
  × Getting requirements to build editable did not run successfully.
  │ exit code: 1
  ╰─> [43 lines of output]
      Traceback (most recent call last):
        File "/usr/local/lib/python3.10/site-packages/pip/_vendor/pep517/in_process/_in_process.py", line 351, in <module>
          main()
        File "/usr/local/lib/python3.10/site-packages/pip/_vendor/pep517/in_process/_in_process.py", line 333, in main
          json_out['return_val'] = hook(**hook_input['kwargs'])
        File "/usr/local/lib/python3.10/site-packages/pip/_vendor/pep517/in_process/_in_process.py", line 132, in get_requires_for_build_editable
          return hook(config_settings)
        File "/tmp/pip-build-env-q7yvswdc/overlay/lib/python3.10/site-packages/setuptools/build_meta.py", line 446, in get_requires_for_build_editable
          return self.get_requires_for_build_wheel(config_settings)
        File "/tmp/pip-build-env-q7yvswdc/overlay/lib/python3.10/site-packages/setuptools/build_meta.py", line 338, in get_requires_for_build_wheel
          return self._get_build_requires(config_settings, requirements=['wheel'])
        File "/tmp/pip-build-env-q7yvswdc/overlay/lib/python3.10/site-packages/setuptools/build_meta.py", line 320, in _get_build_requires
          self.run_setup()
        File "/tmp/pip-build-env-q7yvswdc/overlay/lib/python3.10/site-packages/setuptools/build_meta.py", line 483, in run_setup
          super(_BuildMetaLegacyBackend,
        File "/tmp/pip-build-env-q7yvswdc/overlay/lib/python3.10/site-packages/setuptools/build_meta.py", line 335, in run_setup
          exec(code, locals())
        File "<string>", line 9, in <module>
        File "/tmp/pip-build-env-q7yvswdc/overlay/lib/python3.10/site-packages/setuptools/__init__.py", line 87, in setup
          return distutils.core.setup(**attrs)
        File "/tmp/pip-build-env-q7yvswdc/overlay/lib/python3.10/site-packages/setuptools/_distutils/core.py", line 159, in setup
          dist.parse_config_files()
        File "/tmp/pip-build-env-q7yvswdc/overlay/lib/python3.10/site-packages/setuptools/dist.py", line 868, in parse_config_files
          pyprojecttoml.apply_configuration(self, filename, ignore_option_errors)
        File "/tmp/pip-build-env-q7yvswdc/overlay/lib/python3.10/site-packages/setuptools/config/pyprojecttoml.py", line 62, in apply_configuration
          config = read_configuration(filepath, True, ignore_option_errors, dist)
        File "/tmp/pip-build-env-q7yvswdc/overlay/lib/python3.10/site-packages/setuptools/config/pyprojecttoml.py", line 140, in read_configuration
          return expand_configuration(asdict, root_dir, ignore_option_errors, dist)
        File "/tmp/pip-build-env-q7yvswdc/overlay/lib/python3.10/site-packages/setuptools/config/pyprojecttoml.py", line 195, in expand_configuration
          return _ConfigExpander(config, root_dir, ignore_option_errors, dist).expand()
        File "/tmp/pip-build-env-q7yvswdc/overlay/lib/python3.10/site-packages/setuptools/config/pyprojecttoml.py", line 242, in expand
          self._expand_all_dynamic(dist, package_dir)
        File "/tmp/pip-build-env-q7yvswdc/overlay/lib/python3.10/site-packages/setuptools/config/pyprojecttoml.py", line 279, in _expand_all_dynamic
          obtained_dynamic = {
        File "/tmp/pip-build-env-q7yvswdc/overlay/lib/python3.10/site-packages/setuptools/config/pyprojecttoml.py", line 280, in <dictcomp>
          field: self._obtain(dist, field, package_dir)
        File "/tmp/pip-build-env-q7yvswdc/overlay/lib/python3.10/site-packages/setuptools/config/pyprojecttoml.py", line 326, in _obtain
          self._ensure_previously_set(dist, field)
        File "/tmp/pip-build-env-q7yvswdc/overlay/lib/python3.10/site-packages/setuptools/config/pyprojecttoml.py", line 305, in _ensure_previously_set
          raise OptionError(msg)
      distutils.errors.DistutilsOptionError: No configuration found for dynamic 'description'.
      Some dynamic fields need to be specified via `tool.setuptools.dynamic`
      others must be specified via the equivalent attribute in `setup.py`.
      [end of output]
  
  note: This error originates from a subprocess, and is likely not a problem with pip.
error: subprocess-exited-with-error

× Getting requirements to build editable did not run successfully.
│ exit code: 1
╰─> See above for output.

note: This error originates from a subprocess, and is likely not a problem with pip.

Hello all,

Are there any plans on updating this library to use the latest version of Keycloak and also update the docs?

I think this library is based on Keycloak version 16.1.0 as seen here: https://fastapi-keycloak.code-specialist.com/quick_start/

 keycloak:
    image: jboss/keycloak:16.1.0   

Also: https://fastapi-keycloak.code-specialist.com/reference/ It should be "FastAPIKeycloak" instead of "KeycloakFastAPI"

Thank you very much for your valuable time.

Best Regards,

koufopoulosf

The link still references the old json file from before #38 was merged

Reference: https://stackoverflow.com/questions/71787580/keycloak-api-does-not-contain-resource-access/73778730#73778730

keycloak version :: 19.0.0

requests.exceptions.ConnectionError: HTTPConnectionPool(host='localhost', port=8080): Max retries exceeded with url: /realms/RealmOne/.well-known/openid-configuration (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f94efdfe610>: Failed to establish a new connection: [Errno 111] Connection refused'))

( server_url="http://localhost:8080", client_id="myApp", client_secret="Y49wuMTCnLbX2bufuasJ73RSR9ivLWLu", admin_client_secret="admin-cli-secret", realm="RealmOne", callback_uri="http://localhost:8080/callback" ) I cannot find the admin secret anywhere in keycloak .