Token exchange using id_token

Renba · January 17, 2022, 3:12pm

Hello,
i’m trying to implement token exchange using id token but i can’t get it to work.
I filled the request form with following params:

client_id
client_secret
grant_type : urn:ietf:params:oauth:grant-type:token-exchange
subject_token: already generated id_token
subject_token_type: urn:ietf:params:oauth:token-type:id_token

But i get error: { “error”: “invalid_token”, “error_description”: “Invalid token type, must be access token” }.
Which is kinda weird as i specify the type of token to “id_token”. Is there something i am doing wrong or it is just not possible to refresh tokens by id_token while using keycloak ? But looking at docs this should be possible. Token exchange using access_token does work.
Thanks for answers.

zoftdev · March 25, 2022, 5:36am

if you look in to src: keycloak/AbstractOAuth2IdentityProvider.java at bfce612641a70e106b20b136431f0e4046b5c37f · keycloak/keycloak · GitHub

now it only support access token.

Topic		Replies	Views
Token exchange - retrieve id_token fails Getting advice authentication , oidc	2	2176	March 1, 2022
Using Token Exchange to refresh 3rd party IDP Access Token Securing applications oidc	4	2068	January 4, 2024
Token exchange error with an exchanged token as subject token Getting advice authentication , oidc	1	808	December 5, 2023
Refresh IDP tokens in cluster mode Getting advice clustering , identity-brokering , oidc , token-exchange	0	337	February 20, 2023
Keycloak Cross Realm Token Exchange Securing applications authentication	2	1752	May 29, 2023

Token exchange using id_token

Related topics