Keycloak - Can you add custom claims to client credentials?

3.2k Views Asked by janwr At 19 October 2024 at 17:28

I'm using keycloak to get access tokens but I need those jwt tokens to have a 'policy' attribute/claim that MinIO requires.

Now, I can get those by calling the token endpoint with grant_type = password, plus username and pass.

I know that that policy attribute is mapped from the user, but, is there any possibility that I could get client creds (grant_type = client_credentials) including that attribute? or any other type of grant?

Original Q&A

There are 2 best solutions below

Ken Huang On 07 January 2021 at 07:27

you can add Mapper to the client

Mapper Type: "hardcoded claim"

Token Claim Name: <token body key>, in your case is 'policy'

Claim value : <the value>

ScanQR On 07 September 2023 at 14:27

As Client Mappers are applicable to any token issued to this client, it should be avoided as much as possible in case of specific scenarios.

Define "scope" and add "hard code mapper" with custom claims.
Add this scope to client -> client scope -> optional scopes
Pass this scope while requesting client credentials

Keycloak - Can you add custom claims to client credentials?

There are 2 best solutions below

Related Questions in JWT

Related Questions in SINGLE-SIGN-ON

Related Questions in KEYCLOAK

Related Questions in MINIO

Trending Questions

Popular # Hahtags

Popular Questions