Auth.js v5 token exchange with Keycloak over oidc spec for impersonation

[misterbit-pro]

Hello,

I would like to ask if someone has an idea or already accomplished to implement impersination over a token exchange in auth.js with the keycloak provider or a custom implementation.

This was already talked about here: #7121

But it was before v5. What's important for me to know is:

How to use the http://<keycloakServer>/realm/<myReal>/protocol/openid-connect/token endpoint for auth and then the grant type urn:ietf:params:oauth:grant-type:token-exchange and the requested_subject wich is the user id of the user to impersonate?

Is this supported? As its in the oidc spec I thought it surely has to be, but I don't find any docu or someone who tried to this at all with a more detailed description, just the one issue