add claims to access token keycloak
This method if for the UI. In your realm, select your client. For that client, go the 'Mappers' option and then click on 'Create'. You can have the mapper type as 'User Attribute' and select the option(s) to add the attribute to ID token, access token and userinfo. The attribute added here should exist on the user.
Related videos on Youtube
Cshah
I have been working primarily on java technologies in developing management products for smartphones. My work involves working on java, hibernate, axis webservices, maven and ant. I m moving on to learn C# and .NET technologies (Mar 2009) Linkedin:https://www.linkedin.com/in/chethu
Updated on June 04, 2022Comments
-
Cshah almost 2 years
Below is my use case: I need to add a claim to the access token so that i can use it during policy evaluation on my resource. My policy is a javascript based policy and it gets access only to reserved and custom attributes of the logged in user. I have used the below api to push claims:
curl -X POST \ http://localhost:8082/auth/realms/cms-non-prod/protocol/openid-connect/token \ -H 'Authorization: Bearer eyJhbGciOiJSXXXXXXXXXXXXXXXX' \ -H 'Cache-Control: no-cache' \ -H 'Content-Type: application/x-www-form-urlencoded' \ -H 'Postman-Token: ac020c2b-9efb-4817-81ea-61895c8775a7' \ -d 'grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Auma-ticket&claim_token=ewoiaW5zdGl0dXRpb25JZCI6WyJEQ0IiXQp9& claim_token_format=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Ajwt&client_id=indra-bff \ &client_Secret=5760582d-74ff-496c-a6c2-2530ddde6408&audience=indra-bff'
It adds the claim but it adds in to authorization--> Permissions-->Resources. How do i read this if i have a JS based policy. Any pointers on this will help. Below is the token i get when i hit above url:
{ "jti": "4c00f1a4-8038-4c45-820d-23a9c9ab6d42", "exp": 1580733917, "nbf": 0, "iat": 1580730317, "iss": "http://localhost:8082/auth/realms/cms-non-prod", "aud": "indra-bff", "sub": "9ab2fc80-3a5c-426d-ae78-56de01d214df", "typ": "Bearer", "azp": "indra-bff", "auth_time": 0, "session_state": "2ab35757-d09d-4d52-946b-f519a1338abf", "acr": "1", "realm_access": { "roles": [ "PR_DCB_RECON_ASSOCIATE", "PR_YBL_RECON_ASSOCIATE", "offline_access", "uma_authorization", "PR_DCB_RECON_MGR" ] }, "resource_access": { "indra-bff": { "roles": [ "uma_protection" ] }, "account": { "roles": [ "manage-account", "manage-account-links", "view-profile" ] } }, "authorization": { "permissions": [ { "claims": { "institutionId": [ "DCB" ] }, "rsid": "17fdf554-8643-4741-b9a4-13309e830b6f", "rsname": "Default Resource" }, { "scopes": [ "DELETE", "POST", "GET", "PUT", "PATCH" ], "claims": { "institutionId": [ "DCB" ] }, "rsid": "56cabb7c-76a1-4260-bd9f-d5494458c6bf", "rsname": "adjustment" }, { "scopes": [ "DELETE", "POST", "GET", "PUT", "PATCH" ], "claims": { "institutionId": [ "DCB" ] }, "rsid": "70297346-8010-4c1d-91b1-9bc22edd3061", "rsname": "chargeback" } ] }, "scope": "profile email", "institution": "UNKNOWN", "email_verified": false, "preferred_username": "siva", "email": "[email protected]" }
Thanks for your help. Cheers,