Custom AccessTokenResponse attributes

Is it possible to customize the AccessTokenResponse? I’d like to add additional attributes. Ideally I’d like to make this work in conjunction with my custom Authenticator implementation.

{
“access_token”:“GDJSJGDSKHFDSKJGFJSKFHDKGHFS”,
“token_type”:“bearer”,
“expires_in”:3600,
“id_token”:“GDJSJGDSKHFDSKJGFJSKFHDKGHFS”,
“refresh_token”:“GDJSJGDSKHFDSKJGFJSKFHDKGHFS”,
“scope”:“create”,

“MyCustomAttribute1”:“MyValue1”,
“MyCustomAttribute2”:“MyValue2”
}

I assume somehow these attributes are dynamic, and not configured into your user.

Assuming that, if you have your own Authentication plugin then you can put any value into the User Session note:
context.getAuthenticationSession().setUserSessionNote(YOUR_KEY, yourValue);

From there you can then set a session note mapper on your realm, or client, which will provide the value

1 Like

I am currently putting values into the user session notes using a custom authentication plugin, and in the admin UI I am using a script mapper to fetch those user session notes and put them into the access token (the token identified by “access_token”.) That it working fine. It’s the parent JSON response object from Keycloak that I want to add attributes to. The parent object contains attributes “access_token”, “token_type”, “expires_in”, “id_token”, “refresh_token”, and “scope”. I would like to add some additional attributes.

1 Like