How do I get Keycloak to respond with a JWT for an authenticated user? The JWT should correspond to the access control set-up in Keycloak. For example, a manager has edit/delete access to some sort of records whereas a developer has only read access for the same set of records.
Keycloak implements the standard OpenID Connect endpoints: Securing Applications and Services Guide
See “Token Endpoint” in the docs.
If you are using the authorization code flow, you can use this endpoint to retrieve a token. You can also supply credentials here if you are using direct grant.
Similar to your suggestion, this one seems to be a good tutorial - Securing Node.js Express REST APIs with Keycloak | by Dinuth De Zoysa | DevOps Dudes | Medium