keycloak_generic_protocol_mapper requires add_to_access_token, add_to_id_token

[leventyalcin]

Hi all,

I'm trying to use keycloak_generic_protocol_mapper and use a custom mapper that I developed.

resource "keycloak_generic_protocol_mapper" "custom_mapper" {
  realm_id               = keycloak_realm.realm.id
  client_id               = keycloak_openid_client.my_client.id
  protocol               = "openid-connect"
  protocol_mapper  = "custom-mapper"
  name                    = "custom"
  config = {
    claim_name          = "custom"
  }
}

However, I can't add those custom mappers to access tokens. All the other mapper types (eg; keycloak_openid_user_attribute_protocol_mapper) have arguments like add_to_access_token, add_to_id_token, add_to_userinfo.

I'm not sure how it could be possible to use a custom mapper without being able to manage those switches on the UI. Even the provider doesn't understand those in the code level, it still turns any of those off at the next terraform apply interestingly.

I'd appreciate if add_to_access_token was available for keycloak_generic_protocol_mapper

Thanks, Levent.

[leventyalcin]

Whilst digging through GitHub, I came across an open source mapper's documentation and I saw the config like the following in here;

config = {
    "claim.name"           = "teams"
    "jsonType.label"       = "JSON"
    "id.token.claim"       = true
    "access.token.claim"   = true
    "userinfo.token.claim" = true
    "dapla-team-api.impl"  = "Mocky"
    "dapla-team-api.url"   = "https://run.mocky.io/"
  }

Apparently, that works.