[keycloak-user] Passing information from custom Authenticator to a Token
Thomas Darimont
thomas.darimont at googlemail.com
Fri Apr 21 08:08:15 EDT 2017
Thanks for your reply :)
I think (ab)using user attributes for storing temporary data is not a good
idea, e.g. one would need to take care to clear that information etc.
I'm currently using
context.getClientSession().setUserSessionNote("key","value");
in combination with a user protocol mapper for "user session note".
Cheers,
Thomas
2017-04-21 13:40 GMT+02:00 Король Илья <llivezking at gmail.com>:
> First thing that came to my head is to populate required data to
> attributes of UserModel and use mappers to map attr to AT claim, but
> your way also look interesting and i don't see any problems here.
>
>
> 21.04.2017 8:32, Thomas Darimont пишет:
> > Hello group,
> >
> > I need to pass some information form a custom Authenticator to the
> > IDToken/AccessToken.
> > One way I found to do that is by using UserSessionNotes and a "User
> Session
> > Note"
> > Protocol Mapper defined in a client template which is shared by all
> clients.
> >
> > public void authenticate(AuthenticationFlowContext context) {
> > ...
> >
> > context.getClientSession().getUserSessionNotes().put("
> someKey","someValue");
> > ...
> > }
> >
> > is this the intended way to do this sort of things?
> >
> > Cheers,
> > Thomas
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list