[keycloak-dev] refresh_token request should trigger update of access token payload

Bill Burke bburke at redhat.com
Tue Sep 8 08:18:41 EDT 2015


You can write a ProtocolMapper.  We haven't made the SPI public yet and 
weren't sure if we should.

On 9/8/2015 3:18 AM, Mr. Graf wrote:
> Hey all,
> we are evaluating keycloak and run into an issue.
> We implemented a UserFederationProvider. This Provider authenticates let’s say old users and new users.
> „old“ users should receive an LTPA token within the payload of the access token. We used user attributes to achieve it. Fine so far.
> Our current issue is, that this LTPA token needs to be updated when a refresh_token request comes in and should be put into the „new“ access token too.
> Initially we tried to achieve it using the refresh_token event until we noticed that this is fired after the „new“ access token has been created, so too late.
>
> Does someone has a smart approach or an example how to add custom payload, to be retrieved from a legacy system, to the access token when refreshing it?
>
> Thanks in advance
> Thomas
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list