group is not coming in jwt token in keycloak 23.0.0

Question

I am using Keycloak version 23.0.0. I am attempting to configure the default client scope to enable user groups in the JWT token. I am using the direct grant flow to generate an access token. I have reviewed Stack Overflow and the Keycloak community, but my issue remains unresolved. I have attached screenshots of my client scope and Group Membership mapper. Any quick help would be greatly appreciated. I have also double checked my user group & users all configuration seems fine there.

Here is my current jwt token

 alg: "RS256",
 typ: "JWT",
 kid: "vL8kIqWQFfX6oj-gN64xZibBqQuV3JzXqKkwGp5KU3Y"
}.
{
 exp: 1692262142,
 iat: 1692258542,
 jti: "32620dd7-3dc9-464f-af49-153ba3d389d0",
 iss: "https://example.com/realms/domain_acl",
 aud: "account",
 sub: "46e82311-a784-4c2f-b1ef-057ca127f18b",
 typ: "Bearer",
 azp: "api-client",
 session_state: "e9fbc2b8-b548-423a-8f5a-8469c0a92eb5",
 acr: "1",
 realm_access: {
  roles: [
  "******",
  "*******"
  ]
 },
 resource_access: {
  account: {
   roles: [
    "manage-account",
    "manage-account-links",
    "view-profile"
   ]
  }
 },
 scope: "profile email",
 sid: "e9fbc2b8-b548-423a-8f5a-8469c0a92eb5",
 email_verified: false,
 name: "domain ACl",
 preferred_username: "dev",
 given_name: "domain ACl",
 email: "[email protected]"
}.
[signature]

Answer 1

Overview

I tested in Keycloak V22.0.1

Step 1

Create group in your realm

Step 2

Join the group into a user

Step 3

You did the wrong place in Client scopes

You should be select profile and map with Group Membership

Step 4

Get the user access token and display it after decoding JWT

Save as get-token.js file name.

const axios = require('axios')
const decode = require('jwt-decode')

const getUserToken = async (user_name, password) => {
    try {
        const resp = await axios.post(
            url = 'http://localhost:8080/realms/domain_acl/protocol/openid-connect/token',
            data = new URLSearchParams({
                'client_id': 'admin-cli',
                'username': user_name,
                'password': password,
                'grant_type': 'password'
            })
        )
        return resp.data.access_token
    } catch (err) {
        // Handle Error Here
        console.error(err);
    }
}

(async () => {
    const user_token = await getUserToken('user1', '1234')
    console.log('user_token JWT: ' + JSON.stringify(decode(user_token), null, 4))
})()

Install dependencies

npm install axios jwt-decode

Run it

node get-token.js

Result