Nested JWT claims validation

Hello, I’m trying to use Keycloak JWT roles to perform RBAC.

My JWT contains a nested claim containing the list of roles:

...
  "realm_access": {
    "roles": [
      "offline_access",
      "uma_authorization",
      "user"
    ]
  },
...

Within ServiceRoleBinding I’d like to access the roles with something like

...
subjects:
- properties:
    request.auth.claims[realm_access][roles]: user
...

But it seems that this is not the correct way to access nested claims. Any idea how to perform this?
The setup is working fine for “first level” claims

Authorizing on the nested claim is not supported today. You have to flatten the claim (e.g., “realm_access_roles”: { …}", or perform custom authorization on the structured claim.

1 Like