roo*_*099 2 jwt openid-connect keycloak
I have configured a user my_user who belongs to my_group in Keycloak 4.8.3. I have then obtained an id token for it with grant type Resource Owner Password Credentials (ROPC). When I inspect the issued id token with a tool such as jwt.io I can see that the user's id and name are included as JWT clains sub and preferred_username respectively.
But where does group membership show up inside the JWT?
您需要创建映射器。在 Keycloak 管理控制台中,转到客户端,选择您的客户端,选项卡“映射器”,单击网格标题中的创建。在 Mapper type 组合中选择 Group Membership 并填写其他数据(名称、令牌声明名称)。