[keycloak-user] configure keycloak nbf value in jwt token
Dmitry Telegin
dt at acutus.pro
Tue Jan 22 17:14:55 EST 2019
Hello Xiaoling,
Internally, Keycloak does track NBF value on the realm, client and user levels, but never propagates it to the tokens. It can only be seen as the "not-before-policy" property of the token response. Not sure if it's a bug, I hope Keycloak developers can tell more about it.
As a workaround, you can either:
- hardcode a non-zero value into the "nbf" claim, using Hardcoded Claim mapper in your client, or
- compute the value similarly to how it is done in TokenManager [1], using Script Mapper and setting it via the token.notBefore() method.
[1] https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java#L829
Good luck,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro
On Tue, 2019-01-22 at 17:20 +0000, Xiaoling Chen wrote:
> Hi,
> I am trying to use keycloak as our authentication server in the google cloud endpoints. But looks the google cloud endpoints required nbf > 0. In the jwt token I get from keycloak, the nbf is always 0. Is there a way I can configure the nbf value in the keycloak jwt token? I search the documentation and the internet but did not get any result.
>
> Thanks in advanced
> Xiaoling
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list