I configured Azure as external Identity Provider and configured ‘Attribute Importer’ for propagation of external userId into user’s attributes.
When I login via browser, it works as expected (user is created and attribute is set). But when I configure token exchange on that identity provider and perform the flow using this token exchange mechanism, I get success response, the user in Keycloak gets created, but the attribute is missing.
I’m correctly loging in in Keycloak using Office365. I will get a Keycloak token using a Office365 token since I’m adding some modules in Outlook.
I’m working on this but my token exchange is not working, I’m mapping attributes too, maybe I will be able to help.
I’m correctly loging in in Keycloak using Office365. I can not Exchange an Office token to get a Keycloak token.
curl --location --request POST host:port/auth/realms//protocol/openid-connect/token’
Content-Type: application/x-www-form-urlencoded
grant_type=urn:ietf:params:oauth:grant-type:token-exchange
client_id=<client_id>
requested_token_type=urn:ietf:params:oauth:token-type:access_token
subject_token_type=JWT (since from jwt.io my Office635 token says to be a JWT)
subject_token=ey…
subject_issuer=MicrosoftIDP
client_secret=