I have been evaluating Keycloak as our identity and access management component and have been quite impressed with all its capabilities.
The only thing that I have been struggling to find out is how to update JWT claims with custom metadata and force refresh them at a later point after the sign-in process.
- We run a (soft) multi-tenant app that has an organization id in each table to scope the data.
- We have several react frontends and react-native mobile apps connecting to the backend.
- User logs in over Keycloak OIDC at the URL app.domain.com
- After a successful login, the user is shown a list of organizations that he/she is part of
- The user select the organization that he/she wants to access
- Issue: At this point an updated JWT is sent to the frontend with the organization id, user role in the selected business, Hasura headers for the selected business, etc.
- With each subsequent API request the organization id and the role is extracted to scope permissions on the database
At step 4 I am facing issues on how to update the OIDC JWT claims and request a new token in the frontend.
Would appreciate any help on this topic!