Skip to content

Latest commit

 

History

History
51 lines (34 loc) · 2.01 KB

File metadata and controls

51 lines (34 loc) · 2.01 KB

keycloak-custom-scopes-extension

This extension provides a custom mapper which overrides the default "scope" access token JWT claim.

The mapper takes the following "scope" value:

"scope": "foo bar"

And transforms it into Array type:

"scope": ["foo", "bar"]

Run playground

If you have Docker daemon running on your machine, you can just run KeycloakDevRunner.

It will launch pre-configured Keycloak instance in a temporary Docker container with the following client credentials:

  • Client ID: testclient
  • Client Secret: testclient

You can use these credentials to authenticate using client credentials grant type and check scopes JWT claim to verify that the mapper is working as expected.

curl --request POST --data 'grant_type=client_credentials&client_id=testclient&client_secret=testclient' http://localhost:8180/realms/test/protocol/openid-connect/token
Screenshot 2023-07-13 at 12 21 10

Building and installing extension to your own Keycloak instance

To build the extension, just run the following command:

./gradlew jar

Then copy resulting JAR file to your Keycloak's providers directory.

cp build/libs/keycloak-custom-scopes-extension-1.0.jar KEYCLOAK_ROOT/providers

Now you can run your Keycloak instance. The custom mapper should appear in available client mappers.

Screenshot 2023-07-13 at 12 24 16 Screenshot 2023-07-13 at 12 24 56 Screenshot 2023-07-13 at 12 25 08