[keycloak-dev] refresh_token request should trigger update of access token payload

Bill Burke bburke at redhat.com
Tue Sep 8 13:37:32 EDT 2015


You can do it now, its just that we don't have any documentation for it. 
  Here's a bunch of examples:

https://github.com/keycloak/keycloak/tree/master/services/src/main/java/org/keycloak/protocol/oidc/mappers

I'm not sure how you obtain or refresh an LTPA  token.  But these 
mappers are executed whenever a token is created.  You would define the 
mapper then configure it within the admin console.  In talking to you 
and others, we may need some callback on the UserFederationProvider too.





On 9/8/2015 11:34 AM, Mr. Graf wrote:
> Thank you.
> What does it mean for the moment? It’s not possible now?
> If so, are you sure now and is it already in the backlog? ;) No, seriously, will it get public and when?
>
>
>
>> Am 08.09.2015 um 14:18 schrieb Bill Burke <bburke at redhat.com>:
>>
>> You can write a ProtocolMapper.  We haven't made the SPI public yet and
>> weren't sure if we should.
>>
>> On 9/8/2015 3:18 AM, Mr. Graf wrote:
>>> Hey all,
>>> we are evaluating keycloak and run into an issue.
>>> We implemented a UserFederationProvider. This Provider authenticates let’s say old users and new users.
>>> „old“ users should receive an LTPA token within the payload of the access token. We used user attributes to achieve it. Fine so far.
>>> Our current issue is, that this LTPA token needs to be updated when a refresh_token request comes in and should be put into the „new“ access token too.
>>> Initially we tried to achieve it using the refresh_token event until we noticed that this is fired after the „new“ access token has been created, so too late.
>>>
>>> Does someone has a smart approach or an example how to add custom payload, to be retrieved from a legacy system, to the access token when refreshing it?
>>>
>>> Thanks in advance
>>> Thomas
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list