[keycloak-user] Extract user roles from jwt auth token

Irtiza Ali iali at an10.io
Tue Jul 31 02:37:05 EDT 2018 

Thanks for the tip!


IA

On Tue, 31 Jul 2018, 11:07 Dmitry Telegin, <dt at acutus.pro> wrote:

> Hi Irtiza,
>
> On Tue, 2018-07-31 at 11:00 +0500, Irtiza Ali wrote:
> > Thank you, Dmitry for the response,
> >
> > 1) Yes, I have assigned admin and client roles to the user.
> > 2) My keycloak version is 4.0.0
> >
> > I have resolved this issue thanks for the help
>
> You're welcome! Just FYI: the behavior has changed after 3.2.0, so that
> realm_access is no longer included in JWT by default. It has to be
> configured explicitly.
>
> Good luck!
> Dmitry
>
> >
> > IA
> >
> >
> >
> > > On Tue, Jul 31, 2018 at 9:01 AM, Dmitry Telegin <dt at acutus.pro> wrote:
> > > Hi Irtiza,
> > >
> > > In Keycloak, there are two types of roles: realm roles and client
> roles. In JWT, they are mapped to realm_access and resource_access object,
> respectively.
> > >
> > > So in your JWT example, resource_access lists client roles. Does the
> user have any realm roles assigned? What version of Keycloak are you using?
> > >
> > > Cheers,
> > > Dmitry Telegin
> > > CTO, Acutus s.r.o.
> > > Keycloak Consulting and Training
> > >
> > > Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> > > +42 (022) 888-30-71
> > > E-mail: info at acutus.pro
> > >
> > > On Mon, 2018-07-23 at 12:28 +0500, Irtiza Ali wrote:
> > > > I am using this endpoint:
> > > >
> > > > XXXXXXXXXX/protocol/openid-connect/token
> > > >
> > > > to authenticate the user. Once the user is authenticated a json(jwt)
> is
> > > > returned from keyclock.
> > > >
> > > > Decoded jwt json:
> > > >
> > > > {
> > > >   "jti": "30d233b2-bba8-4f21-bc51-8c867cd5db8b",
> > > >   "exp": 1532326409,
> > > >   "nbf": 0,
> > > >   "iat": 1532325509,
> > > > > > >   "iss": "http://localhost:8080/auth/realms/nodejs-example",
> > > >   "aud": "nodejs-connect",
> > > >   "sub": "faf3fc64-b96b-4e3f-8e86-4fc727e20d31",
> > > >   "typ": "Bearer",
> > > >   "azp": "nodejs-connect",
> > > >   "auth_time": 0,
> > > >   "session_state": "736f9570-a3c8-4180-927e-15b5e0f63764",
> > > >   "acr": "1",
> > > >   "allowed-origins": [],
> > > >   "resource_access": {
> > > >     "account": {
> > > >       "roles": [
> > > >         "view-profile"
> > > >       ]
> > > >     }
> > > >   },
> > > >   "name": "aaa bbb",
> > > >   "preferred_username": "ali123",
> > > >   "given_name": "aaa",
> > > >   "family_name": "bbb",
> > > > > > >   "email": "a123 at yahoo.com"
> > > > }
> > > >
> > > > How can I retrieve the user roles from that JWT token?
> > > >
> > > > Thank you
> > > >
> > > > Irtiza Ali
> > > > _______________________________________________
> > > > keycloak-user mailing list
> > > > keycloak-user at lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
> >
> >
>

More information about the keycloak-user mailing list