[keycloak-user] Extract user roles from jwt auth token
Dmitry Telegin
dt at acutus.pro
Tue Jul 31 00:01:56 EDT 2018
Hi Irtiza,
In Keycloak, there are two types of roles: realm roles and client roles. In JWT, they are mapped to realm_access and resource_access object, respectively.
So in your JWT example, resource_access lists client roles. Does the user have any realm roles assigned? What version of Keycloak are you using?
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro
On Mon, 2018-07-23 at 12:28 +0500, Irtiza Ali wrote:
> I am using this endpoint:
>
> XXXXXXXXXX/protocol/openid-connect/token
>
> to authenticate the user. Once the user is authenticated a json(jwt) is
> returned from keyclock.
>
> Decoded jwt json:
>
> {
> "jti": "30d233b2-bba8-4f21-bc51-8c867cd5db8b",
> "exp": 1532326409,
> "nbf": 0,
> "iat": 1532325509,
> > "iss": "http://localhost:8080/auth/realms/nodejs-example",
> "aud": "nodejs-connect",
> "sub": "faf3fc64-b96b-4e3f-8e86-4fc727e20d31",
> "typ": "Bearer",
> "azp": "nodejs-connect",
> "auth_time": 0,
> "session_state": "736f9570-a3c8-4180-927e-15b5e0f63764",
> "acr": "1",
> "allowed-origins": [],
> "resource_access": {
> "account": {
> "roles": [
> "view-profile"
> ]
> }
> },
> "name": "aaa bbb",
> "preferred_username": "ali123",
> "given_name": "aaa",
> "family_name": "bbb",
> > "email": "a123 at yahoo.com"
> }
>
> How can I retrieve the user roles from that JWT token?
>
> Thank you
>
> Irtiza Ali
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list