Role mapping from remote storage

Hello, i have a question
when i get JWT from remote storage it looks like this

“exp”: 1617964075,

“iat”: 1617963775,

“jti”: “c3ed8421-a489-41da-83bf-3b1ad6ce4130”,

“iss”: “http://localhost:8080/auth/realms/exadelproject”,

“sub”: “f:4d473fcc-ad73-4e52-a236-cad4787c2752:gry”,

“typ”: “Bearer”,

“azp”: “internship-app”,

“session_state”: “975c4e2b-cb7f-4355-a5f8-982a291cdb51”,

“acr”: “1”,

“scope”: “profile email”,

“email_verified”: false,

“preferred_username”: “gry”,

“email”: “f44eg@mail”


it does not have realm access claim
I need it for use user’s roles
How can i get user’s role from remote storage?

You need to enable "Full Scope Allowed " under that client as shown below

You can know which fields included in your jwt token from here:

Thanks for your answer
But i get this token from remote database, not keycloak
With keycloak database it work good
I think problem in my spi user provider when i mapping roles
Do you know how to solve it?