Keycloak – 将客户端的 IP 地址添加到 JWT 令牌的最佳/最简单方法?

huangapple go评论91阅读模式
英文:

Keycloak - Best/easiest way to add the client's IP address to the JWT token?

问题

我希望将认证用户的 IP 地址添加到 JWT 令牌中,以便稍后在中间件中使用。实现这一目标最简单的方法是什么?

Keycloak v6.0.1

英文:

I'm hoping to add the authenticating user's IP address to the JWT token for later use in the middleware. What is the easiest way to accomplish this?

Keycloak v6.0.1

答案1

得分: 2

Client Address在用户会话注释中不可用,除非用户是服务账户(私有客户端)- 相关文档

最简单的方法是为Keycloak编写一个插件,在用户登录/令牌刷新时添加事件监听器,以将其添加到用户会话注释中。
我创建了这个快速示例 - https://github.com/CharlyRipp/keycloak-user-details-provider

请注意,此示例适用于Keycloak 15(在本回答时)- 将POM的父级更改为所需版本,然后可能需要修复getRealmgetUserSession调用,因为这些调用在最近的版本中已更改。

英文:

Client Address is not available in the user session note, unless the user is a Service Account (private client) - Relevant Documentation.

Easiest way to achieve this is to write a plugin for keycloak, adding an event listener on user login/token refresh to add to the user session notes.
Created this quick example - https://github.com/CharlyRipp/keycloak-user-details-provider.

Note this example is for keycloak 15 (at the time of this answer) - changing the POM parent to the desired version, then may need to fix getRealm and getUserSession calls as those have changed in recent versions.

huangapple
  • 本文由 发表于 2020年8月20日 02:43:43
  • 转载请务必保留本文链接:https://go.coder-hub.com/63493162.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定