just a simple web application with login page and two other pages one for admin and one for normal user but to control user privilege using keycloak identity service so admin login can view both 2 pages and normal user login can view only the normal user page.
Use the README.md
to get started.
You should have docker installed on your local machine
- check this docs to install docker
To RUN and TEST this project on your local machine, Please follow below instructions
- Clone the repo
git clone https://github.com:AbdelrahmanRabiee/key-cloak-django.git
- Build the project with docker-compose
docker-compose up --build
- Go to KeyCloak Administration console http://0.0.0.0:28080/admin/
- Credentials --> username: admin --> password: admin
- Create New Realm 'MontyMobile'
- Create new client 'monty_mobile_client'
- Generate Secret key for 'monty_mobile_client'
- Create new roles 'Admin User Role', 'Normal User Role'
- Create two users and add roles to each of them
After generating the secret key for 'monty_mobile_client' update the .env KEYCLOAK_CLIENT_SECRET_KEY with the new key and then build the images again
docker-compose up --build
Open Postman To TEST APIs
- http://0.0.0.0:9090/api/v1/login/ to get new access token
- POST Request:
{'email': 'normal_user@keycloak.org', 'password': 'passord'}
- Response:
{ "access_token": "eyJhbGciOiJSUUZzZkNGYmlsZV9jbGllbnQiL0V_NnVe-xYyXyJbZP8bm8JtImimZu3", "expires_in": 300, "refresh_expires_in": 1800, "refresh_token": "eyJhbGciOiJIUzI1NiIsInR", "token_type": "Bearer", "not-before-policy": 0, "session_state": "67d00534-bfdc-4ac7-8112-4fb706f02775", "scope": "profile email" }
- try to get token for admin user and normal user
- GET http://0.0.0.0:9090/api/v1/user/ with user token or admin token
- Response:
{ "keycloak_id": "098f3742-96e5-4040-88e8-459cd0478561", "password": "", "last_login": "2022-04-13T19:45:18.015986Z", "is_superuser": false, "email": "admin@keycloak.com", "first_name": "admin", "last_name": "keycloak", "role": "admin", "is_active": true, "is_staff": false, "is_email_verified": true, "groups": [], "user_permissions": [] }
- GET http://0.0.0.0:9090/api/v1/admin/ with user token
- Response:
{'error': 'you do not have permission to perform this action'}