You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
User attributes are a first class citizen.
They have their own tab on the user view of the admin portal and they have a mapper so they can be included in tokens.
Clients attributes are second class citizens.
They do NOT have their own tab and must be managed through the Admin API, and they can't be mapped to be included in tokens.
I own a public API and use Keycloack to provide authentication and authorization.
I register all consumers of my API as client with only service account enabled so they can get tokens and call my API.
I'm adding some metadata to each client to be included in the token so my API has more information.
Standard use case, just as you would do for a user, but a client.
Details
No response
The text was updated successfully, but these errors were encountered:
@juanjoDiaz Did you find a solution for this? We have the same requirements. In legacy Keycloak we managed to implement this via a extension of the admin templates to include a field to manage the client attribute and a javascript token mapper to map that attribute to the token.
in the new Keycloak it is also possible to extend the admin UI to allow managing custom client attributes but I haven't found a way to access the custom attributes in the Java Token Mapper.
Description
User attributes are a first class citizen.
They have their own tab on the user view of the admin portal and they have a mapper so they can be included in tokens.
Clients attributes are second class citizens.
They do NOT have their own tab and must be managed through the Admin API, and they can't be mapped to be included in tokens.
I propose to bring parity to these two.
It doesn't seem like this is a new idea. Someone already asked for this a few years ago: https://lists.jboss.org/pipermail/keycloak-user/2016-March/005447.html
Discussion
No response
Motivation
I own a public API and use Keycloack to provide authentication and authorization.
I register all consumers of my API as client with only service account enabled so they can get tokens and call my API.
I'm adding some metadata to each client to be included in the token so my API has more information.
Standard use case, just as you would do for a user, but a client.
Details
No response
The text was updated successfully, but these errors were encountered: