CCCHH/keycloak-attribute-endpoints-provider: A Keycloak provider to get users profile attributes via authenticated API endpoints.

CCCHH/keycloak-attribute-endpoints-provider

A Keycloak provider to get users profile attributes via authenticated API endpoints.

Java 100%

Find a file

kritzl a7be1213af Attempt to use the UiPageProvider to configure endpoints Co-authored-by: June june@jsts.xyz		2026-02-17 13:17:42 +01:00
ssh-key-provider	Attempt to use the UiPageProvider to configure endpoints	2026-02-17 13:17:42 +01:00
.gitignore	gitignore .DS_Store and .vscode	2025-10-31 19:35:32 +01:00
compose.yaml	Attempt to use the UiPageProvider to configure endpoints	2026-02-17 13:17:42 +01:00
README.md	Attempt to use the UiPageProvider to configure endpoints	2026-02-17 13:17:42 +01:00
realm-export.json	Attempt to use the UiPageProvider to configure endpoints	2026-02-17 13:17:42 +01:00
test.json	Attempt to use the UiPageProvider to configure endpoints	2026-02-17 13:17:42 +01:00

README.md

What does this Keykloak Provider do?

Export an anonymized list of User-Attribute values. This provider will provide an api endpoit for every configured attribute-group. Multivalues attribues are not supported (yet).

Configuration in Keykloak

Client with Service-Account
- Assigned roles allow access to attribute export
User profile Groups with attributes

{
    "endpoints": [
        {
            "slug": "myattribute",
            "attribute-group": "myattributes",
            "match-role": "myattribute-access",
            "auth-role": "myattribute-export",
            "attribute-regex": "^(?<key>(ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|ssh-rsa AAAAB3NzaC1yc2)[0-9A-Za-z+/]+[=]{0,3})(\\s.*)?$",
        }
    ]
}

We recommend using a client with service-account, but you can also use a bot-account to authenticate against the provider.