Based on the following example https://vaadin.com/blog/jwt-authentication-with-vaadin-flow-for-better-developer-and-user-experience, I'm trying to implement hybrid-stateless application.
Based on the information inside of the JWT token, I'm be able to fetch the required data from DB and cache it in HTTP Session after the application redeploy. I'm almost done with this, but I have one issue. My application uses Keycloak as SSO. In order to proper implement logout functionality, I have to kill Keycloak session as well. I know how to get all user sessions on all devices and kill them all… but I'd like to kill the only Keycloak session - specific to the current user browser. I know how to get Keycloak user session ID from OAuth2AuthenticationToken in my KeycloakVaadinAuthenticationSuccessHandler. But I aso need to persist it's value in JWT token in order to be able to fetch it after the application restart.
Is it possible to add a custom attribute to JWT token generated by the setStatelessAuthentication functionality? If so - please show how
