[keycloak-user] Keycloak OIDC Id Token
Marek Posolda
mposolda at redhat.com
Mon Jan 16 15:10:25 EST 2017
On 16/01/17 20:23, Jari Kuusisto wrote:
> Hello there. I have a web application (war) deployed on Wildfly and it is
> protected by Keycloak. I am using Java/Wildfly adapter (not "keycloak.js)",
> and there is a KC client that uses Standard flow (OIDC): it is configured
> to use Access Type "public". The setup works just fine. But is it possible
> to retrieve and access the Id Token (JWT) from the client-side i.e.
> end-user browser in this case? Or is it available on server-side as a
> http-only cookie value? I planned to keep then JWT token short-lived and
> use it for secondary login on another website based on the claims in it,
> for example " 'login': 'allowed' " for "john.smith at example.com".
There is adapter option "expose-token", which allows to see the token on
the browser side. See docs for more details -
https://keycloak.gitbooks.io/securing-client-applications-guide/content/topics/oidc/java/java-adapter-config.html
>
> I also have configured protocol mappers for the client so that certain
> roles should be included i.e. mapped in the Id Token, but I can not see
> them there. Any ideas what could be wrong? KC version is 2.2.1.Final and WF
> version is 10. Thanks!
Depends how exactly you configured your protocol mappers and which
mappers you used. Also do your client have required scopes for roles of
other clients? You can also try to upgrade to latest release and see if
that helps.
Marek
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list