Obtain id_token with Keycloak

Question

Who knows how to obtain the id_token with Keycloak?

I have been working with Keycloak in Java (Spring, JEE) and postman.

The basics work fine but I need the id_token since there are some claims that they are not present in the access_token but they are present in the id_token.

Using the keycloak-core library I could obtain the Keycloak context, but the id_token attribute always is null.

Some idea?

Answer 1

If you are using keycloak version 3.2.1, then below mail chain will help you. Hi All

I am using below curl command   

curl -k  https://IP-ADDRESS:8443/auth/realms/Test123/protocol/openid-connect/token -d "grant_type=client_credentials" -d "client_id=SURE_APP" -d "client_secret=ca3c4212-f3e8-43a4-aa14-1011c7601c67"

In the above command's response id_token is missing ,which is require for kong to tell who i am?

In my keycloak realm->client-> Full Scope Allowed ->True

Ok I found it we have to add 

scope=openid

 then only it will work 

Answer 2

I had the same thing with Keycloak 3.4.3 version.

I added scope=openid to my request as Gal Margalit mentioned in his answer and it works.

Here is my request:

curl -X POST -H "Content-Type:application/x-www-form-urlencoded" -d "scope=openid" -d "grant_type=password" -d "client_id=test" -d "[email protected]" -d "password=test" 'https://YOUR-DOMAIN/realms/test123/protocol/openid-connect/token'