customize user session data in keycloak

Question

I used this curl command to retrieve session details for a user in keycloak:

curl -X GET \
-H 'Authorization: Bearer $TOKEN' \
http://192.168.X.X:8080/auth/admin/realms/$REALM_NAME/users/$ID_OF_CLIENT/sessions

and in response we have:

[{
  "id":"194d6b10-5b94-42c3-86d8-4d1780f70f52",
  "username":"admin",
  "userId":"e258f775-3597-4a72-a490-7bgd7c1cdfdb",
  "ipAddress":"192.168.X.X",
  "start":1589006511000,
  "lastAccess":1589007060000,
  "clients" :
       {
         "53d98bf8-fffd-484c-aae8-500a7cf7a8b6":"authz-servlet",
         "9bc56128-972e-41fe-8946-3ce4b5660e24":"authz-client-app3"
       }
 }]

now I need to add some more details in the session information such as browser version for the logged-in user. Is there any way to add these details?

Answer 1

I suggest you to take a look at userinfo OIDC endpoint. Comparing to you current approach (utilizing Admin REST Api with administrative token) it accepts token issued for end user. If it ok for you, you will be able to customize endpoint output as you want. Customization available at Client Scopes and Mappers tabs in client settings.

Set of mappers available by default is quite wide but i'm afraid by default Keycloak is not preserve information about UA, so you have to develop your own logic to extract it during login flow and than to store it in user session. If you are not familiar with implementing Keycloak Java SPI you can try to do implement your logic via JS mapper.

https://www.keycloak.org/docs/latest/server_admin/index.html#_protocol-mappers_oidc-user-session-note-mappers https://www.keycloak.org/docs/latest/server_development/#_script_providers

AFAIK some examples should be in keycloak github