Before reporting an issue

[x] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

admin/ui

Describe the bug

1) Go to admin console

2) Go to tab Clients and click Create client

3) Fill Client ID foo and click Next

4) On next screen enable Client authentication and Standard token exchange and click Next

5) Click Save. The client is created

6) Go to tab Advanced right away and scroll down to OpenID Compatibility modes section. I can see that switch Allow refresh token in Standard Token Exchange is disabled even if client has token exchange enabled -> KO

7) Click button Save on the same screen. There is notification message Client successfully updated and now the Allow refresh token in Standard Token Exchange is editable as expected -> OK (However there is another bug https://github.com/keycloak/keycloak/issues/38500 , which makes it complicated to update client afterwards)

Version

nightly (from 2025-03-27)

Regression

[ ] The issue is a regression

Expected behavior

The switch Allow refresh token in Standard Token Exchange enabled after creating the client with enabled token exchange

Actual behavior

The switch Allow refresh token in Standard Token Exchange disabled after creating the client with enabled token exchange

How to Reproduce?

See above

Anything else?

This is related to token-exchange and very likely to https://github.com/keycloak/keycloak/issues/37115 . So not a regression as the switch was introduced in 26.2