I am trying to use client credentials grant for a back-end service using Keycloak as an identity broker for Azure AD. I also need to store access token from external IdP in Keycloak to retrieve group information from MS Graph API. I have this use case working for a confidential client using authorization code flow but I can’t get it to work with client credentials grant. I have created a “confidential” client in Keycloak with “Service Accounts Enabled” enabled. I have a also created an application in Azure AD with client credentials grant enabled and created a external Identity Provider in Keycloak. I get the access token from Keycloak after authenticating using client_id and client_secret but when I try to retrieve external IdP access token from Keycloak endpoint, I get an error message that says, “User [GUID] is not associated with identity provider”. First of all, I am not sure if this is a supported use case. I’d appreciate any suggestions or feedback.
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Keycloak token for external idp(Azure) users | 4 | 2291 | April 29, 2024 | |
| Associate service account with external identity provider | 3 | 2634 | December 22, 2020 | |
| Is it possible to use an KeyCloak AccessToken to get access to the Microsoft Graph? | 11 | 12613 | January 18, 2024 | |
| Request token from Keycloak with client (client_id and client_secret) configured only in Azure AD | 0 | 324 | May 17, 2022 | |
| AzureAD OIDC Configuration without Client secret on azure AD | 0 | 14 | December 16, 2025 |