зеркало из
https://github.com/iharh/notes.git
synced 2025-10-29 12:46:06 +02:00
36 строки
1.3 KiB
Plaintext
36 строки
1.3 KiB
Plaintext
https://www.baeldung.com/keycloak-custom-user-attributes
|
|
|
|
"operator_id": "<operator-id-uuid>"
|
|
"realm_access": { "roles": [ ..., "operator" ] }
|
|
"scopes" : "... operator_id"
|
|
"groups": [..., "operator" ],
|
|
|
|
Realm settings -> User profile -> Create attribute
|
|
operator_id
|
|
permissions -> Admin/Admin
|
|
annotations -> Input type - text
|
|
JSON editor
|
|
https://www.keycloak.org/docs/latest/server_admin/#_user-profile-json-configuration
|
|
fix displayName
|
|
|
|
Realm roles -> operator
|
|
Users -> some-user -> Role mapping -> Assign role -> select "Filter by Realm Roles"
|
|
|
|
Client scopes -> operator_id
|
|
Settings ->
|
|
Include in token scope -> On
|
|
Mappers
|
|
Mapper type: "User Attribute"
|
|
Name: operator_id
|
|
User Attribute: operator_id
|
|
Token Claim Name: operator_id
|
|
Add to: id token, access token, user info, token introspection
|
|
Clients -> account-console - Client scopes -> Add client scope -> operator_id (!!! Default !!!)
|
|
- Client Details -> Dedicated scopes -> account-console-dedicated -> Full scope allowed (On)
|
|
|
|
check
|
|
"Realm Roles -> operator -> Users in role"
|
|
Users -> some-user -> Details -> operatorId attribute
|
|
clients -> client scopes tab -> evaluate ->
|
|
generated access token
|