Re: [keycloak-user] Extract user roles from jwt auth token
Thank you, Dmitry for the response,
1) Yes, I have assigned admin and client roles to the user.
2) My keycloak version is 4.0.0
I have resolved this issue thanks for the help
IA
On Tue, Jul 31, 2018 at 9:01 AM, Dmitry Telegin <dt(a)acutus.pro> wrote:
Hi Irtiza,
In Keycloak, there are two types of roles: realm roles and client roles.
In JWT, they are mapped to realm_access and resource_access object,
respectively.
So in your JWT example, resource_access lists client roles. Does the user
have any realm roles assigned? What version of Keycloak are you using?
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Mon, 2018-07-23 at 12:28 +0500, Irtiza Ali wrote:
> I am using this endpoint:
>
> XXXXXXXXXX/protocol/openid-connect/token
>
> to authenticate the user. Once the user is authenticated a json(jwt) is
> returned from keyclock.
>
> Decoded jwt json:
>
> {
> "jti": "30d233b2-bba8-4f21-bc51-8c867cd5db8b",
> "exp": 1532326409,
> "nbf": 0,
> "iat": 1532325509,
> > "iss":
"http://localhost:8080/auth/realms/nodejs-example",
> "aud": "nodejs-connect",
> "sub": "faf3fc64-b96b-4e3f-8e86-4fc727e20d31",
> "typ": "Bearer",
> "azp": "nodejs-connect",
> "auth_time": 0,
> "session_state": "736f9570-a3c8-4180-927e-15b5e0f63764",
> "acr": "1",
> "allowed-origins": [],
> "resource_access": {
> "account": {
> "roles": [
> "view-profile"
> ]
> }
> },
> "name": "aaa bbb",
> "preferred_username": "ali123",
> "given_name": "aaa",
> "family_name": "bbb",
> > "email": "a123(a)yahoo.com"
> }
>
> How can I retrieve the user roles from that JWT token?
>
> Thank you
>
> Irtiza Ali
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user