Acess denied on get_user_information endpoint unelss oidc client scope present in keycloak

[crwww]

I found that I couldn't access the user information endpoint until I added a client scope in Keycloak called "openid". Unsure if this is a version issue with keycloak.

[crwww]

Appending &scope=openid to the redirect uri also works if you dont want to add the scope in Keycloak.
<%= link_to 'Login with SSO' , KeycloakOauth.connection.authorization_endpoint(options: { redirect_uri: keycloak_oauth.oauth2_url + "&scope=openid" }), class:'button' %>

[andyundso]

could be a version difference ... which one from Keycloak are you using?

besides, providing scope to the authorization endpoint is actually a default option by the OpenID Connect specification, so we could add support for it.

[crwww]

Running on 21.1.1 Adding a scope config option seems like a great idea. I would be happy to add it in if you are too busy.

[andyundso]

if you have a couple of minutes, would be great if you can implement it. I can take care of making a release in timely fashion.