Keycloak : Retrieve custom attributes in Access Token
Keycloak is an open-source Identity and Access Management (IAM) solution aimed at modern applications and services. Keycloak provides out-of-the-box authentication and authorization services as well as advanced features like User Federation, Identity Brokering, and Social Login.
We are going to see how Keycloak gives us control, to transfer custom attributes to the applications that receive ID Tokens, Access Tokens. Keycloak provides us lot of control of what exactly goes back to the client. To demonstrate this we will configure custom attribute for an user and map that attribute to the Access Token using Mappers.
Spring Boot and Keycloak
We will write a RESTful service with SpringBoot and then secure it with Keycloak. We will be writing an application providing REST API, which returns custom attributes in response. Before looking at application we will setup Keycloak Server and then configure it.
Set Up Keycloak
Download Keycloak from here, unzip, and start using the following command:
In your browser, go to
Since it’s the first time that the Keycloak server is running, you will have to create an admin user, so let’s create an admin user with
admin as the username.
Now, log in to Keycloak using
admin user and start configuring Keycloak, the
admin user is created in the default realm called
A realm secures and manages security metadata for a set of users, applications, and registered oauth clients. Users can be created within a specific realm within the Administration console. Roles (permission types) can be defined at the realm level and you can also set up user role mappings to assign these permissions to specific users.