In this section we look at the configuration of the OIDC Manager sub module.
If you haven't already, you may want to familiarize yourself with the basic , the and the , in the previous sections, before moving on.
IDP configuration
The configuration of the OIDC manager can be adapted, by modifying the file
config/idp-config.json
External URL
Configure the URL via which the IDP/OIDC API will be reachable from an external source (i.e. from the client application):
Copy {
"externalUrl": "https://idp.walt-test.cloud",
[...]
}
Signature key for issued tokens
By default, the OIDC Manager creates an RSA key for RS256 token signatures on first startup.
To enforce a certain key or key/signature type, specify the key id in the configuration file like this:
Copy {
[...]
"keyId": "715b3ebf65074f1183a48c4b7c8e311c",
[...]
}
Open client registration
To allow unauthenticated client registration via the dynamic client registration API, specify the following configuration option:
Copy {
[...]
"openClientRegistration": true,
[...]
}
Fallback authorization mode
If the authorization mode, SIOP
or NFT
, can not be derived from the scopes and claims specified in the authorization request by the client application, or the request is ambiguous, the IDP Kit will choose the preferred mode based on this configuration option:
Copy {
[...]
"fallbackAuthorizationMode": "SIOP",
[...]
}
Claim configuration
To configure how the IDP Kit maps the scopes and claims from the authorization request to verifiable presentation requests for SSI, or NFT claims, one can define claim mappings and default claims in the claim configuration object. E.g.:
Copy {
[...]
"claimConfig": {
"vc_mappings": [
{
"scope": [ "profile" ],
"claim": "name",
"credentialType": "VerifiableId",
"valuePath": "$.credentialSubject.firstName $.credentialSubject.familyName"
}
[...]
],
"nft_mappings": [
{
"scope": [ "profile" ],
"claim": "name",
"chain": "POLYGON",
"smartContractAddress": "0x12345678901234567890",
"trait": "name"
}
],
"default_nft_token_claim": {
"chain": "POLYGON",
"smartContractAddress": "0x12345678901234567890"
},
"default_vp_token_claim": {
"presentation_definition": {
"id": "1",
"input_descriptors": [
{
"id": "1",
"constraints": {
"fields": [
{
"id": "1",
"path": [ "$.type" ],
"filter": { "const": "VerifiableId" }
}
]
}
}
]
}
}
}
[...]
}
Configuration example
Here's a complete example for the idp-config.json :
Copy {
"externalUrl": "https://idp.walt-test.cloud",
"keyId": "715b3ebf65074f1183a48c4b7c8e311c",
"openClientRegistration": false,
"fallbackAuthorizationMode": "SIOP",
"claimConfig": {
"vc_mappings": [
{
"scope": [ "profile" ],
"claim": "name",
"credentialType": "VerifiableId",
"valuePath": "$.credentialSubject.firstName $.credentialSubject.familyName"
},
{
"scope": [ "profile" ],
"claim": "family_name",
"credentialType": "VerifiableId",
"valuePath": "$.credentialSubject.familyName"
},
{
"scope": [ "profile" ],
"claim": "given_name",
"credentialType": "VerifiableId",
"valuePath": "$.credentialSubject.firstName"
},
{
"scope": [ "profile" ],
"claim": "gender",
"credentialType": "VerifiableId",
"valuePath": "$.credentialSubject.gender"
},
{
"scope": [ "profile" ],
"claim": "birthdate",
"credentialType": "VerifiableId",
"valuePath": "$.credentialSubject.dateOfBirth"
},
{
"scope": [ "address" ],
"claim": "address",
"credentialType": "VerifiableId",
"valuePath": "$.credentialSubject.currentAddress[0]"
}
],
"default_nft_token_claim": {
"chain": "POLYGON",
"smartContractAddress": "0x21dd9b1913d84ab295fdf19834b0b6824a5912ca"
},
"default_vp_token_claim": {
"presentation_definition": {
"id": "1",
"input_descriptors": [
{
"id": "1",
"constraints": {
"fields": [
{
"id": "1",
"path": [ "$.type" ],
"filter": { "const": "VerifiableId" }
}
]
}
}
]
}
}
}
}