This documentation is for WSO2 Identity Server 5.4.0 . View documentation for the latest release.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note

Identity Server 5.4.0 provides more control over issuing id tokens and user claims for client-credential grant type. To facilitate this, the following configurations should be added to the <IS_HOME>/repository/conf/identity/identity.xml file in order to register new ScopeHandlers and ScopeValidators.

Code Block
languagexml
<OAuth>
....
    <ScopeHandlers>
        <ScopeHandler class="org.fully.qualified.class.name.CustomScopeHandler">
           <Property name="foo">foo-value</Property>
        </ScopeHandler>    
    </ScopeHandlers>

    <ScopeValidators>
        <ScopeValidator class="org.fully.qualified.class.name.ExtendedScopeValidator" scopesToSkip="scope1 scope2">
            <Property name="foo-property">foo-value</Property>
        </ScopeValidator>
    <ScopeValidators>

By making <IdTokenAllowed> 'true' or 'false' Further, by configuring the <IdTokenAllowed> property to true or false along with the above configuration, you can turn on or turn off the process of issuing id ID tokens on/off for the grant types with 'that have the openid' scope. ( By default, IdTokenAllowed is set to 'true', you can allow it to issue id_tokens for all grant types with 'that have the openid' scope). By making this configuring it to false, you can stop issuing id ID tokens. Anyway for
Note: You can not turn off the process of issuing ID tokens for the authorization_code, you cannot turn off issuing id tokens grant type.

By making configuring the <IsRefreshTokenAllowed> ' property to true' or 'false' along with the above configuration, you can turn on or turn on the process of issuing refresh tokens on/off. ( By default, IsRefreshTokenAllowed is set to 'true', andyou can allow it to issue refresh tokens for all grant types). By making this configuring it to false, you can stop issuing refresh tokens.
Note: By default, issuing ID token for client_credentials grant type is disabled as it is logically invalid.

Code Block
languagexml
<SupportedGrantType>
    <GrantTypeName>client_credentials</GrantTypeName>
    <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.ClientCredentialsGrantHandler</GrantTypeHandlerImplClass>
    <IsRefreshTokenAllowed>false</IsRefreshTokenAllowed>
    <IdTokenAllowed>false</IdTokenAllowed>
</SupportedGrantType>
Note
Note that issuing id token is disabled for client_credentials grant type by default as it is logically invalid.