Keycloak : Retrieve custom attributes in Access Token

Ravinder Thirumala
5 min readDec 20, 2019

Keycloak is an open-source Identity and Access Management (IAM) solution aimed at modern applications and services. Keycloak provides out-of-the-box authentication and authorization services as well as advanced features like User Federation, Identity Brokering, and Social Login.

We are going to see how Keycloak gives us control, to transfer custom attributes to the applications that receive ID Tokens, Access Tokens. Keycloak provides us lot of control of what exactly goes back to the client. To demonstrate this we will configure custom attribute for an user and map that attribute to the Access Token using Mappers.

Spring Boot and Keycloak

Keycloak Client Adapters makes it really easy to secure applications and services. The Client Adapter is available for a number of platforms and programming languages. There are adapters for JBoss EAP/Wildfly, Spring Boot, Angular, NodeScript, and JavaScript.

We will write a RESTful service with SpringBoot and then secure it with Keycloak. We will be writing an application providing REST API, which returns custom attributes in response. Before looking at application we will setup Keycloak Server and then configure it.

Set Up Keycloak

Download Keycloak from here, unzip, and start using the following command:

./standalone.sh(bat)

In your browser, go to http://localhost:8080/auth/

Since it’s the first time that the Keycloak server is running, you will have to create an admin user, so let’s create an admin user with admin as the username.

Now, log in to Keycloak using admin user and start configuring Keycloak, the admin user is created in the default realm called master.

A realm secures and manages security metadata for a set of users, applications, and registered oauth clients. Users can be created within a specific realm within the Administration console. Roles (permission types) can be defined at the realm level and you can also set up user role mappings to assign these permissions to specific users.

Creating a Realm

--

--