Identity Server 5.4.0 provides more control over issuing id tokens and user claims for client-credential grant type. To facilitate this, the following configurations should be added to the
<IS_HOME>/repository/conf/identity/identity.xml file in order to register new
<ScopeValidator class="org.fully.qualified.class.name.ExtendedScopeValidator" scopesToSkip="scope1 scope2">
By making <IdTokenAllowed> 'true' or 'false' Further, by configuring the
<IdTokenAllowed> property to
false along with the above configuration, you can turn on or turn off the process of issuing id ID tokens on/off for the grant types with 'that have the
openid' scope. ( By default,
IdTokenAllowed is set to '
true', you can allow it to issue
id_tokens for all grant types with 'that have the
openid' scope). By making this configuring it to false, you can stop issuing id ID tokens. Anyway for
Note: You can not turn off the process of issuing ID tokens for the
authorization_code, you cannot turn off issuing id tokens grant type.
By making configuring the
<IsRefreshTokenAllowed> ' property to
true' or '
false' along with the above configuration, you can turn on or turn on the process of issuing refresh tokens on/off. ( By default,
IsRefreshTokenAllowed is set to '
you can allow it to issue refresh tokens for all grant types). By making this configuring it to
false, you can stop issuing refresh tokens.
Note: By default, issuing ID token for
client_credentials grant type is disabled as it is logically invalid.
|Note that issuing id token is disabled for client_credentials grant type by default.|