Advance apologies if this question sounds stupid
Wondering if there is a way to get the Id Token just by passing user Id (instead of the session token) in the Authorisation Grant Flow
I understand the whole point of auth grant flow is to first authenticate and then use that token to invoke the /authorize and get any tokens (ID Token etc…)
However, am evaluating a niche use case and just wondering if we can get the ID Token without the SSO Token and just by the user Id ?
Thanks for reaching out to the Community.
BTW, there is no such thing as a stupid question.
As you mentioned, by default the client must authenticate to use the
However, this can be disabled in the OAuth 2.0 provider configuration. In the AM admin UI, go to Realms > Realm Name > Services > OAuth2 Provider > Advanced OpenID Connect and disable Idtokeninfo Endpoint Requires Client Authentication.
Reference: /oauth2/idtokeninfo :: AM 7.4.0
Let us know if this works for you.