Hi all,

Keycloak version: 1.9.8

Here is my use case: I want to keep the access token JWS as lean as possible, only containing user roles and a few custom claims I have added. I want no PII in the access token. However, I would like my internal services to obtain the full user profile (name, email, etc...) from the OIDC "/userinfo" endpoint. Unfortunately, I can only seem to obtain the "sub" claim and the few custom claims that already exist in the access token. I don't see any support for adding scope values to the request.

Is there any way to accomplish what I would like, or any other ways of obtaining this info that I may be missing?

Thanks in advance