[keycloak-user] Additional attributes for an authorization request

Pedro Igor Silva psilva at redhat.com
Fri Feb 3 12:26:46 EST 2017


Hi Scott,

You can't pass additional attributes along with an authorization request.
However, that is something we want to support on future versions.

Right now, the information you get is basically what is in an access token.
So whatever you push as a claim (e.g.: using mappers) it will be available
to your policies.

That is an important addition to our API in order to push more context to
policies, as you are requesting.

One thing to keep in mind is that we can't blindly trust authorization
requests from clients are they can be easily manipulated. What type of
client are you using ?

Another question, what are you missing in the Evaluation API ? Is there
anything we can provide OOTB ?

Regards.
Pedro Igor

On Thu, Feb 2, 2017 at 2:18 PM, Scott Elliott <scottpelliott at gmail.com>
wrote:

> Would therebe any way to pass additional attributes (say, something from a
> REST API call's headers or body) to an authorization request, and access it
> in a Javascript or rules based policy? I see that what is available in the
> Evaluation API currently is pretty limited.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list