From f4ec14c3fe529a5bed0022adc29f4b1e9117b5e5 Mon Sep 17 00:00:00 2001 From: ImFlog Date: Wed, 30 Aug 2023 17:36:23 +0200 Subject: [PATCH] doc(js-providers): Add OIDC object mapper documentation --- .../server_development/topics/providers.adoc | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/docs/documentation/server_development/topics/providers.adoc b/docs/documentation/server_development/topics/providers.adoc index ce9c0b08e7..5dca6c65b4 100644 --- a/docs/documentation/server_development/topics/providers.adoc +++ b/docs/documentation/server_development/topics/providers.adoc @@ -304,6 +304,43 @@ should not be at the same level. For example, the authentication flow configurat - Your-Script-Authenticator REQUIRED ---- +==== OpenID Connect Protocol Mapper + +OpenID Connect Protocol Mapper scripts are javascript script that allow you +to change the content of the ID Token and/or the Access Token. + +You can use the `javax.script.Bindings` script within the code. + +`user`:: +the current `UserModel` +`realm`:: +the `RealmModel` +`token`:: +the current `IDToken`. It is available only if the mapper is configured for the ID token. +`tokenResponse`:: +the current `AccessTokenResponse`. It is available only if the mapper is configured for the Access token. +`userSession`:: +the active `UserSessionModel` +`keycloakSession`:: +the active `KeycloakSession` + +The exports of the script will be used as the value of the token claim. + +[source,javascript] +---- +// prints can be used to log information for debug purpose. +print("STARTING CUSTOM MAPPER"); + +var inputRequest = keycloakSession.getContext().getHttpRequest(); +var params = inputRequest.getDecodedFormParameters(); +var output = params.getFirst("user_input"); +exports = output; +---- + +The above script allows to retrieve a `user_input` from the authorization request. +This will be available to map in the `Token Claim Name` configured in the mapper. + + ==== Create a JAR with the scripts to deploy NOTE: JAR files are regular ZIP files with a `.jar` extension. @@ -391,6 +428,7 @@ The name of the script file. This property is *mandatory* and should map to a fi ==== Deploy the script JAR Once you have a JAR file with a descriptor and the scripts you want to deploy, you just need to copy the JAR to the {project_name} `providers/` directory, then run `bin/kc.[sh|bat] build`. +Note that you also need to enable the `scripts` feature. === Available SPIs