I updated the keycloak to 20.0.1 yesterday, I could not get the userinfo endpoint information.
I did the same thing like 19.0.3 but 403 forbidden and the docker show me USER_INFO_REQUEST_ERROR.
docker message:
2022-11-17 01:36:33,729 WARN [org.keycloak.events] (executor-thread-0) type=USER_INFO_REQUEST_ERROR, realmId=5e518891-d25d-4cca-8828-f924d6e6c5c3, clientId=null, userId=null, ipAddress=172.17.0.1, error=access_denied, auth_method=validate_access_token
At the same time , I do the same things on 19.0.3 but it works
Anything I missed on this endpoint?
1 Like
Hi,
I got the same issue today. Thanks to you’re message I started looking in the release notes and found a reference to this UserInfo endpoint not fully standards compliant by dteleguin · Pull Request #14237 · keycloak/keycloak · GitHub
Basically userinfo is now only allowed when you have the openid scope in your token.
You should also see a message in the logs saying it is missing.
So I added it to my client as a default scope and it works fine now.
Hope this helps.
3 Likes
I am the beginner of keycloak, how can i add this scope to my client?
Many thanks.
I’m a beginner myself. What I did is create the scope in the “client scopes” section
5 Likes
part 2:
And then in the client added it as default scope
4 Likes
@michielvandriessche I was able to get my Grafana community edition 8.5 with generic oauth integration working in keycloak 20 thanks to your explanation. It’s appreciated very much. Thank you!
I added openid on client scopes and assign to clients’ scope.
It works, many thanks!!!
I think it is enough to just add the scope=openid when you request the access token.
4 Likes
Thank you !
Have the same problem and found your solution! Works perfectly
Adding scope=openid to the request parameters resolved this for me.
1 Like
