Authorization Code Flow and providing Custom claims?


I am trying to use the authorization code flow to get a token with custom claims. My flow is pretty simple right now its…

React App > Keycloak Login > Returns code to React App > React app sends to my backend > my backend requests the token from keycloak.

So its the last bit I am having problems with :frowning:

I would like to provide custom claims to Keycloak to include in the token that is returned. This way I am using 100% keycloak to managed tokens etc.

How can I do this ?

My alternative would be to create my own JWT and claims without involving keycloak - but this kind of the defeats the object - right ?

My FE app is react, My back app is nodejs.

So I think the only missing part i have is to be able to PUSH custom claims to keycloak when exchanging the CODE for a token, the token that would be returned would include my claims that I sent.

Can anyon help to validate my process and how I go about doing the above mentioned “providing custom claims to keycloak for including on the signed token”

Thanks in advance

Hi, I was wandering did you make it work? I am having a same task and I got stuck in the beginning, I am not sure even how to get started. Do I need keycloak adapter for React as well or I can just redirect user to keycloak login page?

This is an approach I like to see, and it stands with all of the requirements from the rfc.

It is quite hard to understand at first but it is not that hard to implement actually.

To be honest, from all of my investigation I never found a documentation about this approach so I decided to implement it my self.

Please check it out, it is a very simple app that has this flow.
Hope it helps, feel free to open an issue if needed.
An I would love to get some support

About the original question, Keycloak is full of options to make custom claims.

Check out client scopes, mappers, roles, groups.

I think you need mappers, so check about client mappers, user mappers, idp mapper, group mapper.

Really what ever you need.

Thank you @Cyben ! This actually looks pretty interesting, I will clone it and play around with it, so I can pick up the logic behind it.

1 Like