You can set some additional parameters to Authentication Request (the initial request from your app to the Keycloak) and every additional parameter will be then saved to the clientSession note like "client_request_param_foo" in case that name of your parameter is "foo" . Then you can create ProtocolMapper implementation, which will read the clientSession note and put the info as claim to the token. You can take a look at

org.keycloak.protocol.oidc.mappers.UserSessionNoteMapper for inspiration - the only difference is, that you will need to call clientSession.getNote instead of userSession.getNote.

Marek

On 11/07/16 18:45, Harry Trinta wrote:

I would like to save some notes about the app and/or the user in the token. For example, if the token is from a session that is being impersonated.

2016-07-07 17:27 GMT-03:00 Bruno Oliveira <bruno@abstractj.org>:

I don't think that's possible. What exactly would you like to do?

On 2016-07-07, Harry Trinta wrote:
> Hi,
>
> When authenticate through the API token ("*/openid-connect/token"), is
> possible to send a parameter (key/value) and this parameter be added to
> access_token?
>
> Regards,
>
> Harry

> _______________________________________________
> keycloak-user mailing list
> keycloak-user@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

--

abstractj
PGP: 0x84DC9914
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user