Keycloak/OIDC : retrieve user groups attributes

I was able to achieve this by adding groups/roles info in token other claims property:

For this in keycloak config, go to your client -> mappers & add a group/role mapper. E.g.

enter image description here

Now this info will start coming in your access token:

enter image description here

To access these group attribute in Java you can extract it from otherclaims property of accesstoken. E.g.:

KeycloakSecurityContext keycloakSecurityContext = (KeycloakSecurityContext)(request.getAttribute(KeycloakSecurityContext.class.getName()));         
AccesToken token = keycloakSecurityContext.getToken();

In below image you can see that otherclaims property of token is filled with groups attribute that we created on keycloak. Note that if we had named "token claim property" as groupXYZ, the otherclaims would be showing: groupsXYZ=[Administrator]

enter image description here

This is how I could eventually map group attributes (inherited as user attributes, as suspected before) into user informations, into the "other claims" section :

User Attribute Mapper

Keycloak/OIDC : retrieve user groups attributes

Tags:

Resteasy

Openid Connect

Keycloak Services

Related

Recent Posts