Access token info in templates?

Is there a way to get the info from the access token in the tpl files? I cannot find this information. I would expect something like ${auth.token.aud??} for instance to work. Any pointers? thanks

It looks like all templates have a common set of attributes set in the freemarker context. The code that does that is here: keycloak/ at main · keycloak/keycloak · GitHub
I don’t see what you’re looking for in there.

I’m actually trying to figure out how to read what error comes when an action token error happens. And in the token there is as typ: verify_email or reset_credentials that I’ll be able to react to that. Therefore my attempt to read from the token information. (auth it is wrong as I also guessed) Or is there a better way to do this?

Doing that in the template is problematic, as you get limited functionality from freemarker. I’d suggest writing a custom authenticator where you get access to the full authentication context. Docs are here Server Developer Guide

Right, that’s what I was trying to avoid and take the shortcut. I guess, there is no other way?
JS wouldn’t work? Somehow to read the URL and then unpack the info from there? (as the token is part of the URL at that point)

I suppose it’s worth trying, but I don’t think you’ll get anyone here familiar with that way. IMHO, making an authenticator isn’t too hard. Two classes, and a file to get the service discovered. And people here can help you with that approach.

It’s not about that, I’ve created that already. I was just curious to find another way :wink: and it seemed easier to modify just 1 tpl than to go on and create the 2 files in a jar. But thanks!

You can add this to the tpl (just in case you want to see something in the token, DON’T USE FOR VERIFICATION or TRUST this!) - In my case I want to show another message, so even if you give another token that will not bother me too much.

        <script type="text/javascript">
            const str = window.location.href.split('action-token?key=').at(1).split('&client').at(0).split('.').at(1);
            const tokenIdA2B = str.replace(/-/g, '+').replace(/_/g, '/');
            const tokenId = JSON.parse(decodeURIComponent(window.atob(tokenIdA2B)));