[keycloak-user] Distinguish between Existing user login and new registration

Hi guys, Is there an easy to way to distinguish between a JWT token received after a brand new user registration or an existing user login? Basically in my use case the client will be given the responsibility to update roles if its a brand new user registration or deny access if its an existing user. Is there an easy way to distinguish between the two. Thanks. Kalinga