Custom Mapper: Inclusion in Access Token not working until Profile Updated

Hi there,

I’m developing a custom registration and login workflow with Keycloak 15.0.2, and I also use a custom User Provider in my context.

I’ve created a Client Scope with two Mappers inside, mapping two User Attributes (of type String). Both should be included in the Access Token and User Info.

Here is my problem:

  • When Users are registered, I can see them in my users database in Keycloak, and they have indeed the two custom attributes (visible in the ‘Attributes’ Tab).
  • However, in the Clients → Client Scopes → Evaluate menu, when I evaluate one user, my two custom attributes do not appear.
  • I realized that, when I update one user through the Admin → Users menu, but just changing one property (or even none), and click on “Save” to update the profile, if I restart the previous step, both mappers now appears in the Access Token!

It’s like the “update” operation on the user had something to do with the way access tokens are generated.

Any idea of what I’m missing?
It seems that updating the profile manually did the trick, but I can’t figure out why.

Thanks a lot for any help :slight_smile:

1 Like

I stumbled across this problem as well and created an issue for it.
Do you have your UserStorageProvider’s Cache Policy set to NO_CACHE? I found setting it to DEFAULT solves this issue, however doing this has its own implications.