diff --git a/dojo/pipeline.py b/dojo/pipeline.py
index 0ce76220e9..5756e7777d 100644
--- a/dojo/pipeline.py
+++ b/dojo/pipeline.py
@@ -65,6 +65,14 @@ def modify_permissions(backend, uid, user=None, social=None, *args, **kwargs):
     pass
 
 
+def update_keycloak_groups(backend, uid, user=None, social=None, *args, **kwargs):
+    if settings.KEYCLOAK_OAUTH2_ENABLED:
+        soc = user.social_auth.order_by("-created").first()
+        token = soc.extra_data['access_token']
+        print("accesstoken: " + str(token))
+        print("response raw: " + str(kwargs['response']))
+
+
 def update_azure_groups(backend, uid, user=None, social=None, *args, **kwargs):
     if settings.AZUREAD_TENANT_OAUTH2_ENABLED and settings.AZUREAD_TENANT_OAUTH2_GET_GROUPS and isinstance(backend, AzureADTenantOAuth2):
         # In some wild cases, there could be two social auth users
diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py
index c9ff5abdbb..9574e5a3c6 100644
--- a/dojo/settings/settings.dist.py
+++ b/dojo/settings/settings.dist.py
@@ -572,6 +572,7 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param
     'social_core.pipeline.social_auth.load_extra_data',
     'social_core.pipeline.user.user_details',
     'dojo.pipeline.update_azure_groups',
+    'dojo.pipeline.update_keycloak_groups',
     'dojo.pipeline.update_product_access',
 )