Re: [keycloak-dev] User ids and usernames

----- Original Message ----- > From: "Bill Burke" <bburke(a)redhat.com&gt; > To: "Stian Thorgersen" <stian(a)redhat.com&gt; > Cc: keycloak-dev(a)lists.jboss.org > Sent: Thursday, 6 February, 2014 3:41:34 PM > Subject: Re: [keycloak-dev] User ids and usernames > > Maybe just return additional information in the json response from > obtaining an access token. The access token would just contain a link > to user profile information. This reduces token size and yet allows > pure REST Bearer Token services to get profile information if they > desire it. I agree some mechanism to retrieve the token + profile in the same request would be nice, but IMO that's an performance optimization that can be done later. Google for example only return the ID, and you need to go an retrieve the profile if you want. I believe this is the way OpenID Connect does it as well, as I'm using Google's OpenID connect endpoints to retrieve the profile.

There's also the case where you don't want to give an app access to your full profile. Currently the token would have to have account/view-profile role to be able to retrieve the profile.