I recently had a scenario where an SP integrated with Keycloak was POSTing the OAuth request to the IdP with additional parameters in the form body. The issue was that I needed this variable later in the authentication flow, after authentication steps were completed. Now, how can I store that variable for use later?

After doing some digging, I decided to try my hand at using the JavaScript Authenticator Provider to accomplish this. Specifically, I’m using the provider to set a note in the authentication session with the value I need.

function authenticate(context) {
    var subject = context.getHttpRequest().getFormParameters().getFirst("subject");
    authenticationSession.setUserSessionNote("subject", subject)
}

Then after authentication I can get this note out of the session and do what I needed to do with it:

function authenticate(context) {
    subject = authenticationSession.getUserSessionNotes().get("subject")

    // Do whatever you need to do with the subject variable here
    // ...
}

All tied together with the Authentication Flow:

Note that this is only the solution that I found to this problem on version 18 of Keycloak. There may be a more elegant solution to do this in that version or a new version that I’m not aware of.