#OIDC

With the oidc.conf file you can setup OIDC login to enable wallet account authentication using an external OIDC server, like e.g. Keycloak.

#Example

oidc.conf

# This configuration file is used for setting up OIDC login
# with an OIDC server for the Web Wallet.
#
# OIDC in this file is exclusively related to login/authentication with the Web Wallet.
# It does not refer to any OIDC credential exchange protocol.

# This example configuration can be used for Keycloak.

# enable/disable OIDC login (backend functionality - separately enable/disable in frontend)
publicBaseUrl = "http://localhost:7101"

providerName = keycloak
# Enter the realm URL
oidcRealm = "http://0.0.0.0:8080/realms/waltid-keycloak-ktor"
# JWKS (to verify access keys the user claims to received through OIDC server)
oidcJwks = "${oidcRealm}/protocol/openid-connect/certs"
oidcScopes = ["roles"]
authorizeUrl = "${oidcRealm}/protocol/openid-connect/auth"
accessTokenUrl = "${oidcRealm}/protocol/openid-connect/token"
logoutUrl = "${oidcRealm}/protocol/openid-connect/logout"

clientId = "waltid_backend"
clientSecret = "**********"

# Keycloak authentication strategy
keycloakUserApi = "http://0.0.0.0:8080/admin/realms/waltid-keycloak-ktor/users"

# JWKS is cached:
jwksCache = {
    cacheSize = 10
    cacheExpirationHours = 24
    rateLimit: {
        bucketSize: 10
        refillRateMinutes: 1
    }
}

Key generation defaults Trusted CA