How do I use "read:user_idp_tokens" and get idP tokens when also using a regular web app

I have tried to add

     passport.authenticate([this.type], {
        scope: "openid email profile read:user_idp_tokens",
      }), function(req, res) {
        res.redirect("/user");
      },
     ...
    const verify = (issuer, audience, profile, accessToken, refreshToken, cb)=>{
      // Set Cookie to the access token (eventually refresh)
      console.log(`Profile is ${profile._json}`);
      return cb(null, profile._json);
    }

But when I run the profile does not include the idP tokens. What am I missing?

Hi,

For a Web App your backend would call the Management API to retrieve IDP tokens:

More information is here:

Your backend would call this endpoint with a mgmt api token that has the read:user_idp_tokens scope

hope this helps

So one reading user_idp would the the client credentials? I tried this and I got denied to the /api/v1/user endpoint to get the idp tokens.