We have a setup, where we have to add an IDP to keycloak, and our IDP and authentication happens using "JWT signed with private key". When client_assertion request it sent to our IDP the JWT token which is created takes up token_url by default in keycloak.

But our IDP demands Issuer URL, and I could not find any options to customize the audience parameter during access token request.

When checked the code, the generateToken() does the work of creating the JWT token which by default takes only getTokenUrl() as audience.

Can we have mapper for audience during access token request ?

The source code file: AbstractOAuth2IdentityProvider.java
protected JsonWebToken generateToken() {
JsonWebToken jwt = new JsonWebToken();
jwt.id(KeycloakModelUtils.generateId());
jwt.type(OAuth2Constants.JWT);
jwt.issuer(getConfig().getClientId());
jwt.subject(getConfig().getClientId());
jwt.audience(getConfig().getTokenUrl());
int expirationDelay = session.getContext().getRealm().getAccessCodeLifespan();
jwt.expiration(Time.currentTime() + expirationDelay);
jwt.issuedNow();
return jwt;
}