[keycloak-user] Admin API permission enpoints for token exchange

Can I get a pointer to any admin api endpoints to enable permissions for an identity provider to perform token exchange, and an endpoint to create the client policy for the permission? Firstly, I know this would all do away if I create identity providers and redirect to Keycloak to handle the whole oauth process... but then I think that would break all the existing redirect urls I have provided to the external oauth services, so I'm reluctant to do that. I'd prefer a behind the scenes migration. So, my use case is that I have existing site with server code that authenticates users with external services then grants access to the site. I have migrated all the internal users to a Keycloak auth, and now I'm looking at how to exchange the tokens from the external service for valid Keycloak tokens. Following the steps from the documents, I can automate the following steps * create an identity provider fro the external service, and fill in all the endpoint and client ids * lookup the existing user (they are guaranteed to exist) and link them to the new IDP * < this is the missing step for automations > * perform the token exchange, which now works OK with my Google test user My problem is that I need to enable the permissions, and create the policy to allow the IDP to do token exchange; and I have not found which API endpoints will do that. Can someone point me at the right documents, or a keyword to search form in the Admin REST API document? Thanks, James ---- *James Mitchell* Developer e: jamesm(a)suitebox.com w: www.suitebox.com *SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ