Description

This is follow-up to #38080 .

In Keycloak 27, we can hopefully remove the "old condition" for the lightweight access token and keep just the detection based on the token context. As the old was needed just for the backwards compatibility. So probably some change like this could be done:

+ if (isAccessTokenLightweight) {
- if (isAccessTokenLightweight || accessToken.getSubject() == null || (accessToken.getSessionId() == null && accessToken.getResourceAccess().isEmpty() && accessToken.getRealmAccess() == null)) {