
GlebR.51616 (Customer) asked a question.
We have a service that calls userinfo which requires and access token. We tried generating an access token by using the token endpoint with grant type as client credentials and a custom scope but are receiving an error and here are parts of the message since I could not past the whole thing due to formatting restrictions
scope openid insufficient_scope The access token provided does not contain the required scopes
I've read that the client credentials grant does not contain an openid token so is not the right flow for creating a token that userinfo can use. Is that correct and are there other flows we can use that DO NOT require a separate redirect endpoint?

Hi @GlebR.51616 (Customer) , Thank you for reaching out to the Okta Community!
If you haven't seen this post already, perhaps it will offer some useful information for your use case.
https://devforum.okta.com/t/how-to-get-more-claims-in-userinfo-endpoint/3559
My advice would be to reach out to the devforum.okta.com to take advantage of their expertise.
While we'll do our best to answer all of your questions here, this medium is more inclined towards Okta core products.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
The Okta Community November newsletter is here. Get product updates and see our top contributing members.
Thanks but I didn't see anything there for my use case. I've tried passing openid as a scope but get an error that the passed-in scope is not allowed. I'm following this flow which says only custom scopes can be passed in https://developer.okta.com/docs/guides/implement-grant-type/clientcreds/main/#request-for-token