Get Id Token without session in the Authorisation Grant Flow

Advance apologies if this question sounds stupid :grinning:

Wondering if there is a way to get the Id Token just by passing user Id (instead of the session token) in the Authorisation Grant Flow

I understand the whole point of auth grant flow is to first authenticate and then use that token to invoke the /authorize and get any tokens (ID Token etc…)

However, am evaluating a niche use case and just wondering if we can get the ID Token without the SSO Token and just by the user Id ?

Hi @joshfr,

Thanks for reaching out to the Community.

BTW, there is no such thing as a stupid question. :slightly_smiling_face:

As you mentioned, by default the client must authenticate to use the /oauth2/idtokeninfo endpoint.

However, this can be disabled in the OAuth 2.0 provider configuration. In the AM admin UI, go to Realms > Realm Name > Services > OAuth2 Provider > Advanced OpenID Connect and disable Idtokeninfo Endpoint Requires Client Authentication.

Reference: /oauth2/idtokeninfo :: AM 7.4.0

Let us know if this works for you.

Warm Regards,

1 Like