diff --git a/services/src/main/java/org/keycloak/services/clientregistration/policy/impl/ClientScopesClientRegistrationPolicyFactory.java b/services/src/main/java/org/keycloak/services/clientregistration/policy/impl/ClientScopesClientRegistrationPolicyFactory.java index 50fc6b4cf9d..4ddf5793d50 100644 --- a/services/src/main/java/org/keycloak/services/clientregistration/policy/impl/ClientScopesClientRegistrationPolicyFactory.java +++ b/services/src/main/java/org/keycloak/services/clientregistration/policy/impl/ClientScopesClientRegistrationPolicyFactory.java @@ -22,6 +22,7 @@ import java.util.LinkedList; import java.util.List; import java.util.stream.Collectors; +import org.keycloak.OAuth2Constants; import org.keycloak.component.ComponentModel; import org.keycloak.component.ComponentValidationException; import org.keycloak.models.ClientScopeModel; @@ -88,7 +89,12 @@ public class ClientScopesClientRegistrationPolicyFactory extends AbstractClientR if (realm == null) { return Collections.emptyList(); } else { - return realm.getClientScopesStream().map(ClientScopeModel::getName).collect(Collectors.toList()); + List scopes = realm.getClientScopesStream().map(ClientScopeModel::getName).collect(Collectors.toList()); + //add openid scope if not exists + if (!scopes.contains(OAuth2Constants.SCOPE_OPENID)) { + scopes.add(OAuth2Constants.SCOPE_OPENID); + } + return scopes; } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationPoliciesTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationPoliciesTest.java index 823c130426f..da077435541 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationPoliciesTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationPoliciesTest.java @@ -383,6 +383,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe List clientScopes = getProviderConfigProperty(clientScopeRep, ClientScopesClientRegistrationPolicyFactory.ALLOWED_CLIENT_SCOPES); Assert.assertFalse(clientScopes.isEmpty()); Assert.assertTrue(clientScopes.contains(OAuth2Constants.SCOPE_PROFILE)); + Assert.assertTrue(clientScopes.contains(OAuth2Constants.SCOPE_OPENID)); Assert.assertFalse(clientScopes.contains("foo")); Assert.assertFalse(clientScopes.contains("bar"));