[Apiman-user] Keycloak OAuth2 policy: Get bearer token for logged in user without using username/password

Hi, I would like to secure my api's using the Keycloak OAuth2 policy. Similair to what is described in the blog post of Marc Savy: http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication... Only with the difference that Keycloak delegates the login to a third party IdP. After logging in at this third party IdP I end up with an active session in the Apiman UI (the apiman realm of Keycloak). Now I am wondering how to get the bearer token, because I do not have a username/password combination I can use to make a call like: curl -X POST http://127.0.0.1:8080/auth/realms/stottie/protocol/openid-connect/token -H "Content-Type: application/x-www-form-urlencoded" -d "username=rincewind" -d 'password=apiman' -d 'grant_type=password' -d 'client_id=apiman' Because the username/password combination is linked to the third party IdP and not to Keycloak itself. Is there another way to obtain the bearer token? Perhaps this is aquestion which I should address at the keycloak mailinglist. I will try to ask the question there as well. Regards, Ton