How to extend user roles from external source

i pretty much have same question, posted here Is there a way to convert saml assertion to token claims without storing them as role/group or user attribute

There is something called userSession mapper in saml/oidc identity provider mapper, and user session note mapper in client scopes… i am thinking of exploring that combination to check if it will work.

but , the time out (user session timeout), etc could be challenging… not sure if it will work.