On 14. Nov 2018, at 19:02, Dmitry Telegin <dt(a)acutus.pro&gt; wrote: Hello Oliver, If you mean that very attributes that you can see under user's "Attributes" tab in Admin console, you can use script authenticator to do that: function authenticate(context) { var username = user ? user.username : "anonymous"; LOG.info(script.name + " trace auth for: " + username); if (user) { LOG.info(user.attributes.foo); // multivalued map // replace existing value user.attributes.foo[0] = "bar"; // or create new attribute user.attributes.bar = java.util.ArrayList(['foo', 'bar', 'baz']); } context.success(); } Add this as the last step in your flow and make it required. Please note that the attributes are always multivalued in the model. This is not yet implemented in the GUI, but you can use ## to separate multiple values. That said, the value of the "bar" attribute will be seen as "foo##bar##baz" under the Attributes tab. Good luck, Dmitry Telegin CTO, Acutus s.r.o. Keycloak Consulting and Training Pod lipami street 339/52, 130 00 Prague 3, Czech Republic +42 (022) 888-30-71 E-mail: info(a)acutus.pro On Wed, 2018-11-14 at 13:49 +0100, Oliver-Rainer Wittmann wrote: > Hi, > > I have a running keycloak with a custom identity provider - corresponding implementation of AbstractOAuth2IdentityProvider > > On registration of a user certain user attributes are stored and mapped into the token. > Now, I want to update these user attributes on following logins. > > How to do this? > Unfortunately, I did not find a corresponding hint in the documentation. > > Thx in advance for your support. > > Best regards, Oliver > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user