Hello,
We recently upgraded from Keycloak v15 to v19.
We were performing token exchange and passing this token to our services. The services check the azp in the token before giving access.
Before upgrading, the azp would be the origin token azp. However now, we are getting the impersonator azp.
This is breaking all our services, how do we fix this? We want the same behaviour we were observing before. (ie: after token exchange, the token should be minted by the origin azp, and not the impersonator)