Added groups protocol-mapper realm mapper again

charts/keycloak-late/templates/protocol-mappers/groups.yaml

@@ -0,0 +1,29 @@
+# see: https://marketplace.upbound.io/providers/crossplane-contrib/provider-keycloak/v1.8.0/resources/client.keycloak.crossplane.io/ProtocolMapper/v1alpha1
+# role mapper example
+apiVersion: client.keycloak.crossplane.io/v1alpha1
+kind: ProtocolMapper
+metadata:
+  name: groups
+spec:
+  forProvider:
+    realmIdRef:
+      name: deepcypher
+    clientScopeIdRef:
+      name: groups
+    name: groups
+    protocol: openid-connect
+    protocolMapper: oidc-usermodel-realm-role-mapper
+    config:
+      # for available options:
+      # see: https://github.com/crossplane-contrib/provider-keycloak/issues/90
+      # and: https://github.com/keycloak/keycloak/blob/cc558b4090eb6707e269d9a581945a6424d0adbc/services/src/main/java/org/keycloak/protocol/oidc/mappers/UserRealmRoleMappingMapper.java#L40
+      # which links to the OIDCAttributeMapperHelper at https://github.com/keycloak/keycloak/blob/cc558b4090eb6707e269d9a581945a6424d0adbc/services/src/main/java/org/keycloak/protocol/oidc/mappers/UserRealmRoleMappingMapper.java#L61
+      # which then references: https://github.com/keycloak/keycloak/blob/cc558b4090eb6707e269d9a581945a6424d0adbc/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAttributeMapperHelper.java#L57
+      id.token.claim: "true"
+      access.token.claim: "true"
+      userinfo.token.claim: "true"
+      multivalued: "true"
+      claim.name: "roles"
+      jsonType.label: "String"
+  providerConfigRef:
+    name: default

charts/keycloak-late/templates/scopes/groups.yaml

@@ -0,0 +1,11 @@
+apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
+kind: ClientScope
+metadata:
+  name: groups
+spec:
+  deletionPolicy: Delete
+  forProvider:
+    realmIdRef:
+      name: deepcypher
+    name: groups
+    description: "ClientScope providing mappers for oidc groups from realm roles"