...
As of Keycloak version 1.8.40, a list of the top level roles for each available context are given in the “roles element“. Each top level role are expanded to a set of privileges. This mapping can be can be obtained by querying (HTTP GET with the current Access token) the AS at the path /auth/realms/{realm name}/resource/ehealth-connect/groupssgroups. The result is a map of top level roles to privileges. e. g.:
...