[keycloak-user] customizing OIDC refresh token flow

Hi, I'm looking for a way to customize the OIDC token endpoint: In OICD code flow, when getting a new access token using a refresh token, I want to call an external system and update a user attribute, such that the attribute value will be mapped to an attribute of the returned JWT access token. I think the relevant source code is here, but I didn't see a way to customize it using an SPI: https://github.com/keycloak/keycloak/blob/master/services/src/main/java/o... The reason I need it is because we are working with an external identity provider, which returns an access token to us which is valid for only 15 minutes. The external access token is mapped to our JWT once the user logs in (we customized the authentication flow). Now I need a way that my JWT will always contain a valid external access token. Therefore, I thought we can fetch a new external access token every time we refresh our JWT. Or is there a better way to accomplish that? Thanks, Ori Doolman Lead Software Architect Amdocs Optima This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer <https://www.amdocs.com/about/email-disclaimer>