Extract payload data from the received access token and store in Keycloak

Hi, I have information in an OIDC provider’s payload that I need to store and reference from within Keycloak. Currently, I’m losing this information as the token that is returned to the application is from Keycloak and not the OIDC IDP.

How could I pull out the ‘vot’ (vectors of trust) within the IDP’s payload, store them in Keycloak against the user and also return them within the token returned from Keycloak? Ideally this needs to happen immediately after the login is successful with the IDP and the token is received into Keycloak.


Here’s an example of the Payload data within the body of the token. I’d wish to obtain the “vot” data.

   "iss": "https://auth.login.nhs.uk/",
   "vot": "P5.Cp.Cd",
   "vtm": "https://auth.login.nhs.uk/trustmark/login.nhs.uk"}


This turned out to be trivial.

I just needed to select my identity provider and create an attribute mapper.

Then, the attribute appeared within ‘attributes’ setting for that newly created user.

1 Like