Keycloak - Client Roles - Retrieve custom attributes

Question

I have created a client role as special_agent and have added two attributes as approve_leave and raise_leave.

I'm using the Javascript adapter and am able to login successfully on my website. I'm also able to receive the client role that I have assigned to the user. I, however, want to get the custom attributes specified in the client role. Below is the result of the keycloak.tokenParsed

Is there a way to retrieve client role attributes? I looked for the Mappers in the Client settings, but couldn't figure out the details.

Answer 1

You can get the Client's role and attribute by API call. GET /{realm}/clients/{id}/roles/{role-name}

Example for)

There are a couple of requirements. #1 User(agency_user) should assigned two roles(manage-realm, view-clients) in Keyclaok UI

#2 get access token by API and save into Postman variable http://127.0.0.1:8080/auth/realms/test/protocol/openid-connect/token Client id & secret get from Keyclaok UI as attached

#3 You should know the client ID by GET client API using #1 access token http://127.0.0.1:8080/auth/admin/realms/test/clients

More detail information, Good Luck! https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_roles_resource

Answer 2

You can also create a Script Mapper, e.g.,

var roles = {}
for each (var role in user.getRoleMappings()) {
    roles[role.name] = role.getAttributes();
}
token.setOtherClaims('roles', roles);