[keycloak-user] Getting auth request params in script mapper?

Gary Kennedy gary at apnic.net
Mon Apr 1 19:15:27 EDT 2019


Turns out this does work, quite nicely too, and the issue stems from me using direct grants against the token endpoint during experimentation - derp. ie, I wasn't using the authorization endpoint.

Cheers,
Gary

> On 28 Mar 2019, at 3:13 pm, Gary Kennedy <gary at apnic.net> wrote:
> 
> Looking at the AuthorizationEndpoint class I notice that additional authorization request parameters are put in the authentication session client notes.
> (https://github.com/keycloak/keycloak/blob/4.8.2.Final/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java#L379)
> 
> I would like to work with those request parameters in a (preferably script) mapper to put calculated claims into the access token however I can't seem to find them.
> 
> Does anyone have any ideas/thoughts on how I can use the authorization request parameters to put claims into tokens?
> Preferably without code customisation/provider; but that's a restriction I can break if needed :)
> 
> I thought this would work, but the only note is the issuer ("iss").
> 
>    userSession.getAuthenticatedClientSessionByClient(keycloakSession.getContext().getClient().getId()).getNotes();
> 
> Cheers,
> Gary

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3492 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20190401/ee5067b9/attachment.bin 


More information about the keycloak-user mailing list