Token exchange error with an exchanged token as subject token

Hi all,

I’m currently setting a keycloak realm where i can exchange a token to a different client using token exchange.

Here is the scenario:

  • 3 Clients, one public (we’ll call it public), two confidentials with secret (we’ll call them internal and exchange)
  • Public is used only to authenticate an user (with its credentials)
  • I’m using the private client to exchange a token generated by the public client with a new token generated by the exchange client (audience)
  • I try to generate a token from the token exchanged with the same conditions as above

I’m getting that error subject_token validation failure

I guess i’m doing something wrong or misunderstanding a bit token exchange feature but atm i’m lack of idea :confused:

Thanks

1 Like

Hello I have a similar problem.

2 clients, both confidential
client1 exchanges for user1 as request subject and client2 as audience.
I can’t use the access token received to get a refresh token/access token for the user1