Re: [keycloak-user] Adding information from a 3rd party service into JWT token
This is not something we currently handle really well, but there should be
ways to achieve it.
A protocol mapper has the disadvantage that it is invoked every time a new
client authenticates or when a token is refreshed. It could have a
performance impact if you call out to an external REST API here.
An alternative would be to use a custom authenticator that would add the
information into the user session, you should then be able to use the
built-in user info mapper to add the claims from the user session into the
token.
On Wed, 22 May 2019 at 10:04, Michael Isvy <michael.isvy(a)gmail.com> wrote:
hi,
thanks a lot for the hard work on Keycloak! I've been using it for a few
days and have been quite impressed by the UI, features and level of
documentation.
I have a custom requirement. When users authenticate, in case of successful
authentication,I need to call a 3rd party API, collect additional
information and place it into my JWT token.
I am in the process of doing it by coding my own Mapper (extending
AbstractOIDCProtocolMapper). I was wondering if this is the correct way to
do it or if there is a simpler way to achieve my goal.
Regards,
Michael.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user