使用keycloak userinfo端点获取用户角色 [英] Get the user roles with the keycloak userinfo endpoint
问题描述
如何获取在keycloak中userinfo终结点的回复中包含的角色.我在密钥斗篷中为用户定义了角色映射".当我呼叫userinfo端点时,我得到诸如电子邮件名称等字段,但角色未包含在回复中.当我调用auth端点时,我获得了access_token,并且在该范围内包含了角色.这是来自auth端点的回复:
How can I get the the roles included in the reply of the userinfo endpoint in keycloak. I defined a "Role Mapping" for the user in keycloak. When I call the userinfo endpoint I get the fields like email name etc, but the roles are not included in the reply. When I call the auth endpoint I get the access_token and in the field scope has roles included. Here is the reply from the auth endpoint:
access_token" QJsonValue(string, "eyJhb...")
"expires_in" QJsonValue(double, 300)
"not-before-policy" QJsonValue(double, 0)
"refresh_expires_in" QJsonValue(double, 1800)
"refresh_token" QJsonValue(string, "eyJhb...")
"scope" QJsonValue(string, "profile email roles")
"session_state" QJsonValue(string, "20b48536-4b38-4aa6-9072-e8309833402e")
"token_type" QJsonValue(string, "bearer")
我也尝试用属性"scope = roles"调用userinfo端点,但这没有用.
I also tried to call the userinfo endpoint with the attribute "scope=roles", but this didn't work.
推荐答案
在Keycloak的映射器页面中,有一个名为Add to userinfo
的设置必须启用.
In the mapper page on Keycloak, there is a setting called Add to userinfo
, that has to be enabled.
这篇关于使用keycloak userinfo端点获取用户角色的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!