[keycloak-user] Client roles in Access Token
Henning Waack
henning.waack at codecentric.de
Wed Aug 15 03:08:41 EDT 2018
Dear all.
Using KC 4.2.1, I get the following access token for a "Service Account
User":
{
"jti": "af460ad9-e436-481f-aa4c-2d0ee0a19878",
"exp": 1534251578,
"nbf": 0,
"iat": 1534251278,
"iss": "https://xxx/auth/realms/NAK",
"aud": "nak-portal",
"sub": "f19b3205-1f3c-4a7e-8e76-c5d8e47ef0e4",
"typ": "Bearer",
"azp": "nak-portal",
"auth_time": 0,
"session_state": "a47e50aa-2ed2-40fa-9ba7-453d5632ced0",
"name": "nak portal",
"given_name": "nak",
"family_name": "portal",
"preferred_username": "service-account-nak-portal",
"email": "service-account-nak-portal at placeholder.de",
"email_verified": true,
"acr": "1",
"allowed-origins": [
"http://dummy:8008"
],
"realm_access": {
"roles": [
"source_system"
]
},
"resource_access": {
"realm-management": {
"roles": [
"manage-users",
"view-users",
"query-clients",
"query-groups",
"query-users"
]
}
},
"scope": "email profile",
"clientId": "nak-portal",
"clientHost": "80.242.181.71",
"clientAddress": "80.242.181.71",
"client_id": "nak-portal",
"username": "service-account-nak-portal",
"active": true
}
Please note the five realm-management client roles. Problem is that for the
given service account I have assigned many more roles, please see attached
screenshot
Why don't I see all effective roles (or assigned roles) in my access token?
Interestingly enough I am also missing some of my realm roles. I have
mapped 4 realm roles, but in the token I only have 1. Am I missing
something?
Thanks in advance, greetings
Henning
-------------- next part --------------
A non-text attachment was scrubbed...
Name: service_account_roles.png
Type: image/png
Size: 158302 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20180815/c51964f3/attachment-0001.png
More information about the keycloak-user
mailing list