Member-only story
Get User profile picture via Keycloak access token using Microsoft Graph API
If you’re a non-premium user, click here to read this article for free. If not, continue reading.
Step 1: Store microsoft tokens in keycloak
We need to tell keycloak that to store microsoft’s original tokens in the keycloak server and may share the access token to the user or it will convert the tokens to keycloak tokens and wont store.
Step 2: Exchange token with Keycloak for Microsoft token
Once the user is authenticated via keycloak to your external identity provider (Microsoft) you can use its access token to request the external idp tokens using the dedicated endpoint, Take the access token from the Application tab in inspect from authenticated window and test.
Sample API Call : <keycloakurl>/auth/realms/<realmname>/broker/keycloak-oidc/token
And in authorization add the bearer token, which we got from the Azure AD authenticated via keycloak.
You will have a json structure with the result that keycloak got when it called the token_endpoint of the external idp:
