8:07 a.m.
Hi Irtiza,
On Tue, 2018-07-31 at 11:00 +0500, Irtiza Ali wrote:
Thank you, Dmitry for the response,
1) Yes, I have assigned admin and client roles to the user.
2) My keycloak version is 4.0.0
I have resolved this issue thanks for the help
You're welcome! Just FYI: the behavior has changed after 3.2.0, so that realm_access
is no longer included in JWT by default. It has to be configured explicitly.
Good luck!
Dmitry
IA
> On Tue, Jul 31, 2018 at 9:01 AM, Dmitry Telegin <dt(a)acutus.pro> wrote:
> Hi Irtiza,
>
> In Keycloak, there are two types of roles: realm roles and client roles. In JWT,
they are mapped to realm_access and resource_access object, respectively.
>
> So in your JWT example, resource_access lists client roles. Does the user have any
realm roles assigned? What version of Keycloak are you using?
>
> Cheers,
> Dmitry Telegin
> CTO, Acutus s.r.o.
> Keycloak Consulting and Training
>
> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> +42 (022) 888-30-71
> E-mail: info(a)acutus.pro
>
> On Mon, 2018-07-23 at 12:28 +0500, Irtiza Ali wrote:
> > I am using this endpoint:
> >
> > XXXXXXXXXX/protocol/openid-connect/token
> >
> > to authenticate the user. Once the user is authenticated a json(jwt) is
> > returned from keyclock.
> >
> > Decoded jwt json:
> >
> > {
> > "jti": "30d233b2-bba8-4f21-bc51-8c867cd5db8b",
> > "exp": 1532326409,
> > "nbf": 0,
> > "iat": 1532325509,
> > > > > "iss":
"http://localhost:8080/auth/realms/nodejs-example",
> > "aud": "nodejs-connect",
> > "sub": "faf3fc64-b96b-4e3f-8e86-4fc727e20d31",
> > "typ": "Bearer",
> > "azp": "nodejs-connect",
> > "auth_time": 0,
> > "session_state": "736f9570-a3c8-4180-927e-15b5e0f63764",
> > "acr": "1",
> > "allowed-origins": [],
> > "resource_access": {
> > "account": {
> > "roles": [
> > "view-profile"
> > ]
> > }
> > },
> > "name": "aaa bbb",
> > "preferred_username": "ali123",
> > "given_name": "aaa",
> > "family_name": "bbb",
> > > > > "email": "a123(a)yahoo.com"
> > }
> >
> > How can I retrieve the user roles from that JWT token?
> >
> > Thank you
> >
> > Irtiza Ali
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>