[keycloak-user] Policy enforcer without roles in token

Hi guys, we’re experiencing issues about JWT access_token size and we were planning to remove the “roles” claim as a default, so to remove the claim from the access_token. Once we do that, the KC adapter / policy enforcer returns a 403. So at this point, does the access_token must have the roles inside it? Or it’s another problem which is giving us the 403? Thank you! Matteo -- Like <https://www.facebook.com/cuebiq/> I Follow <https://twitter.com/Cuebiq>I Connect <https://www.linkedin.com/company/cuebiq> This email is reserved exclusively for sending and receiving messages inherent working activities, and is not intended nor authorized for personal use. Therefore, any outgoing messages or incoming response messages will be treated as company messages and will be subject to the corporate IT policy and may possibly to be read by persons other than by the subscriber of the box. Confidential information may be contained in this message. If you are not the address indicated in this message, please do not copy or deliver this message to anyone. In such case, you should notify the sender immediately and delete the original message.