0

I'm using keycloak-connect (nodejs) for my backend with a bearer-only profile. The frontend is a client with a public profile:

1 - How can I add some private custom attributes in userInfo that are only accessible by the backend (bearer-only) ? I'm adding some attributes to the client that can only be seen by the backend, plus I don't want to add them to the token so I wont have a huge token size.

2 - How are sessions used with keycloak-connect ? I don't see anything stored by keyclaok when I inspect my store (redis) and I didn't find anything in the documentation.

3 - When performing online validation, Is grantmanager.validateAccessToken sufficient to get the userInfo or do I also need to use grantmanager.userInfo ? because 2 requests are a little bit costly

Thank you

Skander
  • 1
  • to add custom attributes, you can follow the documentation at https://www.keycloak.org/docs/latest/server_admin/#_protocol-mappers for example you can add user roles. These custom attributes are called claims in openid see https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims – Matthias Wiedemann Sep 10 '21 at 07:01
  • it is not common to ask several questions, I recommend you open each question as its own. – Matthias Wiedemann Sep 10 '21 at 07:04
  • That's true, I asked several questions because they are a little bit related to the same thing and didn't want to spam with many questions. It's not possible to add custom mappers to bearer-only clients , they can only verify tokens. What I wanted to achieve is: my frontend is a public client and my backend a bearer-only client, I wanted the backend to be able to access some user info private properties that are not accessible by the public client. – Skander Sep 10 '21 at 16:54

0 Answers0