Keycloak - Missing data in the userinfo response

Even after configuring Client scopes which have client roles and realm roles mappers mapped to them, ref image:

and even after toggling Add to Userinfo to ON

the user info doesn’t return realm roles as part of the response.
I did add a realm roles mapper to dedicated client scope as well and toggled Add to Userinfo to ON here too

but the userinfo still doesn;t return a full response containing roles. One such response after hitting user info endpoint:

{"sub":"ccd1ab6c-0c54-4f27-82a9-092376a66cf4","preferred_username":"access_user","given_name":"","family_name":"","email":"access_user@access.com"}

Version

19.0.1

Expected behavior

The user info should contain roles claims too.

Actual behavior

One such response after hitting user info endpoint:

{"sub":"ccd1ab6c-0c54-4f27-82a9-092376a66cf4","preferred_username":"access_user","given_name":"","family_name":"","email":"access_user@access.com"}

How to Reproduce?

Described in Describe the Bug section

Anything else?

Refs:

1. openid - Keycloak - Missing data in the userinfo response - Stack Overflow
2. openid connect - Get the user roles with the keycloak userinfo endpoint - Stack Overflow

After creating your client, go into “Client scopes” → “{client}-dedicated” and click on “Add predefined mapper”

image1371×598 40 KB

Select “realm roles” from the list:

image832×1279 83 KB

After it’s created, click on it and make sure “Add to userinfo” is selected:

image1095×751 38 KB

It should be in your userinfo now:

Hi xgp, but why then only default realm roles ? and not roles that are created afterwards and added to the user ?