We were using a very old release of Keycloak (3.4.3-Final) in which we had the “nbf” property inside our access tokens.
We had changed to the latest Keycloak 10.0.2, but now the “nbf” is gone and in the response of “/auth/realms//protocol/openid-connect/token” we have a new property “not-before-policy”.
We need to put back the “nbf” property back to the access token, so that our API Gateway can verify the value when processing requests, but we can’t find documentation about it. We understand that it should be there by default, but we can’t find any option how to put it back.
We use confidential clients with a default custom Client scope (migrated from a custom client template from the old release).
Other than that we have a custom protocol mapper to add client attributes to the claim.
Thanks for the help.