Adding the roles to the cookie when using OIDC in a BFF application

[kedecuyp]

Hello,

I have been trying to add the roles from Keycloak to the cookie created by AddKeycloakWebApp.
My application uses the BFF architecture, this means that the auth pipeline runs on the "server" part of the application.

I am accessing the user on the client side using context.User.Claims
Right now, the user only contains the "name" and "sub" claims. All other claims received from Keycloak are removed.

I have confirmed that the roles are present in the ClaimsPrincipal on the server side, but they are not written to the client side.

What are the steps to write those roles to the client side of the application ?

Regards