Help with ‘wo_set_access_token’ please?

Hi all,

Apologies but bit of a noob to WP and PHP. We are tying to use wp-oauth server pro to grant access to an application that also does a group check. We have this working well with Keycloak for oAuth2.

Looking in the client application logs it is collecting a token successfully and along with the token I can see a number of user fields;

This the the decode from the JWT;
Mar 17 13:23:30 host1 matrix-synapse[20721]: 2023-03-17 13:23:30,436 – synapse.handlers.oidc – 882 – DEBUG – GET-8063 – Userinfo for OIDC login: {‘iss’: ‘https://domain.com’, ‘sub’: ‘2’, ‘aud’: ‘kfvH04fN9rfmsp9KdfjD93s93fhaxS0BXQ2nvux2’, ‘iat’: 1612345667, ‘exp’: 1612345667, ‘auth_time’: 1612345667, ‘nonce’: ‘kfvH04fN9rfmsp9KdfjD93s93fhaxS’, ‘name’: ‘Joe Smith’, ‘family_name’: ”, ‘given_name’: ”, ‘middle_name’: ”, ‘nickname’: ”, ‘preferred_username’: ‘Joe Smith’, ‘profile’: ”, ‘picture’: ‘https://secure.gravatar.com/avatar/kfvH04fN9rfmsp9KdfjD93s93fhaxS0BXQ2nvux2=mm&r=g’, ‘website’: ”, ‘gender’: ”, ‘birthdate’: ”, ‘zoneinfo’: ‘Europe/London’, ‘updated_at’: ‘2023-03-09 11:45:14’}

What I’m trying to achieve is returning a “user_role” for the authorized user. I can see this fine when I query the /oauth/me endpoint with the user credentials.

Keycloak has been configured to send a group value back and this is working.

What is the best way to go about this please? I see there are ‘wo_scopes’ & ‘wo_set_access_token’ action hooks, should I be using one of these?

I currently have the following scopes: openid profile & and I’m using client_credentials with a appropriate user mapped.

Please any assistance is much appreciated.