Keycloak : Retrieve custom attributes in Access Token

Ravinder Thirumala
5 min readDec 20, 2019

Keycloak is an open-source Identity and Access Management (IAM) solution aimed at modern applications and services. Keycloak provides out-of-the-box authentication and authorization services as well as advanced features like User Federation, Identity Brokering, and Social Login.

We are going to see how Keycloak gives us control, to transfer custom attributes to the applications that receive ID Tokens, Access Tokens. Keycloak provides us lot of control of what exactly goes back to the client. To demonstrate this we will configure custom attribute for an user and map that attribute to the Access Token using Mappers.

Spring Boot and Keycloak

Keycloak Client Adapters makes it really easy to secure applications and services. The Client Adapter is available for a number of platforms and programming languages. There are adapters for JBoss EAP/Wildfly, Spring Boot, Angular, NodeScript, and JavaScript.

We will write a RESTful service with SpringBoot and then secure it with Keycloak. We will be writing an application providing REST API, which returns custom attributes in response. Before looking at application we will setup Keycloak Server and then configure it.

Set Up Keycloak

Download Keycloak from here, unzip, and start using the following command:

./standalone.sh(bat)

--

--