Access token does not have the openid scope

Question

I am doing sso sample(travelocity.com) example. When I am trying to access user info with oauth access token using this command,

curl -k -H "Authorization: Bearer b68ba941c9da3d2644d8a63154d28" https://localhost:9443/oauth2/userinfo?schema=openid

I am getting follwing error

{"error":"insufficient_scope","error_description":"Access token does not have the openid scope"}

please help, thank you

Answer 1

When you make the first request to the authorization endpoint, you have to include openid in the scope request parameter. OpenID Connect Core 1.0, 3.1.2.1. Authentication Request says as follows.

scope

REQUIRED. OpenID Connect requests MUST contain the openid scope value. If the openid scope value is not present, the behavior is entirely unspecified. Other scope values MAY be present. Scope values used that are not understood by an implementation SHOULD be ignored. See Sections 5.4 and 11 for additional scope values defined by this specification.