Re: [keycloak-user] Extract user roles from jwt auth token
Hi Irtiza,
In Keycloak, there are two types of roles: realm roles and client roles. In JWT, they are
mapped to realm_access and resource_access object, respectively.
So in your JWT example, resource_access lists client roles. Does the user have any realm
roles assigned? What version of Keycloak are you using?
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Mon, 2018-07-23 at 12:28 +0500, Irtiza Ali wrote:
I am using this endpoint:
XXXXXXXXXX/protocol/openid-connect/token
to authenticate the user. Once the user is authenticated a json(jwt) is
returned from keyclock.
Decoded jwt json:
{
"jti": "30d233b2-bba8-4f21-bc51-8c867cd5db8b",
"exp": 1532326409,
"nbf": 0,
"iat": 1532325509,
> "iss": "http://localhost:8080/auth/realms/nodejs-example",
"aud": "nodejs-connect",
"sub": "faf3fc64-b96b-4e3f-8e86-4fc727e20d31",
"typ": "Bearer",
"azp": "nodejs-connect",
"auth_time": 0,
"session_state": "736f9570-a3c8-4180-927e-15b5e0f63764",
"acr": "1",
"allowed-origins": [],
"resource_access": {
"account": {
"roles": [
"view-profile"
]
}
},
"name": "aaa bbb",
"preferred_username": "ali123",
"given_name": "aaa",
"family_name": "bbb",
> "email": "a123(a)yahoo.com"
}
How can I retrieve the user roles from that JWT token?
Thank you
Irtiza Ali
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user