My group structure is like this:
MainGroup -> Group_A and Group_B
So MainGroup has 2 childgroups. Now i want to assign users to the maingroup and display also all childgroup in the jwt. I have used the Group Membership Token mapper, but i it doesn't include any child groups.
So the question is: How can i add childgroups to the jwt?
Keycloak’s built-in Group Membership Token Mapper only includes direct user groups, not child groups.
If you want child groups included in the JWT, the easiest approach is to:
Include only direct groups in the token (using the default mapper).
In your backend, call Keycloak’s Admin REST API to fetch each group’s child groups recursively.
Combine them to get the full group hierarchy for your user.
This way you keep tokens simple and handle hierarchy logic where it’s easier to maintain and customize.