I'm using Keycloak 1.9.0.Final and mysql as the DB. I have written a custom social identity provider. This social identity provider uses a custom user attribute mapper that i have written. The user attribute mapper will map a custom attribute coming from the openId connect userinfo endpoint to a Keycloak role. I have overridden the updateBrokeredUser method in the AbstractJsonUserAttributeMapper class to update the brokered user when the user logs in using the social identity provider.

The complete flow works well, however it seems like there is a caching issue. I update the user role via the updateBrokeredMethod but it does not get reflected in the user roles immediately.

However, when I update the cache it works fine.