Keycloak-based dev STS helper for the ARP Standard.
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
ARP STS Keycloak
Keycloak-based dev STS helper for the ARP Standard. This package provides a small CLI
that writes a ready-to-run Keycloak docker compose file plus a preconfigured arp-dev
realm with ARP clients.
Quick start
pip install arp-sts-keycloak
arp-sts-keycloak init --output ./arp-keycloak
cd ./arp-keycloak
docker compose up -d
Keycloak will be available at http://localhost:8080.
Default realm
The bundled realm is named arp-dev and includes the following clients:
arp-dev-cli(public client; device flow)arp-daemon(client secret:arp-daemon-secret)arp-runtime(client secret:arp-runtime-secret)arp-tool-registry(client secret:arp-tool-registry-secret)arp-run-gateway(client secret:arp-run-gateway-secret)arp-run-coordinator(client secret:arp-run-coordinator-secret)arp-composite-executor(client secret:arp-composite-executor-secret)arp-atomic-executor(client secret:arp-atomic-executor-secret)arp-node-registry(client secret:arp-node-registry-secret)arp-selection-service(client secret:arp-selection-service-secret)arp-pdp(client secret:arp-pdp-secret)
Each service client is configured for client-credentials flow and includes an audience mapper
so the access token aud claim matches the client ID.
Additionally, arp-dev-cli is a public client configured for the OAuth device flow (RFC 8628).
The default realm also seeds a dev user for the browser step:
- username:
dev - password:
dev
Get a token (client credentials)
curl -sS \
-X POST \
http://localhost:8080/realms/arp-dev/protocol/openid-connect/token \
-d 'grant_type=client_credentials' \
-d 'client_id=arp-runtime' \
-d 'client_secret=arp-runtime-secret'
Use the resulting access_token as Authorization: Bearer <token>.
Service configuration hints
- Issuer:
http://localhost:8080/realms/arp-dev - OIDC discovery:
http://localhost:8080/realms/arp-dev/.well-known/openid-configuration - Audience: match the ARP service ID (for example
arp-runtime)
Notes
- This package is intended for local development and testing.
arp-sts-keycloak initwrites two files:docker-compose.ymlandrealm-export.json.- Use
--forceto overwrite existing files.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file arp_sts_keycloak-0.2.2.tar.gz.
File metadata
- Download URL: arp_sts_keycloak-0.2.2.tar.gz
- Upload date:
- Size: 7.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
655dc51a9166ef6d95afd834f585b463dc5a87b75ee81489f080ef8a84458dd4
|
|
| MD5 |
42cf8db7b5ca73c455a96d068feea209
|
|
| BLAKE2b-256 |
d68fccbde9aff51cd75cb3feae3c9771a639590e9025dd9c2f5fbec6e041e894
|
Provenance
The following attestation bundles were made for arp_sts_keycloak-0.2.2.tar.gz:
Publisher:
release.yml on AgentRuntimeProtocol/ARP_STS_KeyCloak
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
arp_sts_keycloak-0.2.2.tar.gz -
Subject digest:
655dc51a9166ef6d95afd834f585b463dc5a87b75ee81489f080ef8a84458dd4 - Sigstore transparency entry: 789312649
- Sigstore integration time:
-
Permalink:
AgentRuntimeProtocol/ARP_STS_KeyCloak@9ced6e188bb399bf5a44a34316f8f0beac0bdbd4 -
Branch / Tag:
refs/tags/v0.2.2 - Owner: https://github.com/AgentRuntimeProtocol
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@9ced6e188bb399bf5a44a34316f8f0beac0bdbd4 -
Trigger Event:
push
-
Statement type:
File details
Details for the file arp_sts_keycloak-0.2.2-py3-none-any.whl.
File metadata
- Download URL: arp_sts_keycloak-0.2.2-py3-none-any.whl
- Upload date:
- Size: 7.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2491955fd65d02ba77407a1a78ec3566cdf13e852b19ec231c765e40e82efc70
|
|
| MD5 |
7a3c9a31fbc54134e68c445e1295d60b
|
|
| BLAKE2b-256 |
ccd5ccbf10344c0efde8770e16e7fa7a6325abc77385f2a2f6101aa6e0367d9f
|
Provenance
The following attestation bundles were made for arp_sts_keycloak-0.2.2-py3-none-any.whl:
Publisher:
release.yml on AgentRuntimeProtocol/ARP_STS_KeyCloak
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
arp_sts_keycloak-0.2.2-py3-none-any.whl -
Subject digest:
2491955fd65d02ba77407a1a78ec3566cdf13e852b19ec231c765e40e82efc70 - Sigstore transparency entry: 789312650
- Sigstore integration time:
-
Permalink:
AgentRuntimeProtocol/ARP_STS_KeyCloak@9ced6e188bb399bf5a44a34316f8f0beac0bdbd4 -
Branch / Tag:
refs/tags/v0.2.2 - Owner: https://github.com/AgentRuntimeProtocol
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@9ced6e188bb399bf5a44a34316f8f0beac0bdbd4 -
Trigger Event:
push
-
Statement type:
