By Marone: November 2020 | last update: December 2020

Keycloak custom user attributes


The keycloak user has by default some metadata like username, first name, email, but sometimes we need additional informations. With user attributes you have the possibility to enrich the user metadata.

In this article we will learn how to add user custom attributes and how to represent those informations in access token.

What we need

Keycloak 8.x
curl 7.65
jq 1.5

Add custom attribute

Before we start, you must be logged in as an admin in keycloak.
In the left menu bar click on Users, choose a user, in our case (johndoe) and the click Attributes tab. Keycloak custom user attribute
Enter a key and value and click the Add button on the right side.
Now click the Save button.

What we need

Click on Clients in the left menu bar, pick up a client, in our case (demo-app) and the click Mappers tab.
On the right click the Create button, a new page will appear.

Keycloak user attribute mapper
As name you can enter customPermissionMapper, for Mapper Type select User Attribute using the drop down. For the fields User Attribute and Token Claim Name you can use customPermission. Make sure that only Add to access token is ON, then click the Save button.

Get Access toke

Verify Access token

Just copy the access token and visit, the access token contains now the customPermission claim