add claims to access token keycloak

jwt keycloak claims

11,409

This method if for the UI. In your realm, select your client. For that client, go the 'Mappers' option and then click on 'Create'. You can have the mapper type as 'User Attribute' and select the option(s) to add the attribute to ID token, access token and userinfo. The attribute added here should exist on the user.

11,409

Cshah

I have been working primarily on java technologies in developing management products for smartphones. My work involves working on java, hibernate, axis webservices, maven and ant. I m moving on to learn C# and .NET technologies (Mar 2009) Linkedin:https://www.linkedin.com/in/chethu

Updated on June 04, 2022

Comments

Cshah almost 2 years

Below is my use case: I need to add a claim to the access token so that i can use it during policy evaluation on my resource. My policy is a javascript based policy and it gets access only to reserved and custom attributes of the logged in user. I have used the below api to push claims:

curl -X POST \
  http://localhost:8082/auth/realms/cms-non-prod/protocol/openid-connect/token \
  -H 'Authorization: Bearer eyJhbGciOiJSXXXXXXXXXXXXXXXX' \
  -H 'Cache-Control: no-cache' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'Postman-Token: ac020c2b-9efb-4817-81ea-61895c8775a7' \
  -d 'grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Auma-ticket&claim_token=ewoiaW5zdGl0dXRpb25JZCI6WyJEQ0IiXQp9& claim_token_format=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Ajwt&client_id=indra-bff \
&client_Secret=5760582d-74ff-496c-a6c2-2530ddde6408&audience=indra-bff'

It adds the claim but it adds in to authorization--> Permissions-->Resources. How do i read this if i have a JS based policy. Any pointers on this will help. Below is the token i get when i hit above url:

{
  "jti": "4c00f1a4-8038-4c45-820d-23a9c9ab6d42",
  "exp": 1580733917,
  "nbf": 0,
  "iat": 1580730317,
  "iss": "http://localhost:8082/auth/realms/cms-non-prod",
  "aud": "indra-bff",
  "sub": "9ab2fc80-3a5c-426d-ae78-56de01d214df",
  "typ": "Bearer",
  "azp": "indra-bff",
  "auth_time": 0,
  "session_state": "2ab35757-d09d-4d52-946b-f519a1338abf",
  "acr": "1",
  "realm_access": {
    "roles": [
      "PR_DCB_RECON_ASSOCIATE",
      "PR_YBL_RECON_ASSOCIATE",
      "offline_access",
      "uma_authorization",
      "PR_DCB_RECON_MGR"
    ]
  },
  "resource_access": {
    "indra-bff": {
      "roles": [
        "uma_protection"
      ]
    },
    "account": {
      "roles": [
        "manage-account",
        "manage-account-links",
        "view-profile"
      ]
    }
  },
  "authorization": {
    "permissions": [
      {
        "claims": {
          "institutionId": [
            "DCB"
          ]
        },
        "rsid": "17fdf554-8643-4741-b9a4-13309e830b6f",
        "rsname": "Default Resource"
      },
      {
        "scopes": [
          "DELETE",
          "POST",
          "GET",
          "PUT",
          "PATCH"
        ],
        "claims": {
          "institutionId": [
            "DCB"
          ]
        },
        "rsid": "56cabb7c-76a1-4260-bd9f-d5494458c6bf",
        "rsname": "adjustment"
      },
      {
        "scopes": [
          "DELETE",
          "POST",
          "GET",
          "PUT",
          "PATCH"
        ],
        "claims": {
          "institutionId": [
            "DCB"
          ]
        },
        "rsid": "70297346-8010-4c1d-91b1-9bc22edd3061",
        "rsname": "chargeback"
      }
    ]
  },
  "scope": "profile email",
  "institution": "UNKNOWN",
  "email_verified": false,
  "preferred_username": "siva",
  "email": "[email protected]"
}

Thanks for your help. Cheers,