I added a custom attribute to my access token but it is now shown.
user has attribute named birthDate
created a client mapper (UserAttribute)
when I evaluate in Client Scopes, it can be found in the list but when I check the access token, nowhere it is
I did every step on a keycloak I can connect remotely and there it works. Feels like it is caching something. I used the cache buttons at Realm → Caches. Also I deleted the keycloak, installed it again and same. Does keycloak cache somewhere else on a windows?
I couldn’t add user attributes to the token as well.
For me the solution was to use keycloak’s token exchange feature.
More info → Using token exchange - Keycloak
To do so, I had to do the following:
Add features option to keycloak’s build command. Then rebuild/restart keycloak.
kc.sh build --features="token-exchange"
Make a POST keycloak request to /auth/realms/client-id/protocol/openid-connect/token endpoint with grant_type=password in payload.
Get an access token from this request
Make a new request to /auth/realms/client-id/protocol/openid-connect/token endpoint with grant_type=urn:ietf:params:oauth:grant-type:token-exchange and subject_token containing access token from previous request.
Decode token from token exchange to be able to view user attributes.