Dear Keycloak team, The current usage of " Internal Token to External Token Exchange" is based on the fact that the user in the "external" realm was previously linked with the "Internal" Realm. The current implementation of Client Initiated Account Linking is taking care only of the request coming from a Web Browser. I need to have it working if the requester is an application backend. Eg: A back end of a web application need to use a REST service that is not managed by the same realm. USER --> Web APP -redirect->KC Realm A -Credential request-> USER -credentials> KC Realm A -token & redirect -> USER -redirect-> Web APP - Internal to External Token Exchange -> KC Realm A -request token exchange > KC Realm B - create user from token -> KC Realm B -Realm B Token -> KC Realm A -> Web APP - Realm B Token in bearer mode -> REST server depending of Realm B Is my use case clear ? Do you have a proposal ? Can we help for the implementation ? Regards Gaël THIABAUD Direction Technique mailto:gael.thiabaud@almerys.com Téléphone: 04 73 74 82 84 almerys, 46 Rue du Ressort, 63967 Clermont-Ferrand Cedex 9 www.almerys.com Scrum Master