Hello, everyone!
I’m trying to exchange a token between 2 clients in the same realm. One has an access token and wants an access token from the other. To make understanding my call easier, I will call the Exchange Caller origin-api.
This is how I’m using curl:
curl -X POST \
-d "client_id=origin-api" \
-d "client_secret=OriginApiSecret" \
--data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:token-exchange" \
-d "subject_token=OriginApi_Acess-Token" \
--data-urlencode "requested_token_type=urn:ietf:params:oauth:token-type:access_token" \
http://localhost:8080/realms/amicci/protocol/openid-connect/token
This results in: {"error":"invalid_token","error_description":"Invalid token"}
I’ve followed the instructions here: Securing Applications and Services Guide
If I got it right: I have to open the client I want the token from. In the permission Step, I have to add, again, the client I want the token from.
This is how I obtain my credentials for this test:
curl --location --request POST 'http://172.20.0.4:8080//realms/amicci/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=origin-api' \
--data-urlencode 'username=user_example' \
--data-urlencode 'password=hard_password' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'client_secret=OriginApiSecret' \
--data-urlencode 'scope=openid'
Any idea why this is failing?
Thank you in advance!