Last active
October 29, 2022 19:03
-
-
Save webdeb/d8a99df9023f01b78e3e8ff580abe10b to your computer and use it in GitHub Desktop.
Revisions
-
webdeb revised this gist
Aug 16, 2020 . 1 changed file with 5 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -32,3 +32,8 @@ Thats it, the next step is just to verify your settings 7. Go to clients -> your-client -> Scopes -> Evaluate 8. Select an user, and see the generated JWT payload in "Generated Access Token" Tab Update: Keycloak has a new policy. they disable ScriptMappers by default You have to start the instance with this flag: `-Dkeycloak.profile.feature.upload_scripts=enabled` -
Dec 27, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,7 +7,7 @@ 5. Choose Mapper Type "Script Mapper" 6. Add following script to demonstrate how it works ```js /** * Available variables: * user - the current user (UserModel) -
Dec 27, 2019 . 1 changed file with 15 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -8,10 +8,23 @@ 6. Add following script to demonstrate how it works ``` /** * Available variables: * user - the current user (UserModel) * realm - the current realm (RealmModel) * token - the current token (TokenModel) * userSession - the current userSession (UserSessionModel) * keycloakSession - the current keycloakSession (KeycloakSessionModel) */ //insert your code here... var roles = []; for each (var role in user.getRoleMappings()) roles.push(role.getName()); token.setOtherClaims("https://hasura.io/jwt/claims", { "x-hasura-user-id": user.getId(), "x-hasura-allowed-roles": Java.to(roles, "java.lang.String[]"), "x-hasura-default-role": "user", }); ``` -
Dec 26, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,21 @@ # Steps to provide Hasura Claims in Keycloak generated JWT 1. Create your realm / client 2. Inside client configuration go to "Mappers" 3. Click on "Create" 4. Name it "hasura" 5. Choose Mapper Type "Script Mapper" 6. Add following script to demonstrate how it works ``` token.setOtherClaims("https://hasura.io/jwt/claims", { "x-hasura-user-id": user.id, "x-hasura-default-role": "user", "x-hasura-allowed-roles": ["user", "anonymous"] }); ``` Thats it, the next step is just to verify your settings 7. Go to clients -> your-client -> Scopes -> Evaluate 8. Select an user, and see the generated JWT payload in "Generated Access Token" Tab