<p dir="ltr">Is this for service accounts or clients in general?</p>
<div class="gmail_quote">On 14 Mar 2016 11:37, &quot;Marek Posolda&quot; &lt;<a href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>&gt; wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    <div>We don&#39;t have a mapper for client
      attributes. There was no need for it until now AFAIK. You can
      either create JIRA to request it (but not sure when it will be
      done) or you can implement by yourself. See docs for providers and
      SPI [1]<br>
      <br>
      [1] 
<a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.html" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.html</a><br>
      <br>
      Marek<br>
      <br>
      On 14/03/16 11:12, Bram Vonk wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr">
        <p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,&quot;sans-serif&quot;" lang="EN-US">Hi,</span></p>
        <p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,&quot;sans-serif&quot;" lang="EN-US"><br>
          </span></p>
        <p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,&quot;sans-serif&quot;" lang="EN-US">We&#39;re adding specific User Attributes to Users,
            and
            use the User Attribute protocol mapper to add those
            attributes to the JWT
            bearer tokens the user gets when logging in. <br>
          </span></p>
        <p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,&quot;sans-serif&quot;" lang="EN-US"><br>
          </span></p>
        <p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,&quot;sans-serif&quot;" lang="EN-US">This works fine for keycloak Users
            (natural persons) using our secured endpoints (APIs).</span></p>
        <p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,&quot;sans-serif&quot;" lang="EN-US"><br>
          </span></p>
        <p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,&quot;sans-serif&quot;" lang="EN-US">We&#39;d like to use the same concept for Clients
            (internal applications, so no natural person is involved)
            that use our secured
            endpoints. These Clients use client credentials to get a
            bearer token from Keycloak. Clients can
            have Client Attributes, so that&#39;s half the problem fixed.
            The other half is the
            protocol mapper: there is no Client Attribute protocol
            mapper.</span></p>
        <p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,&quot;sans-serif&quot;" lang="EN-US"><br>
          </span></p>
        <p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,&quot;sans-serif&quot;" lang="EN-US">Is there a specific reason there is no Client
            Attribute protocol mapper? </span><span style="font-family:&quot;Arial&quot;,&quot;sans-serif&quot;">Are
we
            doing something we shouldn&#39;t do? ;)</span></p>
        <p class="MsoNormal"><br>
          <span style="font-family:&quot;Arial&quot;,&quot;sans-serif&quot;"></span></p>
        <p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,&quot;sans-serif&quot;">Thanks,</span></p>
        <p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,&quot;sans-serif&quot;"><br>
          </span></p>
        <p class="MsoNormal"><span style="font-family:&quot;Arial&quot;,&quot;sans-serif&quot;">Bram
            Vonk<br>
          </span></p>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
    </blockquote>
    <br>
  </div>

<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div>