[keycloak-user] Passing information from custom Authenticator to a Token

[Marek Posolda]

+1

I would use same approach based on "User Session Notes" with the usecase 
like yours :)

Marek

On 21/04/17 14:08, Thomas Darimont wrote:
> Thanks for your reply :)
>
> I think (ab)using user attributes for storing temporary data is not a good
> idea, e.g. one would need to take care to clear that information etc.
>
> I'm currently using
>     context.getClientSession().setUserSessionNote("key","value");
> in combination with a user protocol mapper for "user session note".
>
> Cheers,
> Thomas
>
> 2017-04-21 13:40 GMT+02:00 Король Илья <llivezking at gmail.com>:
>
>> First thing that came to my head is to populate required data to
>> attributes of UserModel and use mappers to map attr to AT claim, but
>> your way also look interesting and i don't see any problems here.
>>
>>
>> 21.04.2017 8:32, Thomas Darimont пишет:
>>> Hello group,
>>>
>>> I need to pass some information form a custom Authenticator to the
>>> IDToken/AccessToken.
>>> One way I found to do that is by using UserSessionNotes and a "User
>> Session
>>> Note"
>>> Protocol Mapper defined in a client template which is shared by all
>> clients.
>>> public void authenticate(AuthenticationFlowContext context) {
>>>      ...
>>>
>>>    context.getClientSession().getUserSessionNotes().put("
>> someKey","someValue");
>>>      ...
>>> }
>>>
>>> is this the intended way to do this sort of things?
>>>
>>> Cheers,
>>> Thomas
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user