Hello, I'm using Keycloak 4.4.0.Final in combination with an external identityprovider to authenticate users. The eIdP is using the OpenID Connect protocol and has mappers in KC defined to map from a claim in the ID token received from the eIdPs token endpoint to roles defined in my Keycloak server. This works as expected for the first login (when the user was previously unknown to Keycloak) and the user is assigned all roles it has with the external identityprovider. Unfortunately the roles for the user aren't updated when the user logs in any time after that and the ID token contains extra or less roles. (Mappers are defined and work on the first login). The user info endpoint is currently unused and disabled. "First broker login" is used as the first login flow. Nothing for post login flow yet (experimented with that but didn't find anything useful so far, but I guess I need to define something here, but what exactly?). How would I go about updating the roles of a user from the claims in an ID token from an external identityprovider at their second login like at their first login? Greetings, Stephan