I’m using the keycloak in version 16.0.0, and I try execute Token Exchange cross realm, but this request return:
{
"error": "invalid_token",
"error_description": "Invalid token"
}
Exemple of rquests:
Get principal token:
curl --location 'https://HOST/auth/realms/REALM1/protocol/openid-connect/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'username=PRINCIPAL_USER_NAME' --data-urlencode 'password=PRINCIPAL_USER_PWD' --data-urlencode 'client_id=CLIENT_ID_1' --data-urlencode 'client_secret=CLIENT_SCRET' --data-urlencode 'grant_type=password'
Get Exchange Token:
curl --location 'https://`HOSTt/auth/realms/REALM2/protocol/openid-connect/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'client_id=CLIENT_ID' --data-urlencode 'client_secret=CLIENT_SCRET' --data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:token-exchange' --data-urlencode 'subject_token=TOKEN_PRICIPAL_USER' --data-urlencode 'requested_token_type=urn:ietf:params:oauth:token-type:access_token' --data-urlencode 'requested_subject=USER_ID'
Can you help me about this question?