Share refresh tokens between different clients


is it possible to share refresh tokens between different clients?
I have one client (client A), that gains a refresh token via standard flow with authorization code.
Client A is in realm A and has standard flow enabled.

Due to the architecture of my backend, the access and refresh token will be passed to another service, which has its own client in keycloak (client B).
Client B is in realm “master”, with service accounts enabled and a bunch of roles for the “realm A” (in tab “service account roles”).

If I try to exchange the refresh token (providing client secret of client B) for a new access token, I get the error message “Invalid client credentials”.

Is there any setting to allow the share of refresh tokens or is this not possible at all?


1 Like