we are evaluating keycloak and run into an issue.
We implemented a UserFederationProvider. This Provider authenticates let’s say old users
and new users.
„old“ users should receive an LTPA token within the payload of the access token. We used
user attributes to achieve it. Fine so far.
Our current issue is, that this LTPA token needs to be updated when a refresh_token
request comes in and should be put into the „new“ access token too.
Initially we tried to achieve it using the refresh_token event until we noticed that this
is fired after the „new“ access token has been created, so too late.
Does someone has a smart approach or an example how to add custom payload, to be retrieved
from a legacy system, to the access token when refreshing it?
Thanks in advance