I would like Keycloak (2.3.0.Final) to include the permissions associated to user in the ID token. I tried to create a mapper to map the all permissions, but unfortunatelly, there is no option to add this kind of feature.
Does anybody know how to do this?
Thanks to a friend, I solved this!
The problem is, I'd like to retrieve information about authorization that belongs to a specific client. In the current version of Keycloak (2.3.0.Final) You are not able to retrieve permissions through the token, and this is make totally sense.
So you have 2 alternatives: first one is using permission ticket, and another one is by Entitlement API.
So, I'm using the second alternative:
curl -X GET \
-H "Authorization: Bearer ${access_token}" \
"http://localhost:8080/auth/realms/${realm_name}/authz/entitlement/${resource_server_id}"
which is realm_name, is the name that was added to realm (presented in url), and resource_server_id, is the client_id that was chosen in client settings.
Also, the first alternative will be used with a permission ticket:
curl -X POST
-H "Authorization: Bearer ${AAT}" -d '{
"ticket" : ${PERMISSION_TICKET}
}' "http://localhost:8080/auth/realms/${realm_name}/authz/authorize"
Here is some useful links to solve this: