I have webapp1 which has to authenticate against a legacy backend,and won't
be integrated with Keycloak for the foreseeable future.
So, upon successful authentication, i use the impersonate API to get an
access token for the current user.
Later on, the user will open webapp2 from webapp1. The user should not have
adapter. I use the access/refresh token i gained earlier to initialize the
adapter. It sends the refresh token to the token endpoint, but gets a
statuscode 400 error "Unmatching clients".
These are the relevant fields from the token:
So i guess the problem is, that azp does not match client_id. In order to
get a token for the correct client, i use the token exchange endpoint and
the access token i got via the impersonation API
That gives me a new token, but for the same client. At this point i'm
stumped and pretty sure i misunderstood something basic. Can anybody give
me a pointer in the right direction?
Show replies by date