Customize email with script mapper


I am connecting arcgis with an openid endpoint from Keyclock.
Keycloak uses ldap as user federation.

Before keycloak a direct connection with ldap was in place and all users are named after the uid attribute of ldap.

Once connected with openid, arcgis will use the field “email” from token and extract the username as:
"name.surname" from the email user.surname@domain.example

I was wondering if i can overwrite the email in the token as “preferred_username@domain.example”, so i do not have to face a challenging and risky process of wrestling all usernames and its user spaces.
“preferred_username” of the token contains “uid” from ldap.

I have tried with script mappers, with no luck. Any clue?

something like this works for me:

token.getOtherClaims().put("email", user.username +"@")));

exports = roles;