[keycloak-dev] refresh_token request should trigger update of access token payload

Hey all, we are evaluating keycloak and run into an issue. We implemented a UserFederationProvider. This Provider authenticates let’s say old users and new users. „old“ users should receive an LTPA token within the payload of the access token. We used user attributes to achieve it. Fine so far. Our current issue is, that this LTPA token needs to be updated when a refresh_token request comes in and should be put into the „new“ access token too. Initially we tried to achieve it using the refresh_token event until we noticed that this is fired after the „new“ access token has been created, so too late. Does someone has a smart approach or an example how to add custom payload, to be retrieved from a legacy system, to the access token when refreshing it? Thanks in advance Thomas