I have linked Azure AD as an IDP in Keycloak. I am able to route to the Azure Login page and get back to keycloak redirect uri after successful login. A copy of the user is also being created in Keycloak linked to an external IDP.
Now I am able to get the Azure tokens with a combination of https://login.microsoftonline.com/common/oauth2/v2.0/authorize and https://login.microsoftonline.com/organizations/oauth2/v2.0/token requests.
But I have roles and groups configured in Keycloak and want to map them to users (already figured this out by using predefined mappers) and generate a token for an external user that is coming from Azure. I can see the following token getting generated in the browser through the "authorization_code" flow. 
I am not able to get the source of the keycloak authentication code. How's it getting generated!!. Is there any other way to get the token!!.
I am trying to replicate the flow via Postman and get a Keycloak token, but I am not able to make it work as of now. If anyone faces similar issues or can provide some suggestions, that would be great. Thanks in Advance