Hi, I am using the token exchange feature of Keycloak 3.4, which is really great and useful in my REST backoffice (before the only way i found was to do a lot of 302 in browser to get needed access tokens). Everything is documented for server configuration, but in java client is there a new function to exchange a token ? I wrote some code extending the current AuthzClient if anybody is looking for the same thing : public AccessTokenResponse exchangeAccessToken(String bearer, String bearerIdpName) { return this.http.<AccessTokenResponse>post(authzClient.getServerConfiguration().getTokenEndpoint()) .authentication() .client() .param("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange") .param("subject_token", bearer) .param("subject_issuer", bearerIdpName) .param("subject_token_type", "urn:ietf:params:oauth:token-type:access_token") .param("audience", authzClient.getConfiguration().getResource()) .response() .json(AccessTokenResponse.class) .execute(); } Thanks