Hello, actually I would need exactly what is decribed at RFC but this is still not implemented
I have services (Spring Boot, Java) that authenticate themselves at the keycloak to get an accesstoken. That accesstoken is used as AuthorizationHeader to send requests to other service. So far everything works as expected.
But these services shall also work with authorities delegated from a user. These users is registered in the keycloak, so with an extension, I think I can get the roles and scopes of the user. The service also knows the id of the user.
But how can I add this roles and scopes to the accesstoken. Token-exchange implemented in the keycloak 22.0.1 does not provide delegation.
What is the best approach? Should I implement a TokenMapper, but I think they need configuration for user in the AdminClient?