diff --git a/libs/keycloak-admin-client/src/utils/auth.ts b/libs/keycloak-admin-client/src/utils/auth.ts index 787bc24431..b552179b7b 100644 --- a/libs/keycloak-admin-client/src/utils/auth.ts +++ b/libs/keycloak-admin-client/src/utils/auth.ts @@ -14,6 +14,7 @@ export interface Credentials { totp?: string; offlineToken?: boolean; refreshToken?: string; + scopes?: string[]; } export interface Settings { @@ -32,6 +33,7 @@ export interface TokenResponseRaw { not_before_policy: number; session_state: string; scope: string; + id_token?: string; } export interface TokenResponse { @@ -43,6 +45,7 @@ export interface TokenResponse { notBeforePolicy: number; sessionState: string; scope: string; + idToken?: string; } export const getToken = async (settings: Settings): Promise => { @@ -61,6 +64,7 @@ export const getToken = async (settings: Settings): Promise => { client_id: credentials.clientId, totp: credentials.totp, ...(credentials.offlineToken ? { scope: "offline_access" } : {}), + ...(credentials.scopes ? { scope: credentials.scopes.join(" ") } : {}), ...(credentials.refreshToken ? { refresh_token: credentials.refreshToken, diff --git a/libs/keycloak-admin-client/test/auth.spec.ts b/libs/keycloak-admin-client/test/auth.spec.ts index f2e420cec8..9a0faf34bd 100644 --- a/libs/keycloak-admin-client/test/auth.spec.ts +++ b/libs/keycloak-admin-client/test/auth.spec.ts @@ -21,4 +21,27 @@ describe("Authorization", () => { "scope" ); }); + + it("should get token from local keycloak with custom scope", async () => { + const data = await getToken({ + credentials: { + ...credentials, + scopes: ["openid", "profile"], + }, + }); + + expect(data).to.have.all.keys( + "accessToken", + "expiresIn", + "refreshExpiresIn", + "refreshToken", + "tokenType", + "notBeforePolicy", + "sessionState", + "scope", + "idToken" + ); + + expect(data.scope).to.equal("openid profile email"); + }); });