We have keycloak server integration. We are using only the APIs of Keycloak and no visual UI.
I have a nuxt.js app where we show External login options like Microsoft, Google, etc. On click, user is redirected to appropriate login flow where ex: Microsoft will handle the login part.
On redirect back to our endpoint. We get the code from Microsoft Azure AD login.
I am sending the code to Azure AD endpoint to get the access token: https://login.microsoftonline.com/common/oauth2/token
From the token I have the info (username and email). Assuming that the user does exist in the keycloak server, I want to login this user by exchanging the Azure AD token. I am not able to find the appropriate method or the endpoint to do this.
EDIT:
I found the following endpoint: http://0.0.0.0:5001/realms/master/protocol/openid-connect/token
Form URL Encoded values:
client_id:mynuxtapp
client_secret:clientsecrethere
subject_token:mytokenhere
subject_token_type:urn:ietf:params:oauth:token-type:jwt
grant_type:urn:ietf:params:oauth:grant-type:token-exchange
I am getting the error:
{ "error": "invalid_token", "error_description": "Invalid token" }
even though I am putting in the correct secret and AD token