Metadata-Version: 2.4
Name: simple_module_keycloak
Version: 0.0.24
Summary: Keycloak OIDC authentication provider for simple_module — swap with simple_module_users
Project-URL: Homepage, https://github.com/antosubash/simple_module_python
Project-URL: Repository, https://github.com/antosubash/simple_module_python
Author-email: Anto Subash <antosubash@live.com>
License-Expression: MIT
Keywords: authentication,fastapi,keycloak,oidc,simple-module
Classifier: Development Status :: 3 - Alpha
Classifier: Framework :: FastAPI
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Topic :: Software Development :: Libraries :: Application Frameworks
Classifier: Typing :: Typed
Requires-Python: >=3.12
Requires-Dist: httpx>=0.27
Requires-Dist: pyjwt[crypto]>=2.8
Requires-Dist: simple-module-auth==0.0.24
Requires-Dist: simple-module-core==0.0.24
Requires-Dist: simple-module-db==0.0.24
Requires-Dist: simple-module-hosting==0.0.24
Requires-Dist: simple-module-settings==0.0.24
Description-Content-Type: text/markdown

# simple_module_keycloak

Keycloak OIDC authentication provider for simple_module. Swap with `simple_module_users` for Keycloak-backed identity management — users, roles, and login all handled by Keycloak.

## Install

Add to your app's `pyproject.toml` dependencies instead of `simple_module_users`:

```toml
dependencies = [
    "simple_module_keycloak==0.0.17",
]
```

Run `uv sync --all-packages` to install.

## Usage

Set the required environment variables (or configure via the settings admin UI after first boot):

```bash
SM_KEYCLOAK_SERVER_URL=https://keycloak.example.com
SM_KEYCLOAK_REALM=my-realm
SM_KEYCLOAK_CLIENT_ID=my-app
SM_KEYCLOAK_CLIENT_SECRET=my-secret
```

The module auto-registers as the auth provider. Browser users are redirected to Keycloak's hosted login page. Mobile clients authenticate directly with Keycloak and send bearer tokens to the framework API.

Keycloak realm roles are mapped to framework permissions via the `role_mapping` setting (default: `admin` and `user` map 1:1).
