Keycloak Step Up from Client

327 Views Asked by Sheldon Cooper At 28 April 2025 at 14:57

The Keycloak documentation here says you need to add ACR with claims in the request in order to do authentication step up to a higher level. But how is this accomplished from either the keycloak.js client library, or the keycloak-js npm client library?

So basically, how do you get the following claims query param to be passed?

https://{DOMAIN}/realms/{REALMNAME}/protocol/openid-connect/auth?client_id={CLIENT-ID}&redirect_uri={REDIRECT-URI}&scope=openid&response_type=code&response_mode=query&nonce=exg16fxdjcu&claims=%7B%22id_token%22%3A%7B%22acr%22%3A%7B%22essential%22%3Atrue%2C%22values%22%3A%5B%22gold%22%5D%7D%7D%7D

The format of the claims is like this as seen in the documentation:

claims= {
        "id_token": {
            "acr": {
                "essential": true,
                "values": ["gold"]
            }
        }
    }

Original Q&A

There are 1 best solutions below

J_O On 03 February 2023 at 22:02

Doing this off the top of my head, but I think this should do it.

const keycloak = Keycloak({
  url: {DOMAIN},
  realm: {REALMNAME},
  clientId: {CLIENT-ID}
});

keycloak.login({
    ... your login options
    acr: { values: ["silver", "gold"], essential: true } 
})

The adapter will take the acr option and apply it to claims.id_token

Keycloak Step Up from Client

There are 1 best solutions below

Related Questions in KEYCLOAK

Related Questions in KEYCLOAK-SERVICES

Related Questions in KEYCLOAK-REST-API

Related Questions in KEYCLOAK-CONNECT

Related Questions in KEYCLOAK-NODEJS-CONNECT

Trending Questions

Popular # Hahtags

Popular Questions