Spring-Boot, KeyCloak adapter and customized scopes

According to the docs (Securing Applications and Services Guide), there is no way to use a customized scopes list with KeyCloak adapter. Am I missing something or is that true? So I have to omit the client adapter and do a customized security configuration?

Do you mean for certain users to have access if they have a special scope?

AFAIK it’s just done in the configuration as you mention:

Our KeyCloak is configured to return additional information in the ID-Token when a given scope is requested. The standard client adapter for KeyCloak only requests openid scope:


Is there a simple property I can set, so that a custom scope is additionaly requested, such as:

keycloak.scopes=openid, myadditionalscope

to achieve this:

https://keycloak.my.com/auth/realms/myrealm/protocol/openid-connect/auth?response_type=code&client_id=my-client-id&redirect_uri=https://...&state=...&login=true&scope=openid, myadditionalscope

Ahhh, my bad. Though I don’t request the additional scope, I get it’s information anyway - in the access token (I first checked only the id token). Nonetheless, and though it’s not necessary any more, I managed to pass the special scope, by overriding KeyCloaks OAuthRequestAuthenticator.