Changing the structure of the access token

I’m using Keycloak JWTs for various purposes, and I use Authorization as well, allowing Keycloak to evaluate user roles, permissions, etc. and this works all fine.

Additionally, I wanted to adjust the JWT structure and come up with a custom structure ie. claim names, nesting levels, etc.

I tried using Token Mappers, but unfortunately, this isn’t easy to achieve with mappers alone.

How can I customize the token structure that Keycloak generates?

For example, from Keycloak’s token with the following structure

{
  ...
  "exp": 1663091192,
  "iat": 1663069592,
  "jti": "b00c6471-6ba7-4e35-9666-3fe192e46def",
  "iss": "http://localhost/auth/realms/realm-name",
  "typ": "Bearer",
  "azp": "some-realm",
  "name": "some user name",
  ...
"authorization": {
    "permissions": [
      {
        "scopes": [
          "DO_SOMETHING",
          "DO_SOMETHING_ELSE"
        ],
        "rsid": "SOME_RSID",
        "rsname": "SOME_RSNAME"
      },
     ..
   ]
  }
}

I’d like to be able to customize it into a token with different structure, claim names etc. for example something like the following

{
  ...
  "exp": 1663091192,
  "iat": 1663069592,
  "jti": "b00c6471-6ba7-4e35-9666-3fe192e46def",
  "iss": "http://localhost/auth/realms/realm-name",
  "typ": "Bearer",
  "azp": "some-realm",
  "username": "some user name",
  ...
"authz": {
    "some-allowed-things-to-do": [
      {
        "scopes": [
          "DO_SOMETHING",
          "DO_SOMETHING_ELSE"
        ],
        "resource" : {
            "name": "SOME_RSNAME"
         }
      },
     ..
   ]
  }
}

Basically, I’d like to be able to remove some of the claims, rename some of them and ideally change some nesting levels.

Is this possible to achieve and if so, how?