Update ID Token

simoncarbajal · March 11, 2024, 10:12am

When a user logs in (through Keycloak, with OpenID Connect using the authorization code flow), Keycloak creates an ID token and stores it as a JWT in a cookie.

Now, let’s suppose while the user is already logged in, he/she changes some data like his/her phone number which also happens to be stored in the ID Token.
This data is changed outside Keycloak and eventually changed in Keycloak’s database. After this update is performed, if the user logs out and logs in again, the ID token is updated with the new data (a phone number in this particular case).

Now, is there a way update the ID token with the new data, without requiring to logout and login again?

Thank you very much for your help!

embesozzi · March 11, 2024, 12:09pm

One easy solution could be to use the Refresh Token to obtain new tokens.

appsec_hero · March 11, 2024, 10:39pm

And you can also call the userinfo endpoint which will returns the updated claims about the authenticated user.
You can specify which claims will appear in the ID Token and/or the userinfo endpoint.

Topic		Replies	Views
ID Token won't change alg in Keycloak 17.0.1 client Securing applications authentication , oidc	0	369	April 20, 2022
Update JWT Claims with custom metadata at a later point after sign-in Getting advice	3	524	February 15, 2024
Can I set KEYCLOAK_IDENTITY cookie by myself Getting advice oidc	0	3323	November 13, 2019
Support for id_token_hint to avoid login flow again Getting advice oidc	2	1861	February 13, 2021
OAuth2 IDP instead of OIDC Configuring the server authentication , identity-brokering , oidc	1	1160	October 3, 2020

Update ID Token

Related Topics