KeyCloak does not refresh External IDP Token

We are using KeyCloak (v11.0.2) Identity Brokering to federate authentication to an external IDP. The Identity Provider is of type OpenID Connect v1.0. Additionally, we are using OIDC Authorization Code Flow with PKCE.

We are successfully able to retrieve the tokens from the external IDP based on the following documentation: Server Administration Guide

However, when the KeyCloak token is refreshed using “refresh_token” grant by the user-agent, the tokens from the external IDP does not get refreshed which is an issue since the tokens from IDP gets expired even though tokens from KeyCloak broker remains active.

Any idea how to solve this issue ?

1 Like