According to the docs (Securing Applications and Services Guide), there is no way to use a customized scopes list with KeyCloak adapter. Am I missing something or is that true? So I have to omit the client adapter and do a customized security configuration?
Do you mean for certain users to have access if they have a special scope?
AFAIK it’s just done in the configuration as you mention:
Our KeyCloak is configured to return additional information in the ID-Token when a given scope is requested. The standard client adapter for KeyCloak only requests openid
scope:
https://keycloak.my.com/auth/realms/myrealm/protocol/openid-connect/auth?response_type=code&client_id=my-client-id&redirect_uri=https://...&state=...&login=true&scope=openid
Is there a simple property I can set, so that a custom scope is additionaly requested, such as:
keycloak.scopes=openid, myadditionalscope
to achieve this:
https://keycloak.my.com/auth/realms/myrealm/protocol/openid-connect/auth?response_type=code&client_id=my-client-id&redirect_uri=https://...&state=...&login=true&scope=openid, myadditionalscope
Ahhh, my bad. Though I don’t request the additional scope, I get it’s information anyway - in the access token (I first checked only the id token). Nonetheless, and though it’s not necessary any more, I managed to pass the special scope, by overriding KeyCloaks OAuthRequestAuthenticator.