Problem Statement:
The call to “getTokenSilently()” causes the error “ID token is required but missing” since the scope
value which contains openid
is not passed to the /token
endpoint.
Basically, the refresh token call does not contain the openid
scope.
Solution:
/**
* Rule to check permissions to filter user scopes on the access token
*
* @param {*} user
* @param {*} context
* @param {*} callback
*/
function checkScopes(user, context, callback) {
const permissions = user.permissions || [];
context.request.body = context.request.body || {};
context.request.query = context.request.query || {};
let requestedScopes = context.request.query.scope || context.request.body.scope || '';
if (context.protocol === 'oauth2-refresh-token') {
requestedScopes = requestedScopes || 'openid profile email offline_access';
}
const filteredScopes = requestedScopes.split(' ').filter( function(x) {
return x.indexOf(':') < 0;
});
Array.prototype.push.apply(filteredScopes, permissions);
context.accessToken.scope = filteredScopes.join(' ');
callback(null, user, context);
}