[keycloak-user] Missing claims from custom scope
James Mitchell
jamesm at suitebox.com
Mon Oct 21 19:58:05 EDT 2019
After more investigation, I find that the problem I have is NOT missing
claims because the scope mappers don't work. I have found that the mappers
are fine for hard coded values, and for simple things like email and name.
My problem is that the claims I want to map are attributes on my custom
user adapter object, and they are not available on the usermodel that the
token exchange is using - I suspect that this is a cache issue - the
usermodel is taken from the cache and it is a normal usermodel, not my
custom class, so my attributes are not visible.
I'll stop this thread and start a new question about custom attributes in
the cached user model.
----
*James Mitchell*
Developer
e: jamesm at suitebox.com
w: www.suitebox.com
*SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
On Mon, 21 Oct 2019 at 16:41, James Mitchell <jamesm at suitebox.com> wrote:
> sorry - that should be "it is using the direct "naked grant" to request a
> token on behalf of a user." I am using a direct naked grant.
>
> Is there another way to get my claims added to the JWT?
>
>
> ----
>
> *James Mitchell*
>
> Developer
>
> e: jamesm at suitebox.com
>
> w: www.suitebox.com
>
>
> *SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
>
>
> On Fri, 18 Oct 2019 at 13:04, James Mitchell <jamesm at suitebox.com> wrote:
>
>> I have some custom claims which are added to the access token at login.
>> This is working fine, verified the token has the claims etc...
>>
>> Today I have added user impersonation to the client app - it is not using
>> the direct "naked grant" to request a token on behalf of a user.
>>
>> I get a valid token back, but it is missing the claims from the custom
>> client scope.
>>
>> I have tried with, and without adding a scope to the request, and also
>> adding the client scope as default for the realm and the client - but the
>> claims are still not added to the token.
>>
>> Suggestions?
>>
>> Thanks,
>> James
>>
>>
>> ----
>>
>> *James Mitchell*
>>
>> Developer
>>
>> e: jamesm at suitebox.com
>>
>> w: www.suitebox.com
>>
>>
>> *SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
>>
>
More information about the keycloak-user
mailing list