Hello,
I need set a Token Exchange in Client Scope, but this option is not show for me.
Basic I’m trying to configure token-exchange across realm. And in any tutorials is using this option with selected a Realm and a Client that make a token-exchange using Keycloak API.
Ex:
Get principal token
curl --location 'https://HOST/auth/realms/REALM1/protocol/openid-connect/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'username=PRINCIPAL_USER_NAME' --data-urlencode 'password=PRINCIPAL_USER_PWD' --data-urlencode 'client_id=CLIENT_ID_1' --data-urlencode 'client_secret=CLIENT_SCRET' --data-urlencode 'grant_type=password'
Get Exchange Token
curl --location 'https://HOST/auth/realms/REALM2/protocol/openid-connect/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'client_id=CLIENT_ID' --data-urlencode 'client_secret=CLIENT_SCRET' --data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:token-exchange' --data-urlencode 'subject_token=TOKEN_PRICIPAL_USER' --data-urlencode 'requested_token_type=urn:ietf:params:oauth:token-type:access_token' --data-urlencode 'requested_subject=USER_ID'
My Keycloack version is: 16.0.0