Cannot perform post-auth claims transformation

[jptillman]

In my system, I need to add additional claims after a successful keycloak authentication AND have the authenticated user persisted in the cookie so the auth doesn't happen on each page load. There appears to be no hook in this library for a ClaimsTransformation to be performed.
Following the instructions at https://github.com/dylanplecki/KeycloakOwinAuthentication/wiki/ASP.NET-MVC-Tutorial (which is the only example code I can find anywhere using any KeyCloak library similar to this fork), my code looks like this:

            const string persistentAuthType = "cookie_auth";

            app.SetDefaultSignInAsAuthenticationType(persistentAuthType); // Cookie is primary session store
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = persistentAuthType,         
            });          

            // --- Keycloak Authentication Middleware - Connects to central Keycloak database
            app.UseKeycloakAuthentication(new KeycloakAuthenticationOptions
            {
                ClientId = clientName,
                ClientSecret = clientSecret,
                Realm = clientRealm,
                KeycloakUrl = authorityUrlBase,
                SignInAsAuthenticationType = persistentAuthType,
                AuthenticationType = ssoAuthType,
                DisableAudienceValidation = true,
                Scope = "openid profile email",
                EnableBearerTokenAuth = true,
                // per https://github.com/mattmorg55/Owin.Security.Keycloak/pull/13
                DisableAllRefreshTokenValidation = true,
            });   

Where do I transform?