[keycloak-user] Access Token and email address

Stian Thorgersen sthorger at redhat.com
Fri Dec 2 01:15:37 EST 2016


You can remove it on a per-client basis by changing protocol mappers for
the client. I think you can use a setting on the protocol mapper to make it
require a scope param to view it, but not 100% sure. At the very least
you'd be able to write a custom protocol mapper to do it.

In the future we plan better support for scope including the ability to
define custom scopes.

On 28 November 2016 at 12:59, Guus der Kinderen <guus.der.kinderen at gmail.com
> wrote:

> Hello,
>
> Is it possible to withhold the email address of a user from a token (unless
> a specific claim/role is granted)?
>
> Regards,
>
>   Guus
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list