[keycloak-user] Map authenticator information to AccessToken

Hello folks, we would like to use keycloak to secure multiple applications using OIDC. Some applications have requirements on the authentication method the users are allowed to use for login. I know, that it is possible to set the Authentication Flows for each OIDC client. That way it is possible, to e.g. restrict the user login to X.509 certificate login for a certrain application. For us it would be better to allow multiple authentication methods, e.g. X.509 certificate login and username/password login, and let the application decide what the user is allowed to do depending on the level of assurance, i.e. the authentication method used. Is it possible to write the authentication method to the AccessToken? Possibly by writing a custom IdentityProviderMapper? Best regards, Sebastian Lösch -- Solution Engineering Governikus GmbH & Co. KG