<div dir="ltr">
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"" lang="EN-US">Hi,</span></p><p class="MsoNormal"><span style="font-family:"Arial","sans-serif"" lang="EN-US"><br></span></p><p class="MsoNormal"><span style="font-family:"Arial","sans-serif"" lang="EN-US">We're adding specific User Attributes to Users, and
use the User Attribute protocol mapper to add those attributes to the JWT
bearer tokens the user gets when logging in. <br></span></p><p class="MsoNormal"><span style="font-family:"Arial","sans-serif"" lang="EN-US"><br></span></p><p class="MsoNormal"><span style="font-family:"Arial","sans-serif"" lang="EN-US">This works fine for keycloak Users
(natural persons) using our secured endpoints (APIs).</span></p><p class="MsoNormal"><span style="font-family:"Arial","sans-serif"" lang="EN-US"><br></span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"" lang="EN-US">We'd like to use the same concept for Clients
(internal applications, so no natural person is involved) that use our secured
endpoints. These Clients use client credentials to get a bearer token from Keycloak. Clients can
have Client Attributes, so that's half the problem fixed. The other half is the
protocol mapper: there is no Client Attribute protocol mapper.</span></p><p class="MsoNormal"><span style="font-family:"Arial","sans-serif"" lang="EN-US"><br></span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"" lang="EN-US">Is there a specific reason there is no Client
Attribute protocol mapper? </span><span style="font-family:"Arial","sans-serif"">Are
we doing something we shouldn't do? ;)</span></p><p class="MsoNormal"><br><span style="font-family:"Arial","sans-serif""></span></p><p class="MsoNormal"><span style="font-family:"Arial","sans-serif"">Thanks,</span></p><p class="MsoNormal"><span style="font-family:"Arial","sans-serif""><br></span></p><p class="MsoNormal"><span style="font-family:"Arial","sans-serif"">Bram Vonk<br></span></p>
</div>