Enrich access token with more data in user storage spi

We are trying to connect keycloak with an internal application that currently authenticates with a proprietary token. This token is used to search a database for user information. I want to have the flow look like:

  1. User enters login info into login form
  2. Keycloak custom spi calls our internal service and gets this proprietary token
  3. spi uses that token to search the database and get user id
  4. user id is added to keycloak access token and returned as part of the login

Is this possible? How would I go about doing this?

I have a similar request… Please let me know if you’ve managed to find an answer… it seems pretty quiet here :frowning:

It is possible to add a mapper that calls an external API to add claims to the token. There is an example implementation here: