Hi. As far as I know from the GitLab docs this is not possible with oauth and/or the openconnect id provider. The SAML provider (also supported by keycloak) has at least somewhat of support for role mapping cf. (https://docs.gitlab.com/ee/integration/saml.html). However this is limited to the paid versions of GitLab (at least the ‘Starter’ subscription is necessary).
Also take into consideration that even if you use external authentication it might not always behave as expected. E.g. at the point when users use ssh-keys for interacting with their repository it seems that GitLab doesn’t cross-check with the Identity Provider if the user is active. This means that you actively and separately have to remove/deactivate users that should not have the rights to access GitLab anymore inside GitLab, c.f. https://forum.gitlab.com/t/interaction-of-external-oidc-and-ssh-clone-push/45579