The getTokenSilently() function fails with “ID token is required but missing” error

Problem Statement:

The call to “getTokenSilently()” causes the error “ID token is required but missing” since the scope value which contains openid is not passed to the /token endpoint.

Basically, the refresh token call does not contain the openid scope.

Solution:

/**
 * Rule to check permissions to filter user scopes on the access token
 *
 * @param {*} user
 * @param {*} context
 * @param {*} callback
 */
function checkScopes(user, context, callback) {
  const permissions = user.permissions || [];
  context.request.body = context.request.body || {};
  context.request.query = context.request.query || {};
  let requestedScopes = context.request.query.scope || context.request.body.scope || '';
  if (context.protocol === 'oauth2-refresh-token') {
    requestedScopes = requestedScopes || 'openid profile email offline_access';
  }
  const filteredScopes = requestedScopes.split(' ').filter( function(x) {
    return x.indexOf(':') < 0;
  });

  Array.prototype.push.apply(filteredScopes, permissions);
  context.accessToken.scope = filteredScopes.join(' ');

  callback(null, user, context);
}