Skip to content

amiv1/keycloak-custom-scopes-extension

BranchesTags

Repository files navigation

keycloak-custom-scopes-extension

This extension provides a custom mapper which overrides the default "scope" access token JWT claim.

The mapper takes the following "scope" value:

"scope": "foo bar"

And transforms it into Array type:

"scope": ["foo", "bar"]

Run playground using Docker Compose

To run the playground, just execute the following command:

./gradlew jar
docker compose up --build

It will launch pre-configured Keycloak instance at http://localhost:8080 with the following client:

  • Client ID: testclient
  • Client Secret: testclient

You can use these credentials to authenticate using client credentials grant type and check scopes JWT claim to verify that the mapper is working as expected.

curl --request POST --data 'grant_type=client_credentials&client_id=testclient&client_secret=testclient' http://localhost:8080/realms/test/protocol/openid-connect/token
Screenshot 2023-07-13 at 12 21 10

Building and installing extension to your own Keycloak instance

To build the extension, just run the following command:

./gradlew jar

Then copy resulting JAR file to your Keycloak's providers directory.

cp build/libs/keycloak-custom-scopes-extension-1.0.jar KEYCLOAK_ROOT/providers

Now you can run your Keycloak instance. The custom mapper should appear in available client mappers.

Screenshot 2023-07-13 at 12 24 16 Screenshot 2023-07-13 at 12 24 56 Screenshot 2023-07-13 at 12 25 08

About

An example/POC extension which provides a mapper to override default JWT claim with scopes

Resources

Readme

License

Unlicense license
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages