Remove Access Token Attirbutes

Tagged: ,

This topic has 5 replies, 4 voices, and was last updated 4 weeks ago by Scott Heger.

  • Author
  • #28155

    Is it possible to remove attributes which I don’t want in JWT access token for OAuth2?

    For example, here is a list of attributes returned in Access Token:

    “sub”: “le-test-client”,
    “auditTrackingId”: “97d468d0-0d4b-455a-bb3e-d79bc48ca104-3772”,
    “iss”: “”,
    “tokenName”: “access_token”,
    “token_type”: “Bearer”,
    “authGrantId”: “W7A98A_iz2-80ctdOYEp4-HNMJ0”,
    “aud”: “le-test-client”,
    “nbf”: 1596454927,
    “grant_type”: “client_credentials”,
    “scope”: [
    “auth_time”: 1596454927,
    “realm”: “/le-test”,
    “exp”: 1596458527,
    “iat”: 1596454927,
    “expires_in”: 3600,
    “jti”: “dCxV6LAsAzGY3Jnl6y65dm7Si38”,
    “uid”: [],
    “client_id”: “le-test-client”

    can I remove “cts”, “realm” and so on? Thanks.


     Brad Tumy


    Take a look at the access token modification script. You should be able to do what you want there.



    Yep, the access token modification script has the token.setField function to add/update attribute, which I can use to mask any attribute that I don’t want to expose. Yet, I’m wondering whether there is a function I can call directly removing the attribute. Wasn’t able to find that in the Doc.



    Further to Brad’s answer, please take a look at the API for AccessToken. It’s an interface and a set of methods are available which you could call directly. E.g. removeRealm(). Please do test carefully as changing native fields may result in loss of functionality as mentioned in the API docs.

    Hope this helps!


    Got it. API for AccessToken helps. Thanks.

     Scott Heger

    I gotta ask the question…..why do you want to remove those?

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?