[keycloak-user] Getting auth request params in script mapper?

Gary Kennedy gary at apnic.net
Thu Mar 28 01:13:47 EDT 2019


Looking at the AuthorizationEndpoint class I notice that additional authorization request parameters are put in the authentication session client notes.
(https://github.com/keycloak/keycloak/blob/4.8.2.Final/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java#L379)

I would like to work with those request parameters in a (preferably script) mapper to put calculated claims into the access token however I can't seem to find them.

Does anyone have any ideas/thoughts on how I can use the authorization request parameters to put claims into tokens?
Preferably without code customisation/provider; but that's a restriction I can break if needed :)

I thought this would work, but the only note is the issuer ("iss").

    userSession.getAuthenticatedClientSessionByClient(keycloakSession.getContext().getClient().getId()).getNotes();

Cheers,
Gary

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3492 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20190328/87a41c2e/attachment.bin 


More information about the keycloak-user mailing list