<p dir="ltr">Is this for service accounts or clients in general?</p>
<div class="gmail_quote">On 14 Mar 2016 11:37, "Marek Posolda" <<a href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>We don't have a mapper for client
attributes. There was no need for it until now AFAIK. You can
either create JIRA to request it (but not sure when it will be
done) or you can implement by yourself. See docs for providers and
SPI [1]<br>
<br>
[1]
<a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.html" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.html</a><br>
<br>
Marek<br>
<br>
On 14/03/16 11:12, Bram Vonk wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"" lang="EN-US">Hi,</span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"" lang="EN-US"><br>
</span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"" lang="EN-US">We're adding specific User Attributes to Users,
and
use the User Attribute protocol mapper to add those
attributes to the JWT
bearer tokens the user gets when logging in. <br>
</span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"" lang="EN-US"><br>
</span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"" lang="EN-US">This works fine for keycloak Users
(natural persons) using our secured endpoints (APIs).</span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"" lang="EN-US"><br>
</span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"" lang="EN-US">We'd like to use the same concept for Clients
(internal applications, so no natural person is involved)
that use our secured
endpoints. These Clients use client credentials to get a
bearer token from Keycloak. Clients can
have Client Attributes, so that's half the problem fixed.
The other half is the
protocol mapper: there is no Client Attribute protocol
mapper.</span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"" lang="EN-US"><br>
</span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"" lang="EN-US">Is there a specific reason there is no Client
Attribute protocol mapper? </span><span style="font-family:"Arial","sans-serif"">Are
we
doing something we shouldn't do? ;)</span></p>
<p class="MsoNormal"><br>
<span style="font-family:"Arial","sans-serif""></span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"">Thanks,</span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif""><br>
</span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"">Bram
Vonk<br>
</span></p>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div>