Returning Realm Roles in Token

Carl · June 11, 2022, 1:00pm

Hi,

I added a User Realm Role Mapper to the off-the-shelf /account Client. When I print out the token, I see resource_access which returns the correct (default) roles for the client. However, I don’t see a realm_access section when I log in to /account.

I used Add Builtin to hook the Realm Role Mapper to the client.

I’m running 18 in dev mode and restarted a few times. Is there a setting I’m missing to put this Mapper into effect?

Thanks,
Carl

Carl · June 11, 2022, 1:08pm

I’ve tried a few Scope settings too like “Full Scope Allowed” and moving all the roles to the assigned list.

Carl · June 12, 2022, 12:30pm

My test case is as follows. I tried this on KC 17 and 18

Create a realm
Create a user
On the Client “Account”, add a User Realm Roles Mapper
On the Client “Account”, set Full Scope Allowed
Log on to Client “Account”
Print the token
Verify that there is no realm_access section

I also created a Realm Role “myrole” and add it to the user to see if maybe the defaults were deliberately not sent.

Carl · June 12, 2022, 1:13pm

I also cleared the cache and verified that the realm_access section shows up in the Client Scopes / Evaluate / Generated Access Token tab. The token shown in the console does not have the same fields as what I get from the POST /token call.

Carl · June 12, 2022, 1:15pm

heh. Mixed up the clients. I was troubleshooting account when the token was based on account-console. Adding Full Scope Allowed to this client worked.

Topic		Replies	Views
Returning client roles in realm for single client Getting advice	9	3388	July 18, 2024
Missing realm roles in access token Getting advice oidc	1	7064	October 19, 2023
SPI Question: Missing Client from resource_access Securing applications	1	493	June 21, 2022
Getting a client scope when user has a specific role Getting advice	0	563	February 20, 2023
Default Realm Role	1	2002	June 16, 2022

Returning Realm Roles in Token

Related topics