LogoLogo
ProductsCommunityGitHubShare Feedback
IDP Kit
IDP Kit
  • What is the IDP Kit?
    • Introduction
    • IDP Kit
      • IDP Kit | Basics
        • Overview
        • Functionality
      • Architecture
  • Getting started
    • Quick Start
    • CLI | Command Line Interface
    • REST APIs
    • Dependency (JVM)
    • Public deployments
    • Build
      • Docker
  • Demos
    • Try Login With NFT
  • Tutorials
    • Login with NFTs | Next.js
      • IDP Kit Setup
      • Client Registration
      • NFT Collection Configuration
      • Next.js
    • Login with NFTs | Keycloak
      • IDP Kit Setup
      • Client Registration
      • NFT Collection Configuration
      • Keycloak (18.0.2)
      • Keycloak (>19.0.1)
      • Frontend - Next.js
    • Login with SSI | Next.js
      • IDP Kit Setup
      • Client Registration
      • Verifiable Credential Config
      • Next.js
  • Configuration and Setup
    • IDP Kit configuration and setup
    • OIDC Manager configuration
      • Keys and signatures
      • Client registration
      • Client authentication
      • Claim configuration
    • SIOP Manager configuration
    • NFT Manager configuration
  • Concepts
    • OIDC Authentication - Recap
    • Identity provision via SSI
    • Identity provision via NFTs
      • EVM | Identity Provision
        • Sign in With Ethereum (SIWE)
      • Tezos | Identity provision via NFTs
        • Sign-In with Tezos (SIWT)
      • Near | Identity provision via NFTs
        • Sign-in with Near Protocol (SIWN)
      • Polkadot | Identity provision via NFTs
        • Sign-in with Polkadot (SIWP)
      • Flow | Identity provision via NFTs
        • Sign-in with Flow (SIWF)
      • Algorand | Identity provision via NFTs
        • Sign-in with Algorand (SIWA)
    • IAM / KeyCloak integration
  • Community
    • Discord
    • Twitter
    • Newsletter
    • GitHub Discussions
  • DEVELOPER RELATIONS
    • Contribute
    • Roadmap
    • Share Feedback
    • Contact
  • Product Editions
    • Open Source | Always Free
    • Enterprise
    • Cloud Platform
Powered by GitBook
On this page
  • IDP configuration
  • External URL
  • Signature key for issued tokens
  • Open client registration
  • Fallback authorization mode
  • Claim configuration
  • Configuration example

Was this helpful?

Export as PDF
  1. Configuration and Setup

OIDC Manager configuration

PreviousIDP Kit configuration and setupNextKeys and signatures

Last updated 1 month ago

Was this helpful?

In this section we look at the configuration of the OIDC Manager sub module.

If you haven't already, you may want to familiarize yourself with the basic , the and the , in the previous sections, before moving on.

IDP configuration

The configuration of the OIDC manager can be adapted, by modifying the file

config/idp-config.json

External URL

Configure the URL via which the IDP/OIDC API will be reachable from an external source (i.e. from the client application):

{
  "externalUrl": "https://idp.walt-test.cloud",
[...]
}

Signature key for issued tokens

By default, the OIDC Manager creates an RSA key for RS256 token signatures on first startup.

To enforce a certain key or key/signature type, specify the key id in the configuration file like this:

{
  [...]
  "keyId": "715b3ebf65074f1183a48c4b7c8e311c",
  [...]
}

Open client registration

To allow unauthenticated client registration via the dynamic client registration API, specify the following configuration option:

{
  [...]
  "openClientRegistration": true,
  [...]
}

Fallback authorization mode

If the authorization mode, SIOP or NFT, can not be derived from the scopes and claims specified in the authorization request by the client application, or the request is ambiguous, the IDP Kit will choose the preferred mode based on this configuration option:

{
  [...]
  "fallbackAuthorizationMode": "SIOP",
  [...]
}

Claim configuration

To configure how the IDP Kit maps the scopes and claims from the authorization request to verifiable presentation requests for SSI, or NFT claims, one can define claim mappings and default claims in the claim configuration object. E.g.:

{
  [...]
  "claimConfig": {
    "vc_mappings": [
      {
        "scope": [ "profile" ],
        "claim": "name",
        "credentialType": "VerifiableId",
        "valuePath": "$.credentialSubject.firstName $.credentialSubject.familyName"
      }
      [...]
    ],
    "nft_mappings": [
      {
        "scope": [ "profile" ],
        "claim": "name",
        "chain": "POLYGON",
        "smartContractAddress": "0x12345678901234567890",
        "trait": "name"
      }
    ],
    "default_nft_token_claim": {
      "chain": "POLYGON",
      "smartContractAddress": "0x12345678901234567890"
    },
    "default_vp_token_claim": {
      "presentation_definition": {
        "id": "1",
        "input_descriptors": [
          {
            "id": "1",
            "constraints": {
              "fields": [
                {
                  "id": "1",
                  "path": [ "$.type" ],
                  "filter": { "const":  "VerifiableId" }
                }
              ]
            }
          }
        ]
      }
    }
  }
  [...]
}

Configuration example

Here's a complete example for the idp-config.json:

{
  "externalUrl": "https://idp.walt-test.cloud",
  "keyId": "715b3ebf65074f1183a48c4b7c8e311c",
  "openClientRegistration": false,
  "fallbackAuthorizationMode": "SIOP",
  "claimConfig": {
    "vc_mappings": [
      {
        "scope": [ "profile" ],
        "claim": "name",
        "credentialType": "VerifiableId",
        "valuePath": "$.credentialSubject.firstName $.credentialSubject.familyName"
      },
      {
        "scope": [ "profile" ],
        "claim": "family_name",
        "credentialType": "VerifiableId",
        "valuePath": "$.credentialSubject.familyName"
      },
      {
        "scope": [ "profile" ],
        "claim": "given_name",
        "credentialType": "VerifiableId",
        "valuePath": "$.credentialSubject.firstName"
      },
      {
        "scope": [ "profile" ],
        "claim": "gender",
        "credentialType": "VerifiableId",
        "valuePath": "$.credentialSubject.gender"
      },
      {
        "scope": [ "profile" ],
        "claim": "birthdate",
        "credentialType": "VerifiableId",
        "valuePath": "$.credentialSubject.dateOfBirth"
      },
      {
        "scope": [ "address" ],
        "claim": "address",
        "credentialType": "VerifiableId",
        "valuePath": "$.credentialSubject.currentAddress[0]"
      }
    ],
    "default_nft_token_claim": {
      "chain": "POLYGON",
      "smartContractAddress": "0x21dd9b1913d84ab295fdf19834b0b6824a5912ca"
    },
    "default_vp_token_claim": {
      "presentation_definition": {
        "id": "1",
        "input_descriptors": [
          {
            "id": "1",
            "constraints": {
              "fields": [
                {
                  "id": "1",
                  "path": [ "$.type" ],
                  "filter": { "const":  "VerifiableId" }
                }
              ]
            }
          }
        ]
      }
    }
  }
}

Go to section for details on how to create keys and on supported signature types.

See also section for more details about registering and managing clients.

See section for details about this configuration object and the available options.

Keys and signatures
Client registration
Claim mapping
IDP Kit Configuration
Command Line Interface
Data Root