[keycloak-user] Extract user roles from jwt auth token
Dmitry Telegin
dt at acutus.pro
Tue Jul 31 02:07:33 EDT 2018
Hi Irtiza,
On Tue, 2018-07-31 at 11:00 +0500, Irtiza Ali wrote:
> Thank you, Dmitry for the response,
>
> 1) Yes, I have assigned admin and client roles to the user.
> 2) My keycloak version is 4.0.0
>
> I have resolved this issue thanks for the help
You're welcome! Just FYI: the behavior has changed after 3.2.0, so that realm_access is no longer included in JWT by default. It has to be configured explicitly.
Good luck!
Dmitry
>
> IA
>
>
>
> > On Tue, Jul 31, 2018 at 9:01 AM, Dmitry Telegin <dt at acutus.pro> wrote:
> > Hi Irtiza,
> >
> > In Keycloak, there are two types of roles: realm roles and client roles. In JWT, they are mapped to realm_access and resource_access object, respectively.
> >
> > So in your JWT example, resource_access lists client roles. Does the user have any realm roles assigned? What version of Keycloak are you using?
> >
> > Cheers,
> > Dmitry Telegin
> > CTO, Acutus s.r.o.
> > Keycloak Consulting and Training
> >
> > Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> > +42 (022) 888-30-71
> > E-mail: info at acutus.pro
> >
> > On Mon, 2018-07-23 at 12:28 +0500, Irtiza Ali wrote:
> > > I am using this endpoint:
> > >
> > > XXXXXXXXXX/protocol/openid-connect/token
> > >
> > > to authenticate the user. Once the user is authenticated a json(jwt) is
> > > returned from keyclock.
> > >
> > > Decoded jwt json:
> > >
> > > {
> > > "jti": "30d233b2-bba8-4f21-bc51-8c867cd5db8b",
> > > "exp": 1532326409,
> > > "nbf": 0,
> > > "iat": 1532325509,
> > > > > > "iss": "http://localhost:8080/auth/realms/nodejs-example",
> > > "aud": "nodejs-connect",
> > > "sub": "faf3fc64-b96b-4e3f-8e86-4fc727e20d31",
> > > "typ": "Bearer",
> > > "azp": "nodejs-connect",
> > > "auth_time": 0,
> > > "session_state": "736f9570-a3c8-4180-927e-15b5e0f63764",
> > > "acr": "1",
> > > "allowed-origins": [],
> > > "resource_access": {
> > > "account": {
> > > "roles": [
> > > "view-profile"
> > > ]
> > > }
> > > },
> > > "name": "aaa bbb",
> > > "preferred_username": "ali123",
> > > "given_name": "aaa",
> > > "family_name": "bbb",
> > > > > > "email": "a123 at yahoo.com"
> > > }
> > >
> > > How can I retrieve the user roles from that JWT token?
> > >
> > > Thank you
> > >
> > > Irtiza Ali
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
>
More information about the keycloak-user
mailing list