As mentioned in keycloak/keycloak#14237, Keycloak is now required openid scope for access token otherwise the request will return 403 Forbidden (Missing openid scope) when requesting to userinfo endpoint.
As a workaround, I have to create client scope openid and add it as a default of the client in Keycloak.
I tested on Keycloak 20.0.2
Doc https://www.keycloak.org/docs/latest/upgrading/index.html#userinfo-endpoint-changes
As mentioned in keycloak/keycloak#14237, Keycloak is now required openid scope for access token otherwise the request will return 403 Forbidden (Missing openid scope) when requesting to userinfo endpoint.
As a workaround, I have to create client scope openid and add it as a default of the client in Keycloak.
I tested on Keycloak 20.0.2
Doc https://www.keycloak.org/docs/latest/upgrading/index.html#userinfo-endpoint-changes