Metadata-Version: 2.4
Name: arp-sts-keycloak
Version: 0.1.0
Summary: Keycloak-based dev STS helper for the ARP Standard.
Author: Agent Runtime Protocol
License: MIT License
        
        Copyright (c) 2025 Agent Runtime Protocol 
        
        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:
        
        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.
        
        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
Project-URL: Repository, https://github.com/AgentRuntimeProtocol/ARP_STS_KeyCloak
Project-URL: Issues, https://github.com/AgentRuntimeProtocol/ARP_STS_KeyCloak/issues
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Classifier: Typing :: Typed
Requires-Python: >=3.11
Description-Content-Type: text/markdown
License-File: LICENSE
Provides-Extra: dev
Requires-Dist: pytest>=7; extra == "dev"
Dynamic: license-file

# ARP STS Keycloak

Keycloak-based dev STS helper for the ARP Standard. This package provides a small CLI
that writes a ready-to-run Keycloak docker compose file plus a preconfigured `arp-dev`
realm with ARP clients.

## Quick start

```bash
pip install arp-sts-keycloak
arp-sts-keycloak init --output ./arp-keycloak
cd ./arp-keycloak
docker compose up -d
```

Keycloak will be available at `http://localhost:8080`.

## Default realm

The bundled realm is named `arp-dev` and includes the following clients:

- `arp-daemon` (client secret: `arp-daemon-secret`)
- `arp-runtime` (client secret: `arp-runtime-secret`)
- `arp-tool-registry` (client secret: `arp-tool-registry-secret`)

Each client is configured for client-credentials flow and includes an audience mapper
so the access token `aud` claim matches the client ID.

## Get a token (client credentials)

```bash
curl -sS \
  -X POST \
  http://localhost:8080/realms/arp-dev/protocol/openid-connect/token \
  -d 'grant_type=client_credentials' \
  -d 'client_id=arp-runtime' \
  -d 'client_secret=arp-runtime-secret'
```

Use the resulting `access_token` as `Authorization: Bearer <token>`.

## Service configuration hints

- Issuer: `http://localhost:8080/realms/arp-dev`
- OIDC discovery: `http://localhost:8080/realms/arp-dev/.well-known/openid-configuration`
- Audience: match the ARP service ID (for example `arp-runtime`)

## Notes

- This package is intended for local development and testing.
- `arp-sts-keycloak init` writes two files: `docker-compose.yml` and `realm-export.json`.
- Use `--force` to overwrite existing files.
