Keycloak identity brokering through REST API

[Djamal Eddine GOUMIDI]

I have two different Keycloak instances running: let say Keycloak_1 and Keycloak_2.

My application uses Keycloak_1 as identity and access management solution.

I want to use Keycloak identity brokering to manage access to my application for Keycloak_2 users through the REST API: in this way, the Idp users can access my application.

For this, I created an identity provider in Keycloak_1 and attached it to a Keycloak_2 client.

when using browser app, the identity provider option appears on the Keycloak_1 form, when I click on it, it redirects me to Keycloak_2 form.

How can I do this procedure using REST API ?

I tried to make a request to https://Keycloak_1_URL/auth/realms/APP1/protocol/openid-connect/token with Keycloak_2 user but I always get an error : "error": "invalid_grant", "error_description": "Invalid user credentials"

Your help will be much appreciated.

[dane pane]

I'm working on something similar to this using: https://github.com/keycloak/keycloak-documentation/blob/main/securing_apps/topics/oidc/javascript-adapter.adoc