It seems like this project has stopped being maintained, so I'm leaving an Issue here for people who encounter this problems.
Due to Keycloak's pull request, the 'openid' scope has been made mandatory for userinfo endpoints. Unfortunately, some invokers, such as Node-Red, tend to call upon it with a default scope, thereby neglecting to explicitly pass the 'openid' scope. The default scope is 'email profile roles', which triggers an error.
You can actually specify the scope explicitly by configuring it in the parameters.
If you suspect that you might have encountered this problem, but aren't entirely sure, then you can insert a new line into the /lib/strategy.js in the node_modules for printing the access token after line 120. Subsequently, utilize a JWT analysis tool to decode the JWT token to establish if it offers an 'openid' scope.
this._oauth2._useAuthorizationHeaderForGET = true;
console.log("access_token",accessToken) // Add this line
krutogorec
commented
4 months ago
It seems like this project has stopped being maintained, so I'm leaving an Issue here for people who encounter this problems.
Due to Keycloak's pull request, the 'openid' scope has been made mandatory for userinfo endpoints. Unfortunately, some invokers, such as Node-Red, tend to call upon it with a default scope, thereby neglecting to explicitly pass the 'openid' scope. The default scope is 'email profile roles', which triggers an error.
You can actually specify the scope explicitly by configuring it in the parameters.
If you suspect that you might have encountered this problem, but aren't entirely sure, then you can insert a new line into the /lib/strategy.js in the node_modules for printing the access token after line 120. Subsequently, utilize a JWT analysis tool to decode the JWT token to establish if it offers an 'openid' scope.