It is mind boggling that group membership information is not returned by default by Keycloak for a user claim/token. You have to manually go into Client scopes and add it to the profile section.
Client scope -> click on profile
Mappers tab -> Add Mapper (By configuration):
Click on Group Membership
Fill out the mapper details. The Token Claim Name is what your backend code is looking for in the json (if you do not control this, it needs to match).
Happy integrating!