[keycloak-dev] JSON document as claim JSON type on mapper configuration page

Thomas Darimont thomas.darimont at googlemail.com
Mon Oct 2 05:57:21 EDT 2017 

Hello,

I like the idea of supporting raw json output for custom attributes. I
think calling the custom type just 'JSON' would suffice.
I just gave this a quick spin, by adding support for "JSON" type conversion
to OIDCAttributeMapperHelper.

How could this work?
In case the mapper input is a String, then try to parse it as a JSON
Object. E.g. via:
jsonObject = objectMapper.readValue((String)attributeValue, Object.class);

If the input is an object or null return it as is.

This would work with values like:
user.singleAttribute("jsonData", "{\"intValue\":42,
\"stringValue\":\"hello\", \"listValue\": [1,2,3,\"test\"]}");
user.singleAttribute("jsonString", "\"jsonString\"");

which produce:
Map<String,Object> jsonData = new HashMap<>();
jsonData.put("intValue", 42);
jsonData.put("stringValue", "hello");
jsonData.put("listValue", Arrays.asList(1,2,3,"test"));

assertEquals(jsonData, accessToken.getOtherClaims().get("jsonData"));
assertEquals("jsonString", accessToken.getOtherClaims().get("jsonString"));

Question for the Keycloak Team:
- Is this a good idea?
- Is there a shared ObjectMapper available that could be reused here?

Cheers,
Thomas

2017-10-02 11:05 GMT+02:00 Thomas Darimont <thomas.darimont at googlemail.com>:

> Hello Herbert,
>
> the code that performs the value conversion is here:
> org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper#convertToType
>
> At the moment the only way to customize the mapping in the desired way is
> to provide your own AbstractOIDCProtocolMapper mapper implementation.
> Note that the OIDCAttributeMapperHelper is used by the setClaim method so
> you need to avoid using that method, or replace the resulting
> string value of your attribute with an object structure which is then
> later marshalled as an appropriate json structure.
>
> Cheers,
> Thomas
>
> 2017-10-02 10:36 GMT+02:00 Muehlburger, Herbert <herbert.muehlburger@
> bearingpoint.com>:
>
>> ?Hello,
>>
>>
>> What is the best way to map a JSON document to a Token Claim? Currently I
>> can only define "?String" in Claim JSON Type at the Mapper Configuration
>> page. But this causes Keycloak to treat the value of my custom user
>> attribute field field as string. The value is indeed a JSON document and it
>> would be great if there is also a claim JSON type of "JSON Object" which is
>> not treated as string and not escaped as happens now.
>>
>>
>> ?Kind regards,
>>
>> Herbert
>>
>>
>> Herbert Mühlburger
>> Senior System Engineer
>>
>> [http://signature.bearingpoint.com/BrP_Logo.png]
>>
>> T  +43 316 8003
>> F  +43 316 8003 1080
>>
>> BearingPoint Technology GmbH
>> Seering 6, Block B
>> 8141 Premstätten
>> Austria
>>
>> herbert.muehlburger at bearingpoint.com <mailto:herbert.muehlburger at be
>> aringpoint.com>
>> www.bearingpoint.com<http://www.bearingpoint.com/>
>> ________________________________
>> BearingPoint Technology GmbH
>> Sitz: Premstätten bei Graz
>> Firmenbuchgericht: Landesgericht für ZRS Graz
>> Firmenbuchnummer: FN 44354b
>>
>> The information in this email is confidential and may be legally
>> privileged. If you are not the intended recipient of this message, any
>> review, disclosure, copying, distribution, retention, or any action taken
>> or omitted to be taken in reliance on it is prohibited and may be unlawful.
>> If you are not the intended recipient, please reply to or forward a copy of
>> this message to the sender and delete the message, any attachments, and any
>> copies thereof from your system.
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
>

More information about the keycloak-dev mailing list