I'm developing the authorization part for my application with keycloak, but I need to include some extra info when the authentication is performed.

Each user in my application has permissions for a set of organizations and I want to have the organization ids loaded in the access token (I think this might be convenient?). The users themselves might be stored in the keycloak database itself, but the organizations they have access to might change in runtime, that's why I want to store them in the access token, to have them reloaded each time a user logs in. Do I need to implement a custom SPI for this?

Regards

Aritz Maeztu Otaño Departamento Desarrollo de Software
	Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra) Telf. Aritz Maeztu: 948 68 03 06 Telf. Secretaría: 948 21 40 40
Antes de imprimir este e-mail piense bien si es necesario hacerlo: El medioambiente es cosa de todos.