Configuration

Handler options

KeycloakOIDCDeviceFlowHandler accepts:

• realm_url: Keycloak realm URL, for example https://auth.example.edu.au/realms/MyRealm.

• client_id: OAuth client ID.

• client_secret: Optional. Set for confidential clients to use HTTP Basic.

• scopes: Space-separated scopes. Default is openid profile email offline_access.

• verify_tls: Whether to verify TLS. Leave enabled for production.

• timeout: Request timeout in seconds.

Token cache options

Token caches implement TokenCache:

• MemoryTokenCache stores tokens in memory for the current process.

• KeyringTokenCache stores tokens in the system keyring.

• JsonFileTokenCache stores tokens in a local JSON file. It is intended for testing only.

The cache is responsible for persisting tokens between runs. The httpx auth class will refresh tokens automatically when possible.