[keycloak-user] accessing client JWT token in token mapper when using signed JWT authenticator.

[Marek Posolda]

Hmm... I am not sure if this use-case is something generally useful. TBH 
looks to me rather like something specific to your deployment.

You can create new provider (likely subclass of JWTClientAuthenticator) 
and override things according to your needs - likely add the note to 
clientSession or userSession (clientSession is more proper IMO as it's 
specific to single client, but you will probably need to implement new 
protocolMapper for clientSessions). Then create new protocol mapper for 
propagate the info from clientSession/userSession to the token.

Hope this helps,
Marek

On 17/08/18 08:28, Billiet Tom wrote:
> Hi,
>
> I'm currently trying to create a Mapper for a client that uses "Signed JWT" as the client authenticator. In the mapper I would like to access some fields from the JWT token that's used to authenticate the client.
>
> I cannot figure out a way to do so. I've tried to create a custom mapper that extends AbstractOIDCProtocolMapper, but I don't seem to be able to access the client JWT token anywhere.
> When digging somewhat deeper, I think the JWTClientAuthenticator (https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java) should expose this if I want to be able to use it later in a mapper. If the JsonWebToken would be stored on the userSession note object that would be possible.
> But that  would require a feature request to have this exposed. Is there another way to make this possible?
>
> Thanks,
> Tom
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user