Get login credentials from Keycloak accessToken

Is there a way I can retrieve the login credentials from the access token? I can see with a decoder that there is the username, but I cannot see the password (I wound expect to find it there encoded?).

Can I somehow set that I want this information in the token?

"scope": "openid email profile ClientScope",
  "sid": "xxx",
  "persId": "xxx",
  "email_verified": true,
  "name": "username",
  "groups": [],
  "Roles": [
  "preferred_username": "xxx",
  "given_name": "xxx",
  "email": "xxx@yyyy"

>Solution :

No serious identity and access management system will ever reveal the password. And Keycloak is a serious one.

In addition, no serious identity and access management will store a password such that it can be recovered in clear text. Only a hash value of the password will be stored.

And if the password was part of the access token, it would break the overall security concept, which restricts the user credentials to the identity and access management system and issues access token to applications that are considerably less trust-worthy. (Image an application using Facebook or Google social login getting an access token with your password!)

Whatever you are trying to achieve, you need to take a different approach.

Leave a Reply