使用keycloak userinfo端点获取用户角色 [英] Get the user roles with the keycloak userinfo endpoint

问题描述

如何获取在keycloak中userinfo终结点的回复中包含的角色.我在密钥斗篷中为用户定义了角色映射".当我呼叫userinfo端点时，我得到诸如电子邮件名称等字段，但角色未包含在回复中.当我调用auth端点时，我获得了access_token，并且在该范围内包含了角色.这是来自auth端点的回复:

How can I get the the roles included in the reply of the userinfo endpoint in keycloak. I defined a "Role Mapping" for the user in keycloak. When I call the userinfo endpoint I get the fields like email name etc, but the roles are not included in the reply. When I call the auth endpoint I get the access_token and in the field scope has roles included. Here is the reply from the auth endpoint:

access_token" QJsonValue(string, "eyJhb...")
"expires_in" QJsonValue(double, 300)
"not-before-policy" QJsonValue(double, 0)
"refresh_expires_in" QJsonValue(double, 1800)
"refresh_token" QJsonValue(string, "eyJhb...")
"scope" QJsonValue(string, "profile email roles")
"session_state" QJsonValue(string, "20b48536-4b38-4aa6-9072-e8309833402e")
"token_type" QJsonValue(string, "bearer")

我也尝试用属性"scope = roles"调用userinfo端点，但这没有用.

I also tried to call the userinfo endpoint with the attribute "scope=roles", but this didn't work.

推荐答案

在Keycloak的映射器页面中，有一个名为Add to userinfo的设置必须启用.

In the mapper page on Keycloak, there is a setting called Add to userinfo, that has to be enabled.

这篇关于使用keycloak userinfo端点获取用户角色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！