Deploying to main from @ c99781808d3b52955dfc66fc3e12727f8c3b2e9d 🚀

Author: ahus1

extensions.html

@@ -421,7 +421,7 @@ <h5 class="card-title">MFA Plugin collection</h5>
                                     <div class="d-flex align-items-center">
                                         <img src="resources/images/github.png" width="16px" alt="GitHub logo"
                                              class="me-2"/>
-                                        <span>229 stars</span>
+                                        <span>228 stars</span>
                                     </div>
                                 </div>
                         </div>

nightly/guides.html

@@ -936,6 +936,21 @@ <h5 class="card-title">
                             </div>
                         </div>
                     </div>
+                    <div class="col-sm-4">
+                        <div class="card shadow-sm mb-4">
+                            <div class="card-body">
+                                <h5 class="card-title">
+                                    JWT Authorization Grant
+                                    
+                                    
+                                </h5>
+                                <span class="card-text">Guide for the JWT Authorization Grant specification RFC 7521 / 7523.</span>
+                                <div>
+                                </div>
+                                <a href="https://www.keycloak.org/nightly/securing-apps/jwt-authorization-grant"  class="stretched-link link-dark"></a>
+                            </div>
+                        </div>
+                    </div>
                     <div class="col-sm-4">
                         <div class="card shadow-sm mb-4">
                             <div class="card-body">

nightly/securing-apps/jwt-authorization-grant.html

@@ -1235,6 +1235,18 @@ <h3 id="_external-token-to-internal-token-exchange"><a class="anchor" href="#_ex
 </tr>
 </table>
 </div>
+<div class="admonitionblock warning">
+<table>
+<tr>
+<td class="icon">
+<i class="fa icon-warning" title="Warning"></i>
+</td>
+<td class="content">
+External to internal Token Exchange will be replaced by <a href="#_standard-token-exchange">Standard Token Exchange V2</a> and <a href="https://www.keycloak.org/nightly/securing-apps/jwt-authorization-grant">JWT Authorization Grant</a>. Following the idea presented in the current draft specification <a href="https://datatracker.ietf.org/doc/html/draft-ietf-oauth-identity-chaining-06">OAuth Identity and Authorization Chaining Across Domains</a>, the final access token will be obtained performing two requests: a standard token exchange in the external identity server to get a valid JWT assertion; a JWT Authorization Grant to finally request an access token in the internal Keycloak realm. The JWT Authorization grant can be eventually used directly to exchange your external tokens as long as they are JWT tokens, which conforms to all the requirements specified for the JWT Authorization Grant.
+</td>
+</tr>
+</table>
+</div>
 <div class="sect3">
 <h4 id="_granting_permission_for_the_exchange"><a class="anchor" href="#_granting_permission_for_the_exchange"></a>Granting permission for the exchange</h4>
 <div class="paragraph">