Hi,
Can we override sub key value in userinfo API? sub key value contain id of that user, i want to replace id with user email, is this possible?
If it is possible, please provide steps to change the value.
To override the sub claim you could implement a JavaScript mapper as described here:
https://www.keycloak.org/docs/latest/server_development/index.html#_script_providers
In the script then like this
if (user.email !== null && user.email.trim() !== "") {
//classical
token.setSubject(user.email);
//fluent
token.subject(user.email);
}
Then add this mapper to the client which needs the email as sub claim.
Generally, I would recommend to use an email adress to send emails and for nothing else. Never as a unique user identifier. Unless you can ensure that it never changes, is not duplicated, and is never reused for other users…
Hey,
Thanks for your response.
I’m using keycloak version 11.0.1. i’m not able to find script mapper field in client mapper section. Please help me out.
There is no script mapper field in client mapper section. As the link I posted describes (did you read the linked documentation?), you have to put your js script file together with some metadata json in a jar file. Then deploy the jar to your KC installation by copying it to the standalone/deployments/ or providers/ (depends on KC distribution) directory. Keycloak has to be started with scripts feature enabled. For the Keycloak 11 wildfly distribution the start parameter is -Dkeycloak.profile.feature.scripts=enabled -Dnashorn.args=--no-deprecation-warning. For quarkus distribution, it is --features=scripts…
Thanks
I’m able to override sub key in keycloak version 11.0.1, but not able to override sub key in version 15.0.2, sub key contain ID of that user, please help here
Hmm, sorry, no idea. I just tested token.setSubject(user.username) and token.subject(user.email) with Keycloak 18.0.2 (wildfly), both worked as expected.
As you can see in the code:
the subject value is overwritten with the one you put in.
Can you pls provide, how to enable script uploader in keycloak version 18.0.2?
I’m using below command but it’s not reflecting in client mapper section.
./kc.sh start-dev --features=scripts
As I wrote above and as the link I posted describes, you have to put your script in a jar file(, which is just a standard zip file renamed to jar). There is no script upload feature any more, it has been removed.
Once your jar is deployed, the script is selectable in the client mapper menu as an extra mapper type, listed with that name you configured in the keycloak-scripts.json in the jar file…