Add Custom Attribute to User from Remote Service Provider


I would like to use KeyCloak as a SSO service, I have a Legacy API system (call A) that has it’s own Authentication API to provide the authCode and the client needs to pass the authCode back to that system.

I’m developing a system (call B) that will be a client of A, B will call to A for authentication, A will return the authCode to B, B will forward that authCode to end user.
When end user call to B to do some actions, B will call to A and pass that authCode to A

I want to use KeyCloak to adapt to different Identity Provider, not only A, then I implement UserStorageProvider to forward authenticate request to A. With this implement, user can login into B using their credentials managed by A. But the problem is when user perform other actions, B needs to call to A and send the authCode to A but we cannot have this value.

I would like to add authCode in to accessToken when user login to B, I see KeyCloak supports add custom attribute to accessToken for users registered in KeyCloak Database, but I don’t see where I can add authToken into custom attribute for remote user when they login using remote UserStorageProvider

Thank you for reading my question and looking forward for your help.

Chuong Huynh