This custom attribute mapper can be used to fetch a user's public SSH key whenever they log in with Github, and store it into a custom attribute.

mvn clean install

To build the SPI for use with a version of Keycloak prior to 22.X, you need to use openjdk 11 and patch pom.xml to target java 11:

<source>11</source>
<target>11</target>

A SQL database backend is required. The user attributes table must be manually modified to allow larger attributes like public keys.

Example for mariadb/mysql:

alter table USER_ATTRIBUTE drop index IDX_USER_ATTRIBUTE_NAME; alter table USER_ATTRIBUTE modify VALUE TEXT(100000) CHARACTER SET utf8 COLLATE utf8_general_ci; alter table USER_ATTRIBUTE ADD KEY IDX_USER_ATTRIBUTE_NAME (NAME, VALUE(400));

Copy the built jar into {KEYCLOAK_HOME}/standalone/deployments

Copy the built jar into /opt/keycloak/providers

The testing directory contains a Dockerfile that can be used to generate an optimized keycloak image with the mapper preinstalled.

There is also a compose spinning up keycloak, the mapper, and a mariadb instance - but the database needs to be modified manually (a Github oauth provider as well).

The demo.sh script automates everything, but requires the following preparation:

• Create a Github OAuth app for your test deployment, the callback URL will be http://localhost:8082/realms/test/broker/github/endpoint
• Set the environment variables GH_CLIENT_ID and GH_CLIENT_PASSWORD to the generated client ID and password, respectively
• run demo.sh
• Log in with Github when prompted and press any key to display the user's attributes, your SSH key should appear in "pubKey".