[keycloak-user] Adding information from a 3rd party service into JWT token

Stian Thorgersen sthorger at redhat.com
Thu May 23 03:35:05 EDT 2019


This is not something we currently handle really well, but there should be
ways to achieve it.

A protocol mapper has the disadvantage that it is invoked every time a new
client authenticates or when a token is refreshed. It could have a
performance impact if you call out to an external REST API here.

An alternative would be to use a custom authenticator that would add the
information into the user session, you should then be able to use the
built-in user info mapper to add the claims from the user session into the
token.

On Wed, 22 May 2019 at 10:04, Michael Isvy <michael.isvy at gmail.com> wrote:

> hi,
> thanks a lot for the hard work on Keycloak! I've been using it for a few
> days and have been quite impressed by the UI, features and level of
> documentation.
>
> I have a custom requirement. When users authenticate, in case of successful
> authentication,I need to call a 3rd party API, collect additional
> information and place it into my JWT token.
>
> I am in the process of doing it by coding my own Mapper (extending
> AbstractOIDCProtocolMapper). I was wondering if this is the correct way to
> do it or if there is a simpler way to achieve my goal.
>
> Regards,
> Michael.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list