[keycloak-user] Client not allowed to exchange
Andrew J. Alexander
andrew.j.alexander at gmail.com
Tue Feb 19 12:29:34 EST 2019
I am getting a returned value of "client not allowed to exchange"
Feb 19 17:20:39 keycloak-0ea709bc8787a3a29 standalone.sh[1149]:
#033[0m#033[33m17:20:39,754 WARN [org.keycloak.events] (default task-21)
type=TOKEN_EXCHANGE_ERROR, realmId=master, clientId=client-id-here,
userId=null, ipAddress=192.168.1.13, error=not_allowed, reason='client not
allowed to exchange subject_issuer', auth_method=token_exchange,
grant_type=urn:ietf:params:oauth:grant-type:token-exchange,
subject_issuer=facebookdev, client_auth_method=client-secret
What's the problem here? Is it due to an issue with my client-secret (I am
guessing this as I'm not currently passing in a value)? Is it due to some
setting on the client itself?
I've set Access Type to public, direct grants are enabled and the protocol
is openid-connect
Does anyone have any experience with this? I am attempting to do a token
exchange
More information about the keycloak-user
mailing list