Hmm... I am not sure if this use-case is something generally useful. TBH
looks to me rather like something specific to your deployment.
You can create new provider (likely subclass of JWTClientAuthenticator)
and override things according to your needs - likely add the note to
clientSession or userSession (clientSession is more proper IMO as it's
specific to single client, but you will probably need to implement new
protocolMapper for clientSessions). Then create new protocol mapper for
propagate the info from clientSession/userSession to the token.
Hope this helps,
Marek
On 17/08/18 08:28, Billiet Tom wrote:
Hi,
I'm currently trying to create a Mapper for a client that uses "Signed JWT"
as the client authenticator. In the mapper I would like to access some fields from the JWT
token that's used to authenticate the client.
I cannot figure out a way to do so. I've tried to create a custom mapper that extends
AbstractOIDCProtocolMapper, but I don't seem to be able to access the client JWT token
anywhere.
When digging somewhat deeper, I think the JWTClientAuthenticator
(
https://github.com/keycloak/keycloak/blob/master/services/src/main/java/o...)
should expose this if I want to be able to use it later in a mapper. If the JsonWebToken
would be stored on the userSession note object that would be possible.
But that would require a feature request to have this exposed. Is there another way to
make this possible?
Thanks,
Tom
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user