Hi,
I’m trying to trouble shoot issues we’ve got with not being able to extract group info from azure ad, but I’ve got stuck on being able to read the token that KC is receiving.
When I try to access https://127.0.0.1:8443/realms/master/broker/oidc/token all I get is {“errorMessage”:“Invalid token.”}
I’ve made sure that tokens are being saved and are readable for this provider (oidc). I’ve also made sure the user I’m trying to read the token for has permissions to do so -
exp 16627166389/9/2022, 10:43:58 AM
iat 16627165789/9/2022, 10:42:58 AM
auth_time 1662716346
jti 6fcc922...
iss https://127.0.0.1:8443/realms/master
aud
0 broker
1 account
sub b53ce2a2...
typ Bearer
azp account-console
nonce 82c93414...
session_state bd9a7974...
acr 0
resource_access
broker
roles
0 read-token
account
roles
0 manage-account
1 manage-account-links
scope openid broker_read_token email profile
sid bd9a7974...
email_verified false
When I try I get the following error message logged -
2022-09-09 11:00:11,742 ERROR [org.keycloak.services.resources.IdentityBrokerService] (executor-thread-819) Invalid token.
2022-09-09 11:00:11,742 WARN [org.keycloak.events] (executor-thread-819) type=IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR, realmId=858d1a6f..., clientId=null, userId=null, ipAddress=127.0.0.1, error=Invalid token.
Any idea what I’m doing wrong here?