[keycloak-dev] refresh_token request should trigger update of access token payload
Mr. Graf
mr.graf at gmx.net
Tue Sep 8 11:34:10 EDT 2015
Thank you.
What does it mean for the moment? It’s not possible now?
If so, are you sure now and is it already in the backlog? ;) No, seriously, will it get public and when?
> Am 08.09.2015 um 14:18 schrieb Bill Burke <bburke at redhat.com>:
>
> You can write a ProtocolMapper. We haven't made the SPI public yet and
> weren't sure if we should.
>
> On 9/8/2015 3:18 AM, Mr. Graf wrote:
>> Hey all,
>> we are evaluating keycloak and run into an issue.
>> We implemented a UserFederationProvider. This Provider authenticates let’s say old users and new users.
>> „old“ users should receive an LTPA token within the payload of the access token. We used user attributes to achieve it. Fine so far.
>> Our current issue is, that this LTPA token needs to be updated when a refresh_token request comes in and should be put into the „new“ access token too.
>> Initially we tried to achieve it using the refresh_token event until we noticed that this is fired after the „new“ access token has been created, so too late.
>>
>> Does someone has a smart approach or an example how to add custom payload, to be retrieved from a legacy system, to the access token when refreshing it?
>>
>> Thanks in advance
>> Thomas
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list