I am trying to use client credentials grant for a back-end service using Keycloak as an identity broker for Azure AD. I also need to store access token from external IdP in Keycloak to retrieve group information from MS Graph API. I have this use case working for a confidential client using authorization code flow but I can’t get it to work with client credentials grant. I have created a “confidential” client in Keycloak with “Service Accounts Enabled” enabled. I have a also created an application in Azure AD with client credentials grant enabled and created a external Identity Provider in Keycloak. I get the access token from Keycloak after authenticating using client_id and client_secret but when I try to retrieve external IdP access token from Keycloak endpoint, I get an error message that says, “User [GUID] is not associated with identity provider”. First of all, I am not sure if this is a supported use case. I’d appreciate any suggestions or feedback.
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Keycloak token for external idp(Azure) users | 4 | 2256 | April 29, 2024 | |
| Associate service account with external identity provider | 3 | 2620 | December 22, 2020 | |
| Is it possible to use an KeyCloak AccessToken to get access to the Microsoft Graph? | 11 | 12273 | January 18, 2024 | |
| AzureAD OIDC Configuration | 10 | 17753 | December 4, 2020 | |
| Azure Ad as keycloak identity provider | 0 | 519 | June 2, 2021 |