Turns out this does work, quite nicely too, and the issue stems from me using direct
grants against the token endpoint during experimentation - derp. ie, I wasn't using
the authorization endpoint.
Cheers,
Gary
On 28 Mar 2019, at 3:13 pm, Gary Kennedy <gary(a)apnic.net>
wrote:
Looking at the AuthorizationEndpoint class I notice that additional authorization request
parameters are put in the authentication session client notes.
(
https://github.com/keycloak/keycloak/blob/4.8.2.Final/services/src/main/j...)
I would like to work with those request parameters in a (preferably script) mapper to put
calculated claims into the access token however I can't seem to find them.
Does anyone have any ideas/thoughts on how I can use the authorization request parameters
to put claims into tokens?
Preferably without code customisation/provider; but that's a restriction I can break
if needed :)
I thought this would work, but the only note is the issuer ("iss").
userSession.getAuthenticatedClientSessionByClient(keycloakSession.getContext().getClient().getId()).getNotes();
Cheers,
Gary