Describe the bug

Hi,

Added custom claim using javascript rule to push back extra info to the resource server for filtering. The evaluation API gives the expected success result but the Springboot adapter gives access denied.

{
"exp": 1655733351,
"iat": 1655733051,
"jti": "468bee4c-395f-430b-856d-9ac205917fe0",
"aud": "dummy",
"sub": "f:345374dc-dfdf-43c4-8e5b-996075be8412:ET1024",
"typ": "Bearer",
"azp": "dummy",
"session_state": "9905c2c9-aa5c-4722-b025-51418d7a4bf4",
"allowed-origins": [
"*"
],
"resource_access": {
"dummy": {
"roles": [
"user"
]
}
},
"authorization": {
"permissions": [
{
"scopes": [
"view"
],
"claims": {
"countries": [
"IN",
"US"
]
},
"rsid": "49c7f215-c2e8-4fab-abce-b23bcd1dfbeb",
"rsname": "Widgets"
}
]
},
"scope": "email profile",
"sid": "9905c2c9-aa5c-4722-b025-51418d7a4bf4",
"email_verified": false,
"name": "Dummy",
"preferred_username": "ET1024",
"locale": "en",
"given_name": "Dummy",
"family_name": "Dummy",
"email": "[email protected]"
}

Version

18.0.1

Expected behavior

If evaluation API gives success RPT with extra claims, Springboot adapter should also evaluate to granted.

Actual behavior

The adapter gives access denied. If I remove the custom claim it gives success RPT.

How to Reproduce?

Just add custom claim Using Javascript and attach the policy to any permission which gets called using the Springboot Keycloak adapter.

Anything else?

No response