[keycloak-user] KeyCloak Client Credentials pass http header values

[Rohit Chowdhary]

I want to connect two applications ClientApp, ResourceApp securely on
behalf of a user via KeyCloak as the authorization server. User does a
login into ClientApp and then ClientApp calls REST APIs on Resource App in
the background. I have setup KeyCloak adjacent to ResourceApp and
configured ClientApp as a KeyCloak client. ClientApp gets the AccessToken
and then calls APIs on the ResourceApp. In this Auth process, I want to
communicate some information from ClientApp to ResourceApp via HTTP
Headers, so that KeyCloak can add them into the JWT Access Token. (The
reason I am trying this approach is that I will not need any user
maintenance within the KeyCloak and ResourceApp).

Questions: Am I trying to do something that is not possible or allowed in
such security setup? Is there a better way to achieve without having to
maintain Users and Roles in the KeyCloak server? I want KeyCloak to be just
a mechanism to offload token generation and as a security mediator. Or Can
I pass the header data from Auth request into the JWT token?

I looked into the Client Mappers of KeyCloak, but since there is a redirect
or forward within KeyCloak from Auth request to Get Token, the header
values are getting lost.