keycloak

class trame.widgets.keycloak.Auth(**kwargs)

Bases: AbstractElement

property html

Return a string representation of the HTML component

login(options)

Redirects to login form.

Parameters:

  • scope – Specifies the scope parameter for the login url. The scope ‘openid’ will be added to the scope if it is missing or undefined.

  • redirectUri – Specifies the uri to redirect to after login.

  • prompt – By default the login screen is displayed if the user is not logged into Keycloak. To only authenticate to the application if the user is already logged in and not display the login page if the user is not logged in, set this option to ‘none’. To always require re-authentication and ignore SSO, set this option to ‘login’.

  • action – If value is ‘register’ then user is redirected to registration page, otherwise to login page.

  • maxAge – Used just if user is already authenticated. Specifies maximum time since the authentication of user happened. If user is already authenticated for longer time than ‘maxAge’, the SSO is ignored and he will need to authenticate again.

  • loginHint – Used to pre-fill the username/email field on the login form.

  • acr – Sets the acr claim of the ID token sent inside the claims parameter. See section 5.5.1 of the OIDC 1.0 specification.

  • idpHint – Used to tell Keycloak which IDP the user wants to authenticate with.

  • locale – Sets the ‘ui_locales’ query param in compliance with section 3.1.2.1 of the OIDC 1.0 specification.

Param_type scope:

string

Param_type redirectUri:

string

Param_type prompt:

None | login;

Param_type action:

string

Param_type maxAge:

number

Param_type loginHint:

string

Param_type acr:

Acr

Param_type idpHint:

string

Param_type locale:

string

logout(options)

Redirects to logout.

Parameters:

redirectUri – Specifies the uri to redirect to after logout.

register(options)

Redirects to registration form.

Parameters:

  • scope – Specifies the scope parameter for the login url. The scope ‘openid’ will be added to the scope if it is missing or undefined.

  • redirectUri – Specifies the uri to redirect to after login.

  • prompt – By default the login screen is displayed if the user is not logged into Keycloak. To only authenticate to the application if the user is already logged in and not display the login page if the user is not logged in, set this option to ‘none’. To always require re-authentication and ignore SSO, set this option to ‘login’.

  • maxAge – Used just if user is already authenticated. Specifies maximum time since the authentication of user happened. If user is already authenticated for longer time than ‘maxAge’, the SSO is ignored and he will need to authenticate again.

  • loginHint – Used to pre-fill the username/email field on the login form.

  • acr – Sets the acr claim of the ID token sent inside the claims parameter. See section 5.5.1 of the OIDC 1.0 specification.

  • idpHint – Used to tell Keycloak which IDP the user wants to authenticate with.

  • locale – Sets the ‘ui_locales’ query param in compliance with section 3.1.2.1 of the OIDC 1.0 specification.

Param_type scope:

string

Param_type redirectUri:

string

Param_type prompt:

None | login;

Param_type maxAge:

number

Param_type loginHint:

string

Param_type acr:

Acr

Param_type idpHint:

string

Param_type locale:

string