I am working with a customer that is trying to pass custom attributes from RH-SSO to the client application.
To troubleshoot this, I need to verify that the token contains the custom attribute. To accomplish this, I need to see the token.
At the moment, I have to ask the customer to add code to the application to dump the token:
KeycloakSecurityContext session = (KeycloakSecurityContext) httpServletRequest.getAttribute(KeycloakSecurityContext.class.getName());
String accessTokenString = session.getTokenString();
We need a way to see the tokens that are getting passed around.
The token should be logged with a trace level logger and should not include the token signature.