You need to create a custom Protocol Mapper in Keycloak to programmatically set the userId value before the token is generated This guide may help you get started and give you a clear idea of the implementation process: