Check Keycloak logs for the real error
curl -X POST "https://auth.motoshare.in/realms/motoshare/protocol/openid-connect/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=urn:ietf:params:oauth:grant-type:token-exchange" \
-d "client_id=motoshare" \
-d "client_secret=YOUR_SECRET" \
-d "requested_token_type=urn:ietf:params:oauth:token-type:access_token"
Correct Token Exchange CURL (Full Example)
STEP 1: First obtain a user access token
curl -X POST "https://auth.motoshare.in/realms/motoshare/protocol/openid-connect/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=password" \
-d "client_id=motoshare" \
-d "client_secret=L0JQfUYqSueoxhOSqCi77ihu3LppLsOB" \
-d "username=rakeshdev.cotocus@gmail.com" \
-d "password=rkgmkgskg@1234"
STEP 2: Perform token exchange using that access token
curl -X POST "https://auth.motoshare.in/realms/motoshare/protocol/openid-connect/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=urn:ietf:params:oauth:grant-type:token-exchange" \
-d "client_id=motoshare" \
-d "client_secret=L0JQfUYqSueoxhOSqCi77ihu3LppLsOB" \
-d "subject_token=THE_USER_ACCESS_TOKEN" \
-d "subject_token_type=urn:ietf:params:oauth:token-type:access_token" \
-d "requested_token_type=urn:ietf:params:oauth:token-type:access_token"
how-to-run-keycloak-in-production-with-apache-and-systemd-step-by-step-guide
STEP 1 — Check Keycloak logs for the real error
Run:
journalctl -u keycloak -f
or
tail -n 200 /opt/auth.motoshare.in/standalone/log/server.log
sudo systemctl daemon-reload
sudo systemctl enable keycloak
sudo systemctl start keycloak
sudo systemctl status keycloak
sudo systemctl restart keycloak
How to enable token exchange
nano /opt/auth.motoshare.in/conf/keycloak.conf
features=token-exchange,token-exchange-standard,persistent-user-sessions
cd /opt/auth.motoshare.in/bin
./kc.sh build
sudo systemctl restart keycloak
Top comments (0)