This extension provides a custom mapper which overrides the default "scope" access token JWT claim.
The mapper takes the following "scope" value:
"scope": "foo bar"And transforms it into Array type:
"scope": ["foo", "bar"]If you have Docker daemon running on your machine, you can just run KeycloakDevRunner.
It will launch pre-configured Keycloak instance in a temporary Docker container with the following client credentials:
- Client ID: testclient
- Client Secret: testclient
You can use these credentials to authenticate using client credentials grant type and check scopes JWT claim to verify that the mapper is working as expected.
curl --request POST --data 'grant_type=client_credentials&client_id=testclient&client_secret=testclient' http://localhost:8180/realms/test/protocol/openid-connect/token
To build the extension, just run the following command:
./gradlew jarThen copy resulting JAR file to your Keycloak's providers directory.
cp build/libs/keycloak-custom-scopes-extension-1.0.jar KEYCLOAK_ROOT/providersNow you can run your Keycloak instance. The custom mapper should appear in available client mappers.
