react-oidc-context icon indicating copy to clipboard operation
react-oidc-context copied to clipboard

Published 20 hours ago verified publisher icon authts

Custom claims not populating in profile array

Open perisicnikola37 opened this issue 11 months ago • 4 comments

Hello.

Problem

When I log in, all user data is stored in session storage, which is fine. Additionally, some information obtained from the access token is stored inside a profile array within it. However, some of the custom added claims are not included.

import { KeycloakConfiguration } from "@/interfaces/KeycloakConfiguration";
import {
  VITE_KEYCLOAK_REALM_CLIENT_ID,
  VITE_KEYCLOAK_URL,
} from "@/utils/configurationData";
import { ErrorMessages } from "@/utils/constants/messageConstants";
import { UserManager, WebStorageStateStore } from "oidc-client-ts";

const keycloakConfig: KeycloakConfiguration = {
  url: VITE_KEYCLOAK_URL,
  clientId: VITE_KEYCLOAK_REALM_CLIENT_ID,
};

const userManagerConfig = {
  authority: keycloakConfig.url,
  client_id: keycloakConfig.clientId,
  redirect_uri: `${window.location.origin}${window.location.pathname}`,
  post_logout_redirect_uri: window.location.origin,
  userStore: new WebStorageStateStore({ store: window.sessionStorage }),
  monitorSession: false,
};

export const userManager = new UserManager(userManagerConfig);

export const onSigninCallback = (): void => {
  updateBrowserHistory();
};

export const onSignoutCallback = async (): Promise<void> => {
  try {
    await userManager.signoutRedirectCallback();
    updateBrowserHistory();
  } catch (error) {
    console.error(ErrorMessages.SignOutCallbackError, error);
  }
};

const updateBrowserHistory = (): void => {
  window.history.replaceState({}, document.title, window.location.pathname);
};

Here is the JWT bearer token as viewed on jwt.io:

{
 "exp": 1733991183,
 "iat": 17223990883,
 "auth_time": 1733990800,
 "jti": "27733703-19ba-4b39-b222-07bac87040a8",
 "iss": "http://localhost:3333/realms/realm",
 "aud": "account",
 "sub": "8d924446-4723-4ceb-8e12-a658934a29ec",
 "typ": "Bearer",
 "azp": "azp",
 "sid": "3515a0b4-5d4c-4947-aa1b-544cc8da12ce",
 "acr": "0",
 "allowed-origins": [
   "http://localhost:5173"
 ],
 "realm_access": {
   "roles": [
     "offline_access",
     "uma_authorization",
     "default-roles-realm"
   ]
 },
 "resource_access": {
   "idm-admin-dashboard": {
     "roles": [
       "edit-users",
       "edit-mobile-channels"
     ]
   },
   "account": {
     "roles": [
       "manage-account",
       "view-profile"
     ]
   }
 },
 "scope": "openid email profile",
 "email_verified": false,
 "name": "name",
 "preferred_username": "x",
 "locale": "sr",
 "given_name": "x",
 "family_name": "x",
 "email": "[email protected]"
}

I noticed that the profile array does not include the following:

  1. allowed origins
  2. realm_access
  3. resource_access

Is there a way to add these into the profile array within an already existing claim?

CC: @Pekonije1

perisicnikola37 avatar Dec 12 '24 08:12 perisicnikola37