How to implement JWT as result of OAuth with custom picked realms?

We have an application that is secured using a JWT Bearer token that looks like this:

  "iss": "TheIssuer",
  "sub": "John Doe",
  "scopes": "app1 app2 app7:read",
  "iat": 1627033983,
  "exp": 1627041183,
  "aud": "TheAudience"

We’d like to generate this token using KeyCloak and an OAuth flow. Application would request access, get redirected to Keycloak, user authenticates and then picks the scopes the requesting application should have access to.
Special challenge: The available realms are user specific, so I need to “call back” from Keycloak with a valid token to our Endpoint to retrieve the available list.

I’m still new to KeyCloak. What would be the moving pieces I need to configure and implement?