[keycloak-user] Add dynamically resolved token claim
Vagelis Savvas
vagelis.savvas at gmail.com
Sun Jan 13 05:29:43 EST 2019
Hello,
I have an authenticator script and a mapper script and I would like to
attach a piece of information
during login in the authenticator script then retrieve it in the mapper
script and set it as a token claim.
(background: this piece of information originates from an extra input
field of a custom login page and
I want it to appear in the user's access token in order to differentiate
users based on it).
So, I can't use the user object to attach my info because its not fully
reliable.
What would work best is to use an object that is unique per
authentication session and available in both scripts.
The user object is both unique and available but is also a singleton.
Thus I've tried via keycloakSession.setAttribute('myInfo', value) in
auth script and then keycloakSession.getAttribute('myInfo')
in mapper script but it doesn't work (why isn't the keycloakSession
object the same in the two scripts?).
I've also tried in auth script
authenticationSession.setUserSessionNote('myInfo',value) and then
userSession.getNote('myInfo')
in mapper script but it doesn't work as well.
Any further ideas on how to solve this in a reliable way?
Cheers,
Vagelis
More information about the keycloak-user
mailing list