[keycloak-user] Loading extra claims from database
Amaeztu
amaeztu at tesicnor.com
Thu Apr 13 03:07:55 EDT 2017
I forgot to mention that obviously this procedure gets simplified if you access the database directly, just connect to the database from the mapper
Nire Sony Xperia™ telefonotik bidalita
---- Amaeztu igorleak idatzi du ----
>Hi!
>
>I use the first option. I do it with a protocol mapper, which is a convenient place to do it because there the token is already built by keycloak but hasn't been signed yet. This is the procedure :
>
>1. User logs in
>
>2. My custom protocol mapper gets called, where I overwrite the transformAccessToken method
>
>3. Here I log in the client where the protocol mapper is in into keycloak, as a service. Here don't forget to use another client ID instead the one you're building the protocol mapper for, you'll enter an endless recursion otherwise.
>
>4. I get the access token into the protocol mapper and I call the rest endpoint of my application to grab the extra claims, which is secured
>
>5. Get the info returned by the endpoint and add it as extra claims
>
>Nire Sony Xperia™ telefonotik bidalita
More information about the keycloak-user
mailing list