Hi. I had the same problem upgrading from 1.19.2. Investigation shows that if you add all "Default Client Scopes" and "Optional Client Scopes" to the Keycloak Client-ID configuration as specified in the nifi.security.user.oidc.client.id then the error will be bypassed. It appears NIFI is retrieving a list of all available client scopes for the client id, and expects them all to be assigned. I tested this against Keycloak 18.0.2 and 20.0.5 and the behaviour is the same. I suggest that this is a NIFI bug as we shouldn't be forced to assign all available client scopes to the client id
... View more
