search

mrparkers / terraform-provider-keycloak

Terraform provider for Keycloak
https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs
MIT License
624 stars 306 forks source link

keycloak_generic_protocol_mapper requires add_to_access_token, add_to_id_token #889

Closed leventyalcin closed 4 months ago

leventyalcin commented 11 months ago

Hi all,

I'm trying to use keycloak_generic_protocol_mapper and use a custom mapper that I developed. 

resource "keycloak_generic_protocol_mapper" "custom_mapper" {
  realm_id               = keycloak_realm.realm.id
  client_id               = keycloak_openid_client.my_client.id
  protocol               = "openid-connect"
  protocol_mapper  = "custom-mapper"
  name                    = "custom"
  config = {
    claim_name          = "custom"
  }
}

However, I can't add those custom mappers to access tokens. All the other mapper types (eg; keycloak_openid_user_attribute_protocol_mapper) have arguments like add_to_access_token, add_to_id_token, add_to_userinfo.

I'm not sure how it could be possible to use a custom mapper without being able to manage those switches on the UI. Even the provider doesn't understand those in the code level, it still turns any of those off at the next terraform apply interestingly.

I'd appreciate if add_to_access_token was available for keycloak_generic_protocol_mapper

Thanks, Levent.

leventyalcin commented 11 months ago

Whilst digging through GitHub, I came across an open source mapper's documentation and I saw the config like the following in here;

config = {
    "claim.name"           = "teams"
    "jsonType.label"       = "JSON"
    "id.token.claim"       = true
    "access.token.claim"   = true
    "userinfo.token.claim" = true
    "dapla-team-api.impl"  = "Mocky"
    "dapla-team-api.url"   = "https://run.mocky.io/"
  }

Apparently, that works.