I am working with a customer that is trying to pass custom attributes from RH-SSO to the client application.

To troubleshoot this, I need to verify that the token contains the custom attribute. To accomplish this, I need to see the token.

At the moment, I have to ask the customer to add code to the application to dump the token:

KeycloakSecurityContext session = (KeycloakSecurityContext) httpServletRequest.getAttribute(KeycloakSecurityContext.class.getName());
String accessTokenString = session.getTokenString();
System.err.println(tokenString);

We need a way to see the tokens that are getting passed around.

The token should be logged with a trace level logger and should not include the token signature.