Role mapping from remote storage

nidaff · April 23, 2021, 3:11pm

Hello, i have a question
when i get JWT from remote storage it looks like this
{

“exp”: 1617964075,

“iat”: 1617963775,

“jti”: “c3ed8421-a489-41da-83bf-3b1ad6ce4130”,

“iss”: “http://localhost:8080/auth/realms/exadelproject”,

“sub”: “f:4d473fcc-ad73-4e52-a236-cad4787c2752:gry”,

“typ”: “Bearer”,

“azp”: “internship-app”,

“session_state”: “975c4e2b-cb7f-4355-a5f8-982a291cdb51”,

“acr”: “1”,

“scope”: “profile email”,

“email_verified”: false,

“preferred_username”: “gry”,

“email”: “f44eg@mail”

}

it does not have realm access claim
I need it for use user’s roles
How can i get user’s role from remote storage?

mqorom · April 25, 2021, 9:21am

Hi,
You need to enable "Full Scope Allowed " under that client as shown below

You can know which fields included in your jwt token from here:

nidaff · April 25, 2021, 5:10pm

Thanks for your answer
But i get this token from remote database, not keycloak
With keycloak database it work good
I think problem in my spi user provider when i mapping roles
Do you know how to solve it?

Topic		Replies	Views
How to inject Mapped Client Roles or Mapped Realm Roles via CustomUserStorageProvider Extending the server	1	1800	January 21, 2022
Add user's roles from external database to jwt token Getting advice	0	701	May 2, 2021
SPI Question: Missing Client from resource_access Securing applications	1	424	June 21, 2022
Missing realm roles in access token Getting advice oidc	1	3547	October 19, 2023
How to get user roles in access token Getting advice	5	25923	May 24, 2023

Role mapping from remote storage

Related Topics