Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for configuring external token exchange #975

Open
Xymanek opened this issue Jun 29, 2024 · 1 comment
Open

Support for configuring external token exchange #975

Xymanek opened this issue Jun 29, 2024 · 1 comment

Comments

@Xymanek
Copy link

Xymanek commented Jun 29, 2024

Ref: https://www.keycloak.org/docs/25.0.1/securing_apps/#_grant_permission_external_exchange (permissions are same for internal-to-external and external-to-internal exchange).

Currently there is no support for configuring external IdP permissions, only keycloak_group_permissions, keycloak_openid_client_permissions and keycloak_users_permissions (none of which can be coerced into working with IdP due to IdPs having different scope setup). I was able to workaround using restapi, but it would definitely be far more convenient to have proper support from this provider (which is great for everything else!).

Are contributions accepted?
@stale-vegait
Copy link
Contributor

What about this one keycloak_identity_provider_token_exchange_scope_permission? We use this one with client policy to configure internal->external token exchange.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Xymanek @stale-vegait