[keycloak-user] Loading extra claims from database

Hi all, I have not been able to divine the way I might add extra claims from my application database. Given my limited understanding, I see two ways: 1 - after successful authentication have keycloak pull extra claims from the application database, somehow. This app database is postgres, for example. 2 - have the application database update the jwt with extra claims using a shared key. I would like some feedback both paths. I feel that the fist option may be safer. However I am not sure where to begin that implementation journey. Many thanks. Mark