Problem/Motivation

I have installed the module and found out that the scope "openid" is required for Keycloak 26.

Steps to reproduce

Install keycloak 26+ and the oauth keycloak module 2 on drupal 11.

Proposed resolution

Adjust the function by adding the scope openid in the source file KeycloakAuthManager.php:

  /**
   * {@inheritdoc}
   */
  public function getAuthorizationUrl(): string {
    $scopes = [
      'openid',
      'email',
      'profile',
    ];

Comments

koekj created an issue. See original summary.

drumm’s picture

drumm
he/him
Location NY, US
commented

We have been using this with Keycloak 26, but maybe there were more restrictions throughout the 26.* series. Or potentially the following code injects openid in our situation.

Regardless, https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest says

OpenID Connect requests MUST contain the openid scope value. If the openid scope value is not present, the behavior is entirely unspecified.

So this should be a good change to make.

  • drumm committed a39062ea on 2.0.x 
    fix: #3571694 Add required “openid“ scope
drumm’s picture

drumm
he/him
Location NY, US
commented
Status: Active » Fixed

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.