[keycloak-user] retrieving custom user attributes

Arjan Lamers a.lamers at first8.nl
Thu Oct 1 10:17:50 EDT 2015


Well, as far as I can see, the unmarshalled AccessToken does not contain
any custom attributes. I would expect something like a Map<String,Object>
where you can access additional attributes.
Just to be clear: the custom attribute I configured does appear in the JWT
token, I am simply searching for an easy way to access them from Java.
There is an 'otherClaims' in the JsonWebToken, should they appear there?
(They don't).

Kind regards,
Arjan Lamers

> What do you want for an interface?  KeycloakSecurityContext has the
> unmarshalled IDToken and AccessToken.
> KeycloakPrincipal.getKeycloakSecurityContext().getToken()
> On 9/30/2015 11:12 AM, Arjan Lamers wrote:
> > Hi,
> >
> > I am trying to find an easy way to access custom attributes as defined
> > for a client. For a Keycloak client, I?ve defined a new Mapper for a
> > /user attribute/ to store some additional authorisation data. This then
> > is managed by some user domain that uses the keycloak-admin-client to
> > write that property.
> >
> > The problem arises when I want to access that property in an JEE
> > application.The way I do it right now to use the KeycloakPrincipal found
> > in the javax.ejb.SessionContext. From there, I get the JWT token as a
> > String, deserialize the JSON and access the custom attribute from there.
> > This feels like a very roundabout way to get to the token but somehow I
> > am not able to find an easier way. Is it a missing feature or is it
> > simply too close to the weekend for me ;)?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151001/a55fd882/attachment.html 

More information about the keycloak-user mailing list