[keycloak-user] customizing OIDC refresh token flow
Ori Doolman
Ori.Doolman at amdocs.com
Wed Jul 4 07:47:54 EDT 2018
Hi,
I'm looking for a way to customize the OIDC token endpoint:
In OICD code flow, when getting a new access token using a refresh token, I want to call an external system and update a user attribute, such that the attribute value will be mapped to an attribute of the returned JWT access token.
I think the relevant source code is here, but I didn't see a way to customize it using an SPI:
https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
The reason I need it is because we are working with an external identity provider, which returns an access token to us which is valid for only 15 minutes.
The external access token is mapped to our JWT once the user logs in (we customized the authentication flow).
Now I need a way that my JWT will always contain a valid external access token.
Therefore, I thought we can fetch a new external access token every time we refresh our JWT.
Or is there a better way to accomplish that?
Thanks,
Ori Doolman
Lead Software Architect
Amdocs Optima
This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement,
you may review at https://www.amdocs.com/about/email-disclaimer <https://www.amdocs.com/about/email-disclaimer>
More information about the keycloak-user
mailing list