Token validation using SharePoint


We have installed Keycloak 8.0.1 on Linux machine and configured two applications App1 (Java) and App2 (SharePoint) as clients.

we also configured Wsfed module in Keycloak for SharePoint, by following the below document.

Protocol Token Format
App1 openid-connect JSON
App2 wsfed SAML

While consuming API calls from APP1 to APP2 we are getting unauthorized response from APP2.

Please find below steps we have followed.

  1. User login into APP1, authenticating from Keycloak server.
  2. To make API call to APP2 from APP1, user gets new token(grant_type=token-exchange) from keycloak server by passing existing token (APP1 token).
  3. User makes an API call to APP2 by sending this new token in Authorization header (where audience=APP2).

We need your support for below point.

How APP2(SharePoint) use this token to validate it with Keycloak?

is there any sample code available in dotnet to validate token in SharePoint through Keycloak?