Custom Attribute in Keycloak Access Token
Here’s how you can create a custom attribute in Keycloak access token:
To add a custom attribute to the Keycloak access token, you need to define and configure a custom protocol mapper. Protocol mappers are responsible for extracting information from Keycloak and adding it to the access token.
Select the desired realm where you want to create the custom attribute.
Info
Scopes Contains mappers
for example , if we click on the address , there is a section for mappers
below are some of the examples of the mappers we are adding for the scope Address:
Now coming to Custom Mappers
Step 1:
Go to Clients → select the Client application that you wan to create a custom attribute for example: Select Testclient as a client application
Now Go to ClientScopes of the menu Tab and select the dedicated one
Under the “Mappers” tab, click on the “Add mapper” button to add a new mapper. Click on the By Configuration ans select USER ATTRIBUTE
Choose the appropriate protocol mapper type based on your requirements. for example let us Select Below option
and add the following details , change Name according to your needs and add User Attribute , this is the attribute that we are going to set for required user , click save don’t forget do it .
Step 2:
Now go to Users and select the user that you want to add a attribute
here test key is from the User Attribute name that we set in the above image and add value as per requirement
Now go to the Role mapping and select the client application role for this user , incase if it is not there , select Assign Role from the below image
and select the role of the client application by searching Filter by Clients
Now test with post man by sending the following credentials , we get access token , copy the access token to the jwt.io and see the custom attribute.
finally we have custom attribute in access token
Note :It’s important to note that adding custom attributes to the access token may have security implications, so ensure that you carefully review and validate the information being added to the token to prevent any potential vulnerabilities.