Description
Describe the bug
Hi,
Added custom claim using javascript rule to push back extra info to the resource server for filtering. The evaluation API gives the expected success result but the Java client in springboot gives access denied.
{
"exp": 1655733351,
"iat": 1655733051,
"jti": "468bee4c-395f-430b-856d-9ac205917fe0",
"aud": "dummy",
"sub": "f:345374dc-dfdf-43c4-8e5b-996075be8412:ET1024",
"typ": "Bearer",
"azp": "dummy",
"session_state": "9905c2c9-aa5c-4722-b025-51418d7a4bf4",
"allowed-origins": [
"*"
],
"resource_access": {
"dummy": {
"roles": [
"user"
]
}
},
"authorization": {
"permissions": [
{
"scopes": [
"view"
],
"claims": {
"countries": [
"IN",
"US"
]
},
"rsid": "49c7f215-c2e8-4fab-abce-b23bcd1dfbeb",
"rsname": "Widgets"
}
]
},
"scope": "email profile",
"sid": "9905c2c9-aa5c-4722-b025-51418d7a4bf4",
"email_verified": false,
"name": "Dummy",
"preferred_username": "ET1024",
"locale": "en",
"given_name": "Dummy",
"family_name": "Dummy",
"email": "Dummy@Dummy.com"
}
Version
26.1.0
Expected behavior
If evaluation API gives success RPT with extra claims, Java client should also evaluate to granted.
Actual behavior
The Java client gives access denied. If I remove the custom claim it gives success RPT.
How to Reproduce?
Just add custom claim Using Javascript and attach the policy to any permission which gets called using the Java client in springboot
Anything else?
I had created the same case at Keycloak level ,but was closed as not planned