[keycloak-user] Client not allowed to exchange

Tue Feb 19 14:48:35 EST 2019

You need to set permissions for the client in keycloak inorder to do the exchange. You can follow the  instructions her: https://www.keycloak.org/docs/latest/securing_apps/index.html

On 2/19/19, 9:29 AM, "keycloak-user-bounces at lists.jboss.org on behalf of Andrew J. Alexander" <keycloak-user-bounces at lists.jboss.org on behalf of andrew.j.alexander at gmail.com> wrote:

    [External Email]
    ________________________________

    I am getting a returned value of "client not allowed to exchange"

    Feb 19 17:20:39 keycloak-0ea709bc8787a3a29 standalone.sh[1149]:
    #033[0m#033[33m17:20:39,754 WARN  [org.keycloak.events] (default task-21)
    type=TOKEN_EXCHANGE_ERROR, realmId=master, clientId=client-id-here,
    userId=null, ipAddress=192.168.1.13, error=not_allowed, reason='client not
    allowed to exchange subject_issuer', auth_method=token_exchange,
    grant_type=urn:ietf:params:oauth:grant-type:token-exchange,
    subject_issuer=facebookdev, client_auth_method=client-secret

    What's the problem here? Is it due to an issue with my client-secret (I am
    guessing this as I'm not currently passing in a value)? Is it due to some
    setting on the client itself?

    I've set Access Type to public, direct grants are enabled and the protocol
    is openid-connect

    Does anyone have any experience with this? I am attempting to do a token
    exchange
    _______________________________________________
    keycloak-user mailing list
    keycloak-user at lists.jboss.org
    https://lists.jboss.org/mailman/listinfo/keycloak-user