I can see two ways of doing this. 1) You create a bunch of claims that you stuff in your access token. On the Spring side of things, you parse those claims and update the authenticated user. 2) You look up the user’s information on the Spring side using the access token and the
In the end, I think #2 is the best long-term solution. However, I’ve only implemented #1 myself.
Thanks. that hint was helpful. I kind of used below config and got the claim info in the security context now.
spring-security-oauth2-autoconfigure’, version: '2.0.0.RELEASE