[keycloak-user] Client not allowed to exchange

Shetty, Shweta Shweta.Shetty at Teradata.com
Tue Feb 19 14:48:35 EST 2019

You need to set permissions for the client in keycloak inorder to do the exchange. You can follow the  instructions her: https://www.keycloak.org/docs/latest/securing_apps/index.html

On 2/19/19, 9:29 AM, "keycloak-user-bounces at lists.jboss.org on behalf of Andrew J. Alexander" <keycloak-user-bounces at lists.jboss.org on behalf of andrew.j.alexander at gmail.com> wrote:

    [External Email]
    I am getting a returned value of "client not allowed to exchange"
    Feb 19 17:20:39 keycloak-0ea709bc8787a3a29 standalone.sh[1149]:
    #033[0m#033[33m17:20:39,754 WARN  [org.keycloak.events] (default task-21)
    type=TOKEN_EXCHANGE_ERROR, realmId=master, clientId=client-id-here,
    userId=null, ipAddress=, error=not_allowed, reason='client not
    allowed to exchange subject_issuer', auth_method=token_exchange,
    subject_issuer=facebookdev, client_auth_method=client-secret
    What's the problem here? Is it due to an issue with my client-secret (I am
    guessing this as I'm not currently passing in a value)? Is it due to some
    setting on the client itself?
    I've set Access Type to public, direct grants are enabled and the protocol
    is openid-connect
    Does anyone have any experience with this? I am attempting to do a token
    keycloak-user mailing list
    keycloak-user at lists.jboss.org

More information about the keycloak-user mailing list