openid-connect-generic icon indicating copy to clipboard operation
openid-connect-generic copied to clipboard

Published 20 hours ago verified publisher icon oidc-wp

Claim field `resource_access` missing

Open tophattom opened this issue 5 years ago • 2 comments

I'm using Keycloak as the OpenID server and the default roles mapper by default puts user's client roles in path in resource_access.${client_id}.roles token. This field is not present in the $user_claim passed to the openid-connect-generic-update-user-using-current-claim action. However, when I change the path to asd.${client_id}.roles, for example, they will show up in the $user_claim

tophattom avatar Feb 05 '20 13:02 tophattom

@tophattom Hi, did you solve it? I need to mapping role keycloak to wordpress too.

ridwankustanto avatar Jun 14 '21 07:06 ridwankustanto

This issue is not strictly related to mapping Keycloak roles to Wordpress roles. You can work around the issue here by creating a new mapper on the Keycloak client that puts the client roles in a different claim on the token (wp_roles in my case). You can then use that new claim in, for example, the openid-connect-generic-user-create and openid-connect-generic-update-user-using-current-claim to map those roles to Wordpress roles.

tophattom avatar Jun 14 '21 09:06 tophattom