Retrieve Keycloak attributes in access_token

Question

I can't get permissions that a role has defined in my access_token. I defined 3 roles (with Keycloak): ADMIN, GUEST and SUPERADMIN.

SUPERADMIN has read, write and gestion permissions (p_Read, p_Write and p_gestion).

With postman, SUPERADMIN do login, and gets the obfuscated access_token. When I deobfuscate it, I get the following information (which is correct)

"iat": 1654784756,
  "jti": "6bc716df-66fc-47ad-9eaf-8ef252969c61",
  "iss": "https://dev.mydomain.com/auth/realms/Licenses",
  "aud": "account",
  "sub": "55552ce7-3f92-49a7-835f-7cd356a34d7e",
  "typ": "Bearer",
  "azp": "Licenses",
  "session_state": "1cb9ac94-0d53-423c-9cd6-66472c8ce02b",
  "acr": "1",
  "realm_access": {
    "roles": [
      "SUPERADMIN",
      "offline_access",
      "default-roles-licenses",
      "uma_authorization"
    ]
  },
  "resource_access": {
    "Licenses": {
      "roles": [
        "SUPERADMIN"
      ]
    },
    "account": {
      "roles": [
        "manage-account",
        "manage-account-links",
        "view-profile"
      ]
    }
  },
  "scope": "openid email profile",
  "email_verified": false,
  "name": "Pepe",
  "preferred_username": "pepe@user.com",
  "given_name": "Pepe",
  "family_name": "Pepe",
  "email": "pepe@user.com"

but, I don't receive the permissions configured for SUPERADMIN. I need to receive the "p_Read","p_Write" and "p_Gestion" permissions in my access_token.

Am I missing some setting or am I doing something wrong?

Answer 1

You can get attributes by Get role API. Also user needs the "manage-realm" role when you get the token.

Steps

1. Assign "manage-realm" to user

2. Get Token

3. Get Role