Add customized/build in claims into JWT while using keycloak as standalone

In our design, we plan to use keycloak only for user profile management and authentication. We will NOT use keycloak to secure our application , nor to do permission enforcement.

One use case will be

  1. User login to keycloak using their own credential. Now I try use the below curl cmd:

    curl
    -d “client_id=admin-cli”
    -d “username=bubu”
    -d “password=pw0”
    -d “grant_type=password”
    http://localhost:8080/auth/realms/demo/protocol/openid-connect/token

Then I can get two token : access_token and refresh_token.
I think it is obvious that access_token can be attached with the following requests to access our other application.

  1. After our application get the request with the access_token, the application need to validate the token in order to secure the resource. In this case, we plan to add some custom claims and build-in claim (client-roles) for validation and permissions.

I did some investigation and see adding claim into JWT seems only be supported in registered client (mapper).
In this case, I have two questions:

  1. Is that possible to add customized/build in claims into access JWT without for a specific client?
  2. If the answer for question 1 is No. Then we have to register our application as a client. Then configure it under tab mapper. In this case, what rest API I can use to get the JWT for this client ?
    Is that possible to give a curl example ?

Thanks in advance.

Anyone has idea? Thanks.

Hi,

Creating a new Client Scope, adding your desired mappers to this scope and setting this scope as default for all clients may probably do what you want.

Regards
Matthias

1 Like

Thank you very much.