Token exchange - retrieve id_token fails

Hi I want to use exchange token feature to impersonate user
First I retrieve access token for admin and then I want to retrieve id_token for specific user but request fails

curl -L -X POST 'https://auth.domain.com/auth/realms/master/protocol/openid-connect/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=client_app' \
--data-urlencode "requested_token_type=urn:ietf:params:oauth:token-type:id_token" \
--data-urlencode 'client_secret=xxxxxxxxxxxxxx' -d "requested_subject=some_user" -d "subject_token=....."  --data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:token-exchange"                                                                        
{"error":"invalid_request","error_description":"requested_token_type unsupported"}

If make request with urn:ietf:params:oauth:token-type:access_token access token for requested user is succsesfully retrieved.
So, where do I make mistake?

This doesnt seem aligned to docs

requested_token_type
OPTIONAL. This parameter represents the type of token the client wants to exchange for. Currently only oauth and OpenID Connect token types are supported. The default value for this depends on whether it is urn:ietf:params:oauth:token-type:refresh_token in which case you will be returned both an access token and refresh token within the response. Other appropriate values are urn:ietf:params:oauth:token-type:access_token and urn:ietf:params:oauth:token-type:id_token