We are looking to use the Token Exchange feature. As part of that work, we have set up an Identity Provider which is configured to use AWS Cognito. We are looking to use a custom endpoint for the user info. We have added mappers to the Identity Provider to copy the claims returned from the user info endpoint to the user attributes.
The problem we are seeing is that the claims returned by the user info endpoint are NOT being copied when the user is FIRST created. A second call does copy these values across.
The user info endpoint is being called, we can see that, but there seems to be either some configuration or possibly a bug that is causing this.
This is being seen having followed the docker start-up instructions for our instance of Keycloak.
If anyone has any advice that would be most appreciated.