Hello,
We try to implement the following use case :
We have a Realm and a Client that allow users to login with the rest api
/auth/realms/{Realm}/protocol/openid-connect/token (from a mobile application).
Users should be able to login with a Facebook token by using the same rest api but
with token-exchange grant_type only if a keycloak user already exists and if it’s linked
with Facebook identity provider.
Problem: if a user that does not exist in Keycloak exchange a Facebook token, it’ll be
automatically created by keycloak and an access_token is return.
We try to modify First Login Flow in Identity provider configuration, but it does not
work.
How we can prevent keycloak to create user and return an error if there is no keycloak
user linked to the facebook token?
Thanks in advance,
Florian
Show replies by date