OIDC
With the oidc.conf
file you can setup OIDC login to enable wallet account authentication using an external OIDC server,
like e.g. Keycloak.
Example
oidc.conf
# This configuration file is used for setting up OIDC login
# with an OIDC server for the Web Wallet.
#
# OIDC in this file is exclusively related to login/authentication with the Web Wallet.
# It does not refer to any OIDC credential exchange protocol.
# This example configuration can be used for Keycloak.
# enable/disable OIDC login (backend functionality - separately enable/disable in frontend)
publicBaseUrl = "http://localhost:7101"
providerName = keycloak
# Enter the realm URL
oidcRealm = "http://0.0.0.0:8080/realms/waltid-keycloak-ktor"
# JWKS (to verify access keys the user claims to received through OIDC server)
oidcJwks = "${oidcRealm}/protocol/openid-connect/certs"
oidcScopes = ["roles"]
authorizeUrl = "${oidcRealm}/protocol/openid-connect/auth"
accessTokenUrl = "${oidcRealm}/protocol/openid-connect/token"
logoutUrl = "${oidcRealm}/protocol/openid-connect/logout"
clientId = "waltid_backend"
clientSecret = "**********"
# Keycloak authentication strategy
keycloakUserApi = "http://0.0.0.0:8080/admin/realms/waltid-keycloak-ktor/users"
# JWKS is cached:
jwksCache = {
cacheSize = 10
cacheExpirationHours = 24
rateLimit: {
bucketSize: 10
refillRateMinutes: 1
}
}