I have keycloack realm with authorization code flow with public access type.
How can I get user roles from keycloak userinfo endpoint without client_secret?
I'm trying to use mappers but can't get this information. Userinfo endpoint return only this:
{
"sub":"ace69576-614e-41fe-9584-aac69c34dec1",
"email_verified":true,
"name":"John Doe",
"Token Claim Name":[
"Realm Role prefixuma_authorization",
"Realm Role prefixoffline_access"
],
"preferred_username":"user",
"given_name":"John",
"family_name":"Doe",
"email":"[email protected]"
}
How can I get user roles from keycloak userinfo endpoint without client_secret?
Whether or not you can get the user roles from the userinfo endpoint is not related to the type of client (i.e., confidential
or public
).
To make the user roles (i.e., realm or/and client -related roles) also available from the userinfo endpoint do the following:
Create
;Mapper Type
select User Realm Role
;ON
the option Add to userinfo
, and click Save;If the user has client roles assigned to it; Repite the aforementioned steps but this time select User Client Role
as the Mapper Type
.