Hi,
We’re using an external IDP with keycloak. This auth gets a number of scopes from the IDP that we may use later on with other services from the provider.
But since users typically stay logged in for a longer period before doing stuff that interacts with the third party, the IDP access tokens that we get from the /broker/idp/tokens endpoint have already timed out.
We want to issue our own tokens to be able to have control over the scopes and what information are in the token, but need to be able to access the idp token when we need it.
Ideally we’d want the IDP token to be refreshed when it times out, maybe when the user refreshes the KC token. How can we get this to work?