Content
View differences
Updated by Jan Sandbrink about 1 year ago
### Steps to reproduce
1. Perform token exchange with Keycloak 26.2
### What is the buggy behavior?
The exchange fails, because we do not include the required parameter `subject_token_type`.
### What is the expected behavior?
We include the parameter, because it's defined as required in the [Token Exchange specification](https://datatracker.ietf.org/doc/html/rfc8693).
Since we always exchange access tokens, it should be set to `urn:ietf:params:oauth:token-type:access_token`.
### QA Notes
There is no obvious way to QA this. I'd say we move this directly to closed after merging. I'll note this in the PR, so that the reviewer takes extra care.
1. Perform token exchange with Keycloak 26.2
### What is the buggy behavior?
The exchange fails, because we do not include the required parameter `subject_token_type`.
### What is the expected behavior?
We include the parameter, because it's defined as required in the [Token Exchange specification](https://datatracker.ietf.org/doc/html/rfc8693).
Since we always exchange access tokens, it should be set to `urn:ietf:params:oauth:token-type:access_token`.
### QA Notes
There is no obvious way to QA this. I'd say we move this directly to closed after merging. I'll note this in the PR, so that the reviewer takes extra care.