Best practices for storing data in Keycloak


Can someone point me to documentation on best practices for what should and shouldn’t be stored in Keycloak (or any identity system)?

Some examples I’m wondering about:

  • membership status (such as trial, paid, deactivated)
  • verified_over_18 : for adult only access
  • eula_agreement_xxx: agreements for specific applications