Enrich access token with more data in user storage spi

viper · October 26, 2021, 1:43pm

We are trying to connect keycloak with an internal application that currently authenticates with a proprietary token. This token is used to search a database for user information. I want to have the flow look like:

User enters login info into login form
Keycloak custom spi calls our internal service and gets this proprietary token
spi uses that token to search the database and get user id
user id is added to keycloak access token and returned as part of the login

Is this possible? How would I go about doing this?

chriscurrie · October 30, 2021, 8:37pm

I have a similar request… Please let me know if you’ve managed to find an answer… it seems pretty quiet here

xgp · November 1, 2021, 7:52am

It is possible to add a mapper that calls an external API to add claims to the token. There is an example implementation here:

Topic		Replies	Views
Integrating user entitlements from proprietary dynamic data source Getting advice	1	403	September 28, 2021
OIDC with custom UserModel Extending the server oidc	5	4595	May 10, 2021
SPI or API to inject custom logics while validating refresh tokens Extending the server oidc	0	399	March 19, 2021
Keycloak Login and User Model with custom data from external REST API Getting advice authentication , user-federation , oidc	2	3945	April 28, 2022
Fetch Identity Provider token in protocol mapper Extending the server identity-brokering , oidc	1	420	January 12, 2023

Enrich access token with more data in user storage spi

Related Topics