Additional user attribute selected by user


Let’s say we have an application where a user can be linked to multiple companies.
We also have partners able to use an API on the behalf of the user. A partner stores access/refresh tokens and make calls using a JWT bearer token.

When the user authorize the partner to access his data, we want to limit the grant to a single company.
How would you do with Keycloak this kind of selection ?