I’m using Keycloak JWTs for various purposes, and I use Authorization as well, allowing Keycloak to evaluate user roles, permissions, etc. and this works all fine.
Additionally, I wanted to adjust the JWT structure and come up with a custom structure ie. claim names, nesting levels, etc.
I tried using Token Mappers, but unfortunately, this isn’t easy to achieve with mappers alone.
How can I customize the token structure that Keycloak generates?
For example, from Keycloak’s token with the following structure
{
...
"exp": 1663091192,
"iat": 1663069592,
"jti": "b00c6471-6ba7-4e35-9666-3fe192e46def",
"iss": "http://localhost/auth/realms/realm-name",
"typ": "Bearer",
"azp": "some-realm",
"name": "some user name",
...
"authorization": {
"permissions": [
{
"scopes": [
"DO_SOMETHING",
"DO_SOMETHING_ELSE"
],
"rsid": "SOME_RSID",
"rsname": "SOME_RSNAME"
},
..
]
}
}
I’d like to be able to customize it into a token with different structure, claim names etc. for example something like the following
{
...
"exp": 1663091192,
"iat": 1663069592,
"jti": "b00c6471-6ba7-4e35-9666-3fe192e46def",
"iss": "http://localhost/auth/realms/realm-name",
"typ": "Bearer",
"azp": "some-realm",
"username": "some user name",
...
"authz": {
"some-allowed-things-to-do": [
{
"scopes": [
"DO_SOMETHING",
"DO_SOMETHING_ELSE"
],
"resource" : {
"name": "SOME_RSNAME"
}
},
..
]
}
}
Basically, I’d like to be able to remove some of the claims, rename some of them and ideally change some nesting levels.
Is this possible to achieve and if so, how?