

Configuring OpenID Connect Authorization Server¶

This topic guides you through configuring the OpenID Connect Authorization Server by configuring the deployment.toml file found in the <IS_HOME>/repository/conf/ directory.

[oauth.oidc.extensions]
id_token_builder= org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder
claim_callback_handler= org.wso2.carbon.identity.openidconnect.SAMLAssertionClaimsCallback
user_info_claim_retriever= org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoUserStoreClaimRetriever
user_info_access_token_validator= org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoISAccessTokenValidator

[oauth.oidc]
user_info.response_type= "json"

[oauth.oidc.id_token]
issuer= ${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token

[oauth.oidc.token_validation]
id_token_validity= 3600

[oauth]
consent_prompt= true

[authentication]
sign_auth_response_with_tenant_of= "user"

The following sub elements are the important configurations for configuring the OpenID Connect Authorization Server.

Element	Description
`issuer`	The value of `issuer` of the `IDToken` . This should be changed according to the deployment values.
`id_token_validity`	The expiration value of the `IDToken` in seconds.
`claim_callback_handler`	This can be used to return extra custom claims with the `IDToken` . You can implement a claims call back handler to push the custom claims to the `IDToken` . This class needs to implement the interface `CustomClaimsCallbackHandler` . You can find the default implementation here as a reference.
`user_info_claim_retriever`	Defines the class which builds the claims for the User Info Endpoint's response. This class needs to implement the interface `UserInfoClaimRetriever` . The default implementation can be found here as a reference.
`user_info.response_type=`	The value that is set to get JWT response from user info endpoint. Change the value as follows: `user_info.response_type= "json"`

Top