OIDC Manager configuration

In this section we look at the configuration of the OIDC Manager sub module.

If you haven't already, you may want to familiarize yourself with the basic IDP Kit Configuration, the Data Root and the Command Line Interface, in the previous sections, before moving on.

IDP configuration

The configuration of the OIDC manager can be adapted, by modifying the file

config/idp-config.json

External URL

Configure the URL via which the IDP/OIDC API will be reachable from an external source (i.e. from the client application):

{
  "externalUrl": "https://idp.walt-test.cloud",
[...]
}

Signature key for issued tokens

By default, the OIDC Manager creates an RSA key for RS256 token signatures on first startup.

To enforce a certain key or key/signature type, specify the key id in the configuration file like this:

{
  [...]
  "keyId": "715b3ebf65074f1183a48c4b7c8e311c",
  [...]
}

Go to section Keys and signatures for details on how to create keys and on supported signature types.

Open client registration

To allow unauthenticated client registration via the dynamic client registration API, specify the following configuration option:

{
  [...]
  "openClientRegistration": true,
  [...]
}

See also section Client registration for more details about registering and managing clients.

Fallback authorization mode

If the authorization mode, SIOP or NFT, can not be derived from the scopes and claims specified in the authorization request by the client application, or the request is ambiguous, the IDP Kit will choose the preferred mode based on this configuration option:

{
  [...]
  "fallbackAuthorizationMode": "SIOP",
  [...]
}

Claim configuration

To configure how the IDP Kit maps the scopes and claims from the authorization request to verifiable presentation requests for SSI, or NFT claims, one can define claim mappings and default claims in the claim configuration object. E.g.:

{
  [...]
  "claimConfig": {
    "vc_mappings": [
      {
        "scope": [ "profile" ],
        "claim": "name",
        "credentialType": "VerifiableId",
        "valuePath": "$.credentialSubject.firstName $.credentialSubject.familyName"
      }
      [...]
    ],
    "nft_mappings": [
      {
        "scope": [ "profile" ],
        "claim": "name",
        "chain": "POLYGON",
        "smartContractAddress": "0x12345678901234567890",
        "trait": "name"
      }
    ],
    "default_nft_token_claim": {
      "chain": "POLYGON",
      "smartContractAddress": "0x12345678901234567890"
    },
    "default_vp_token_claim": {
      "presentation_definition": {
        "id": "1",
        "input_descriptors": [
          {
            "id": "1",
            "constraints": {
              "fields": [
                {
                  "id": "1",
                  "path": [ "$.type" ],
                  "filter": { "const":  "VerifiableId" }
                }
              ]
            }
          }
        ]
      }
    }
  }
  [...]
}

See section Claim mapping for details about this configuration object and the available options.

Configuration example

Here's a complete example for the idp-config.json:

{
  "externalUrl": "https://idp.walt-test.cloud",
  "keyId": "715b3ebf65074f1183a48c4b7c8e311c",
  "openClientRegistration": false,
  "fallbackAuthorizationMode": "SIOP",
  "claimConfig": {
    "vc_mappings": [
      {
        "scope": [ "profile" ],
        "claim": "name",
        "credentialType": "VerifiableId",
        "valuePath": "$.credentialSubject.firstName $.credentialSubject.familyName"
      },
      {
        "scope": [ "profile" ],
        "claim": "family_name",
        "credentialType": "VerifiableId",
        "valuePath": "$.credentialSubject.familyName"
      },
      {
        "scope": [ "profile" ],
        "claim": "given_name",
        "credentialType": "VerifiableId",
        "valuePath": "$.credentialSubject.firstName"
      },
      {
        "scope": [ "profile" ],
        "claim": "gender",
        "credentialType": "VerifiableId",
        "valuePath": "$.credentialSubject.gender"
      },
      {
        "scope": [ "profile" ],
        "claim": "birthdate",
        "credentialType": "VerifiableId",
        "valuePath": "$.credentialSubject.dateOfBirth"
      },
      {
        "scope": [ "address" ],
        "claim": "address",
        "credentialType": "VerifiableId",
        "valuePath": "$.credentialSubject.currentAddress[0]"
      }
    ],
    "default_nft_token_claim": {
      "chain": "POLYGON",
      "smartContractAddress": "0x21dd9b1913d84ab295fdf19834b0b6824a5912ca"
    },
    "default_vp_token_claim": {
      "presentation_definition": {
        "id": "1",
        "input_descriptors": [
          {
            "id": "1",
            "constraints": {
              "fields": [
                {
                  "id": "1",
                  "path": [ "$.type" ],
                  "filter": { "const":  "VerifiableId" }
                }
              ]
            }
          }
        ]
      }
    }
  }
}

PreviousIDP Kit configuration and setup NextKeys and signatures

Last updated 2 years ago

Was this helpful?