[keycloak-user] Passing information from custom Authenticator to a Token

Hello group, I need to pass some information form a custom Authenticator to the IDToken/AccessToken. One way I found to do that is by using UserSessionNotes and a "User Session Note" Protocol Mapper defined in a client template which is shared by all clients. public void authenticate(AuthenticationFlowContext context) { ... context.getClientSession().getUserSessionNotes().put("someKey","someValue"); ... } is this the intended way to do this sort of things? Cheers, Thomas