I am using OAuth2 authorization with a Redhat Keycloak authentication server. Setting up a working authorization code grant flow worked fine, I can authenticate a user with Keycloak and Simplifier also passes the bearer token in the authorization header for my REST connector to the backend services. I have two questions:
1) It appears to me, that Simplifier does not automatically refreshes the access token with the renewal token after the access token has expired. I have to logout of Simplifier and log back in to get the access token renewed. Is there a possibility for an automated silent refresh?
2) Keycloak passes the assigned roles of a user in the JWT access token back to Simplifier in a format like this:
Snipped of the JWT access token:
…
“resource_access”: {
“simplifier”: {
“roles”: [ “MY_ROLE” ]
}
}
…
How would I define the attribute mapping in the Simplifier Role Mapping configuration to test for the value of the role MY_ROLE. I was trying several formats but none of them worked, e.g. resource_access/simplifier/roles. Even testing for the existence of the top level attribute “resource_access” returns a FALSE. It seems to me that Simplifier only recognizes a top level unstructured attribute in the JWT token, e.g. “user_role”: “MY_ROLE”. I finally recognised that Simplifier only looks at the ID token and not the access so I included the role information into the ID token, but the problem still remains.
