Re: [keycloak-user] AUTHZ How can I provide custom attirbutes to JS policy?

I'm using authorization services to protect an API (written in node.js). I would like to use a custom javascript policy that gets information from the context to determine if a user has access or not. Here's an example: > var context = $evaluation.getContext(); > var contextAttributes = context.getAttributes(); > > var myCustomData = contextAttributes.getValue('myCustomData'); This works well when I'm testing the policy via the UI and using the "Contextual information" section of the evaluate page. Now I'm trying to figure out how to send that data when I'm doing an authz check from the API. In my API I'm using the "keycloak-connect" library and using the grant manager to send authz requests. Link to relevant code: https://github.com/keycloak/keycloak-nodejs-connect/blob/master/middlewar... My assumption is that I can add "myCustomData" to the claim_token for this request, and it would be made available in the contextAttribute. I'm following the examples to build the claim from these docs https://www.keycloak.org/docs/4.8/authorization_services/#_service_pushin... Whenever I try to add arbitrary data as a claim, even simple strings, I get errors from keycloak API that it can't find the bearer token. Just removing the claim_token makes the requests work. My two questions are: Is adding data as a claim the correct way to push data into the policy evaluation context? If so, why are my claims failing the requests? Thanks, Brandon Williams _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user