By Marone: November 2020 | last update: December 2020
Keycloak custom user attributes
Goal
The keycloak user has by default some metadata like username, first name, email, but sometimes we need additional informations. With user attributes you have the possibility to enrich the user metadata.
In this article we will learn how to add user custom attributes and how to represent those informations in access token.
What we need
Keycloak 8.xcurl 7.65
jq 1.5
jwt.io
Add custom attribute
Before we start, you must be logged in as an admin in keycloak.In the left menu bar click on
Users, choose a user, in our case (johndoe) and the click Attributes tab.
Enter a key and value and click the Add button on the right side.
Now click the Save button.
What we need
Click on Clients in the left menu bar, pick up a client, in our case (demo-app) and the click Mappers tab.
On the right click the Create button, a new page will appear.
As name you can enter customPermissionMapper, for
Mapper Type select User Attribute using the drop down. For the fields User Attribute and Token Claim Name you can use customPermission. Make sure that only Add to access token is ON, then click the Save button.
Get Access toke
Verify Access token
Just copy the access token and visit jwt.io, the access token contains now thecustomPermission claim