Access token info in templates?

edwint88 · July 4, 2022, 2:28pm

Is there a way to get the info from the access token in the tpl files? I cannot find this information. I would expect something like ${auth.token.aud??} for instance to work. Any pointers? thanks

xgp · July 4, 2022, 4:27pm

It looks like all templates have a common set of attributes set in the freemarker context. The code that does that is here: keycloak/FreeMarkerLoginFormsProvider.java at main · keycloak/keycloak · GitHub
I don’t see what you’re looking for in there.

edwint88 · July 4, 2022, 7:19pm

I’m actually trying to figure out how to read what error comes when an action token error happens. And in the token there is as typ: verify_email or reset_credentials that I’ll be able to react to that. Therefore my attempt to read from the token information. (auth it is wrong as I also guessed) Or is there a better way to do this?

xgp · July 4, 2022, 7:26pm

Doing that in the template is problematic, as you get limited functionality from freemarker. I’d suggest writing a custom authenticator where you get access to the full authentication context. Docs are here Server Developer Guide

edwint88 · July 4, 2022, 7:43pm

Right, that’s what I was trying to avoid and take the shortcut. I guess, there is no other way?
JS wouldn’t work? Somehow to read the URL and then unpack the info from there? (as the token is part of the URL at that point)

xgp · July 4, 2022, 7:46pm

I suppose it’s worth trying, but I don’t think you’ll get anyone here familiar with that way. IMHO, making an authenticator isn’t too hard. Two classes, and a file to get the service discovered. And people here can help you with that approach.

edwint88 · July 4, 2022, 9:00pm

It’s not about that, I’ve created that already. I was just curious to find another way and it seemed easier to modify just 1 tpl than to go on and create the 2 files in a jar. But thanks!

edwint88 · July 5, 2022, 11:08am

You can add this to the tpl (just in case you want to see something in the token, DON’T USE FOR VERIFICATION or TRUST this!) - In my case I want to show another message, so even if you give another token that will not bother me too much.

        <script type="text/javascript">
            const str = window.location.href.split('action-token?key=').at(1).split('&client').at(0).split('.').at(1);
            const tokenIdA2B = str.replace(/-/g, '+').replace(/_/g, '/');
            const tokenId = JSON.parse(decodeURIComponent(window.atob(tokenIdA2B)));
            console.log(tokenId.typ);
        </script>

Topic		Replies	Views
Accessing password policy from password reset template Getting advice	0	309	May 10, 2021
Use cases for Action Tokens vs Authenticator's actionURL Getting advice authentication	0	810	May 2, 2021
Access token from Browser flow Getting advice	0	473	December 5, 2022
Resolving authenticators used	0	357	September 22, 2020
Run JavaScript code after Keycloak Freemarker Theme successful login Getting advice	3	1263	February 12, 2021

Access token info in templates?

Related Topics