Skip to content

Commit 5fa7ea1

Browse files
ryshooooryshoooo
committed
feat: uma extra payload
1 parent a9c03a4 commit 5fa7ea1

1 file changed

Lines changed: 10 additions & 2 deletions

File tree

src/keycloak/keycloak_uma.py

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -318,7 +318,7 @@ def permission_ticket_create(self, permissions: Iterable[UMAPermission]):
318318
)
319319
return raise_error_from_response(data_raw, KeycloakPostError)
320320

321-
def permissions_check(self, token, permissions: Iterable[UMAPermission]):
321+
def permissions_check(self, token, permissions: Iterable[UMAPermission], **extra_payload):
322322
"""Check UMA permissions by user token with requested permissions.
323323
324324
The token endpoint is used to check UMA permissions from Keycloak. It can only be
@@ -330,6 +330,8 @@ def permissions_check(self, token, permissions: Iterable[UMAPermission]):
330330
:type token: str
331331
:param permissions: Iterable of uma permissions to validate the token against
332332
:type permissions: Iterable[UMAPermission]
333+
:param extra_payload: extra payload data
334+
:type extra_payload: dict
333335
:returns: Keycloak decision
334336
:rtype: boolean
335337
"""
@@ -338,6 +340,7 @@ def permissions_check(self, token, permissions: Iterable[UMAPermission]):
338340
"permission": ",".join(str(permission) for permission in permissions),
339341
"response_mode": "decision",
340342
"audience": self.connection.client_id,
343+
**extra_payload,
341344
}
342345

343346
# Everyone always has the null set of permissions
@@ -657,7 +660,9 @@ async def a_permission_ticket_create(self, permissions: Iterable[UMAPermission])
657660
)
658661
return raise_error_from_response(data_raw, KeycloakPostError)
659662

660-
async def a_permissions_check(self, token, permissions: Iterable[UMAPermission]):
663+
async def a_permissions_check(
664+
self, token, permissions: Iterable[UMAPermission], **extra_payload
665+
):
661666
"""Check UMA permissions by user token with requested permissions asynchronously.
662667
663668
The token endpoint is used to check UMA permissions from Keycloak. It can only be
@@ -669,6 +674,8 @@ async def a_permissions_check(self, token, permissions: Iterable[UMAPermission])
669674
:type token: str
670675
:param permissions: Iterable of uma permissions to validate the token against
671676
:type permissions: Iterable[UMAPermission]
677+
:param extra_payload: extra payload data
678+
:type extra_payload: dict
672679
:returns: Keycloak decision
673680
:rtype: boolean
674681
"""
@@ -677,6 +684,7 @@ async def a_permissions_check(self, token, permissions: Iterable[UMAPermission])
677684
"permission": ",".join(str(permission) for permission in permissions),
678685
"response_mode": "decision",
679686
"audience": self.connection.client_id,
687+
**extra_payload,
680688
}
681689

682690
# Everyone always has the null set of permissions

0 commit comments

Comments
 (0)