Error in authentication flow using Keycloak

6 0 4

We are trying to integrate our app which is using Keycloak to handle the authentication flow. During the handshake Keycloak is adding 'openid' as an additional access scope. There's no way to prevent this from being added. Furthermore according to jBoss's issue (see this is actually correct and according to the Oauth framework. They argue that the IdP should be ignoring this additional scope if it doesn't require it.


Unfortunately Shopify doesn't ignore it but instead throws an error:

"Oauth error invalid_scope: The access scope is invalid: openid"


Is this a known issue and is there any plan to fix this on Shopify's side? Or does anyone have a workaround for this problem?


Thanks for any hints in advance!




1 Like
New Member
1 0 1

Hello Matthias,


Have you been able to solve this problem ?


I'm trying to do the same as you.


Kind regards,


1 Like
New Member
1 0 0

Hello Matthias,


Did you manage to make it work ?

I have to delegate the shopify authentication  to keycloak ?


Thanks and have a nice day.