Re: [keycloak-user] Question about application of protocol mappers when requesting an RPT

Hello, Why are protocol mappers belonging to the token's Authorized Party (azp) applied when requesting an RPT instead of those belonging to its Audience (aud)? For example, when a Token Exchange is performed, the mappers belonging to the new Audience are applied, not the Authorized Party ones. Concretely, we have detected that this behavior is being enforced at this line of code: AuthorizationTokenService.java#L248 < https://github.com/keycloak/keycloak/blob/24e60747b694ab4d03e8e1cbf8e4da7... > Is that correct? Shouldn't mappers belonging to the Audience be applied instead? Thank you in advance! _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user