Add openid as default scope and add option to set custom scopes (#4078)

libs/keycloak-admin-client/src/utils/auth.ts

@@ -14,6 +14,7 @@ export interface Credentials {
   totp?: string;
   offlineToken?: boolean;
   refreshToken?: string;
+  scopes?: string[];
 }
 
 export interface Settings {
@@ -32,6 +33,7 @@ export interface TokenResponseRaw {
   not_before_policy: number;
   session_state: string;
   scope: string;
+  id_token?: string;
 }
 
 export interface TokenResponse {
@@ -43,6 +45,7 @@ export interface TokenResponse {
   notBeforePolicy: number;
   sessionState: string;
   scope: string;
+  idToken?: string;
 }
 
 export const getToken = async (settings: Settings): Promise<TokenResponse> => {
@@ -61,6 +64,7 @@ export const getToken = async (settings: Settings): Promise<TokenResponse> => {
     client_id: credentials.clientId,
     totp: credentials.totp,
     ...(credentials.offlineToken ? { scope: "offline_access" } : {}),
+    ...(credentials.scopes ? { scope: credentials.scopes.join(" ") } : {}),
     ...(credentials.refreshToken
       ? {
           refresh_token: credentials.refreshToken,

libs/keycloak-admin-client/test/auth.spec.ts

@@ -21,4 +21,27 @@ describe("Authorization", () => {
       "scope"
     );
   });
+
+  it("should get token from local keycloak with custom scope", async () => {
+    const data = await getToken({
+      credentials: {
+        ...credentials,
+        scopes: ["openid", "profile"],
+      },
+    });
+
+    expect(data).to.have.all.keys(
+      "accessToken",
+      "expiresIn",
+      "refreshExpiresIn",
+      "refreshToken",
+      "tokenType",
+      "notBeforePolicy",
+      "sessionState",
+      "scope",
+      "idToken"
+    );
+
+    expect(data.scope).to.equal("openid profile email");
+  });
 });