You can write a ProtocolMapper. We haven't made the SPI public yet and
weren't sure if we should.
On 9/8/2015 3:18 AM, Mr. Graf wrote:
Hey all,
we are evaluating keycloak and run into an issue.
We implemented a UserFederationProvider. This Provider authenticates let’s say old users
and new users.
„old“ users should receive an LTPA token within the payload of the access token. We used
user attributes to achieve it. Fine so far.
Our current issue is, that this LTPA token needs to be updated when a refresh_token
request comes in and should be put into the „new“ access token too.
Initially we tried to achieve it using the refresh_token event until we noticed that this
is fired after the „new“ access token has been created, so too late.
Does someone has a smart approach or an example how to add custom payload, to be
retrieved from a legacy system, to the access token when refreshing it?
Thanks in advance
Thomas
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com