Having looked a bit more closely at this, it appears that currently the GoogleIdentityProvider (keycloak\services\src\main\java\org\keycloak\social\google\GoogleIdentityProvider.java) has the Google+ Profile URL hard-coded into it. There are at least four alternatives available, according to the Google OAuth2.0 Playground and documentation. Three provide very similar data, and rely on the same base authorization as the oauth2 series (i.e. they do not require specifically enabling the People API or Google+ API) - https://www.googleapis.com/userinfo/v2/me - https://www.googleapis.com/oauth2/v2/userinfo - https://www.googleapis.com/oauth2/v3/userinfo (also exists but does not seem as well documented) The fourth is an endpoint on the PeopleAPI that provides much fuller profile information: - https://people.googleapis.com/v1/people/me (which *would* require enabling the People API for the associated credentials) Given those alternatives, and the fact that Google documentation says they'll be shutting down the Google+ APIs as early as January 2019, it seems prudent to simply change to one of the oauth-only endpoints, such as https://www.googleapis.com/oauth2/v2/userinfo Would that simple change be sufficient, or would additional default mapping changes be required? James On Fri, Dec 21, 2018 at 3:58 PM James Campbell <jpcampb2(a)ncsu.edu&gt; wrote: -- James Campbell <jpcampb2(a)ncsu.edu&gt; Government Researcher (919) 987-3378 Laboratory for Analytic Sciences <https://ncsu-las.org/>