OIDC provider configuration
To set the OAuth 2.0 provider configuration, under Native Consoles > Access Management, go to Realms > Realm Name > Services > OAuth2 Provider.
Refer to the OAuth2 Provider reference section for details on each configuration property.
Configure the public keys for the provider
OPs sign ID tokens so that clients can ensure their authenticity. Identity Cloud exposes the URI where clients can check the signing public keys to verify the ID token signatures.
Enable the OIDC Provider Discovery endpoint
The discovery endpoint is enabled by default. Enable the endpoint if your clients need to discover the URL of the OP for a given user.
Configure pairwise subject types for dynamic registration
To provide different values to the
Also, change the default value of the Subject Identifier Hash Salt field on the same tab.
Specify whether Identity Cloud should return scope-derived claims in the ID token
Scope-derived claims, such as those returned when requesting the
Configure how Identity Cloud maps scopes to claims and user profile attributes
Use scripts to map user profile attributes to claims and scopes.
Configure the OP for dynamic application registration and management
Identity Cloud supports several methods of dynamic application registration.
You can also register applications manually.
Add authentication requirements to ID tokens
Require end users to satisfy specific authentication rules or conditions when authenticating to the OP, such as using a specific authentication journey.
Configure Identity Cloud for GSMA Mobile Connect
Configure the OAuth 2.0 authorization server to act as a Mobile Connect provider.
Configure the OP to encrypt ID tokens and logout tokens
By default, ID tokens and backchannel logout tokens are signed. If these tokens carry sensitive information about your end users, consider encrypting them.