"included_client_audience": conflicts with included_custom_audience

[rd-andreas-lay]

keycloak_openid_audience_protocol_mapper cannot set both included_custom_audience and included_client_audience

│ with keycloak_openid_audience_protocol_mapper.audience_mapper, │ on provider.tf line 47, in resource "keycloak_openid_audience_protocol_mapper" "audience_mapper": │ 47: included_client_audience = keycloak_openid_client.openid_client.client_id │ │ "included_client_audience": conflicts with included_custom_audience

It works perfectly fine in the GUI though:

Example to reproduce:

Keycloak version: docker run -p 8081:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:21.1.1 start-dev

`terraform { required_providers { keycloak = { source = "mrparkers/keycloak" version = ">= 4.0.0" } } }

provider "keycloak" { client_id = "admin-cli" username = "admin" password = "admin" url = "http://localhost:8081" }

resource "keycloak_openid_client" "openid_client" { realm_id = keycloak_realm.realm.id client_id = "test-client"

name = "test client" enabled = true

access_type = "CONFIDENTIAL" valid_redirect_uris = [ "http://localhost:8080/openid-callback" ]

standard_flow_enabled = true }

resource "keycloak_openid_group_membership_protocol_mapper" "group_membership_mapper" { realm_id = keycloak_realm.realm.id client_id = keycloak_openid_client.openid_client.id name = "group-membership-mapper" claim_name = "groups" }

resource "keycloak_openid_audience_protocol_mapper" "audience_mapper" { realm_id = keycloak_realm.realm.id client_id = keycloak_openid_client.openid_client.id name = "audience-mapper"

included_custom_audience = keycloak_openid_client.openid_client.client_id included_client_audience = keycloak_openid_client.openid_client.client_id

} `