Customize token Claims

Remember that user entities in the platform have an optional attribute called extraFields, where you can put a JSON value with custom information.

This attribute can be used to enhance the JWT token (aka token claims).

For example, suppose that we have a user with the following information:

{
  "username": "developer",
  "mail": "developer@onesaitplatform.com",
  "fullName": "A Developer of the Platform.",
  "role": "ROLE_DEVELOPER",
  "created": "19/05/2021",
  "updated": "27/05/2021",
  "active": true,
  "extraFields": "{\"organization\":\"myorganization\",\"postalCode\":28080,\"affiliations\":{\"soccer\":\"Real Madrid\"}}"
}

Organization, postalCode and affiliations can be released in the JWT claims.

To do so, head to the Keycloak administration console (i.e. https://{DNS}/auth ), log in as an administrator user, and go to the realm’s configuration → client scopes → openid

Now go to mappers and click on “create”.

Fill the form with the attribute name, in this case “organization”, and select JSON as Claim JSON Type:

Repeat the process for the remaining attributes.

Now, when the token is generated for every user, the IM will try to load these claims if present on the extraFields user’s attribute.

Onesait Platform Enterprise Docs

Features | Open Source | Releases | Docs | Try us free | Blog | Product

Customize token Claims

Analytics

Related content