[keycloak-user] How to pass an arbitrary user name into the access token granted by Keycloak?

[Gunter Zeilinger]

Our RESTful services configured with bearer-only access-type are used also
by third-party application with their own user realm - only proprietary
accessible by the third-party application.
There is the requirement, to audit the user of the third-party application,
invoking our RESTful services by the RESTful service itself - so it would
need to be passed into the JWT bearer token which granted by Keycloak to
the third-party application.

Is there another way as importing the user-realm of the third-party
application into the Keycloak realm associated with our RESTful service and
the third-party application as client, so the third-party application can
pass the user id by a resource owner password credentials authorization
grant to obtain the access token - which relies on keeping our copy of the
user-realm in sync with the third-party application, and that the
third-party application has access to the user password.

Particularly, is it possible to use a Bearer JWT as an authorization grant
according RFC 7523, Section 2.1 to pass the user id from the third-party
application to Keycloak, and to configure Keycloak to pass the user id also
in the returned JWT Access Token?

Thanks,
Gunter