By Marone: November 2020 | last update: December 2020
The keycloak user has by default some metadata like username, first name, email, but sometimes we need additional informations. With user attributes you have the possibility to enrich the user metadata.
In this article we will learn how to add user custom attributes and how to represent those informations in access token.
What we needKeycloak 8.x
Add custom attributeBefore we start, you must be logged in as an admin in keycloak.
In the left menu bar click on
Users, choose a user, in our case
(johndoe)and the click Attributes tab.
Enter a key and value and click the Add button on the right side.
Now click the Save button.
What we need
Clients in the left menu bar, pick up a client, in our case
(demo-app) and the click Mappers tab.
On the right click the Create button, a new page will appear.
As name you can enter customPermissionMapper, for
Mapper Typeselect User Attribute using the drop down. For the fields
Token Claim Nameyou can use customPermission. Make sure that only
Add to access tokenis ON, then click the Save button.
Get Access toke
Verify Access tokenJust copy the access token and visit jwt.io, the access token contains now the