Tim Walter

This sounds like the old issue [KEYCLOAK-17793](https://issues.redhat.com/browse/KEYCLOAK-17793). We need the attribute importers to work with token exchange in our project too. Currently, we using the workaround with the `FixedUserAttributeMapper` SPI...

I would guess that the tests are not executed independently. Jest also gives an appropriate warning about the duplicate mocks. ``` jest-haste-map: duplicate manual mock found: axios The following files...

Also see https://github.com/facebook/jest/issues/2070

@pushm0v see the linked [Keycloak Jira issue](https://issues.redhat.com/browse/KEYCLOAK-17793)

### Implementation `src/main/java/de/twwd/keycloak/fixedattributemapper` ```java package de.twwd.keycloak.fixedattributemapper; import org.keycloak.broker.oidc.mappers.UserAttributeMapper; import org.keycloak.broker.provider.BrokeredIdentityContext; import org.keycloak.models.IdentityProviderMapperModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; public class FixedUserAttributeMapper extends UserAttributeMapper { private static final String MAPPER_ID =...

For me, it does only work with paths relative to the file that uses the include (e.g. `../snippets/security/hsts.conf`) and not with paths relative to the config dir (e.g. `snippets/security/hsts.conf`).

Since I need different clients and partially different grant types/flows (e.g., sometimes _Direct Access Grant_ and sometimes _Authorization Code Flow_), I would prefer on request level. Nevertheless, it would be...

We have a similar issue with Keycloak 21: When using token exchange, only the protocol mappers/client scopes from the starting client are applied, but not the ones from the target...