Hi,
In our application we need to have the external identity provider token. I’m referring the Keycloak Retrieving External IDP Tokens doc.I have configured Keycloak as per the document, but fails to get the Identity Provider token.
However when I make the API call:
GET /auth/realms/{realm}/broker/{provider_alias}/token HTTP/1.1
Host: localhost:8080
Authorization: Bearer <KEYCLOAK ACCESS TOKEN>
I’m getting a message
{
"errorMessage": "Client [oidc-client] not authorized to retrieve tokens from identity provider [oidc-idp]."
}
I have enabled the Store Tokens and Stored Tokens Readable.
The configuration for oidc-client(Client) is as follows
oidc-client->scope->Client Roles(broker)->Assigned Roles(read-token)
oidc-client->client-scopes->setup->Default Client Scopes ->Assigned Default Client Scopes(role)
In the oidc-client(Client) mapper configuration, There is a mapper with type “User Client Role”.
Someone please help me to resolve this issue.
Thanks in Advance