I am using Spring Security OAuth2 client application and have provided the below configuration
spring:
security:
oauth2:
client:
registration:
okta:
client-id:
client-secret:
scope: openid
provider:
okta:
authorization-uri: https://dev-7858070.okta.com/oauth2/default/v1/authorize
token-uri: https://dev-7858070.okta.com/oauth2/default/v1/token
user-info-uri: https://dev-7858070.okta.com/oauth2/default/v1/userinfo
jwk-set-uri: https://dev-7858070.okta.com/oauth2/default/v1/keys
I have specified the scope to only openid, but still getting other scopes like profile and email. I want to just get the openid scope. Where am I going wrong?
You can specify multiple scopes by separating them with a comma.
spring:
security:
oauth2:
client:
registration:
okta:
client-id:
client-secret:
scope: openid,profile,email