Identity Provider mappers ignored during token exchange

Hi,

I configured Azure as external Identity Provider and configured ‘Attribute Importer’ for propagation of external userId into user’s attributes.

When I login via browser, it works as expected (user is created and attribute is set). But when I configure token exchange on that identity provider and perform the flow using this token exchange mechanism, I get success response, the user in Keycloak gets created, but the attribute is missing.

Can anyone please help me to get this working?

Thank you!

I’m correctly loging in in Keycloak using Office365. I will get a Keycloak token using a Office365 token since I’m adding some modules in Outlook.

I’m working on this but my token exchange is not working, I’m mapping attributes too, maybe I will be able to help.

I’m correctly loging in in Keycloak using Office365. I can not Exchange an Office token to get a Keycloak token.

curl --location --request POST host:port/auth/realms//protocol/openid-connect/token’
Content-Type: application/x-www-form-urlencoded
grant_type=urn:ietf:params:oauth:grant-type:token-exchange
client_id=<client_id>
requested_token_type=urn:ietf:params:oauth:token-type:access_token
subject_token_type=JWT (since from jwt.io my Office635 token says to be a JWT)
subject_token=ey…
subject_issuer=MicrosoftIDP
client_secret=