I am using Keycloak locally with Spring boot for learning purpose. I am trying to get an offline token from the frontend which is made in Angular. For that I have done following steps -
-
Sending request from Angular frontend to spring boot backend to get offline token.
-
Enable token-exchange feature in Keycloak administration console.
-
Creating tenant at Keycloak administration console . Enabling request type as external request in realm settings.
-
Creating user, settings its password & role as admin,engineer,etc on Keycloak. Giving role of offline_access to user.
-
Login to the frontend application using tenant’s user credentials.
-
Sending request to keycloak from rest template in Spring boot to generate the offline token.
6.1) URL : http://localhost:8080/auth/realms/tenant5/protocol/openid-connect/token
6.2) Method: POST
6.3) Accept: application/json, application/*+json
6.4) Content-Type: application/x-www-form-urlencoded;charset=UTF-8
6.5) Form content-
grant_type = urn:ietf:params:oauth:grant-type:token-exchange, client_id value, client_secret value, subject_token value, scope = openid+offline_access -
The error I am getting aftter doing this is-
403 Forbidden: “{“error”:“access_denied”,“error_description”:“Client is not the holder of the token”}” -
How can I solve this issue locally?