On the Manage Policy screen, enter the required information and configure optional settings for ID tokens issued under this policy.
- Enter the policy identifier in the Policy ID field.
- Enter the policy name in the Name field.
- Select an access token management instance from the Access Token Manager list.
- Optional:
Define the expiry information (in minutes) for ID tokens issued based on this
policy in the ID Token Lifetime field.
The default value is
5
(minutes). - Optional: Select the Include Session Identifier in ID Token check box to add a session identifier (pi.sri) in the ID tokens.
- Optional:
Select the Include User Info in ID Token check box to
include additional attributes in the ID tokens.
Tip:
Alternatively, OAuth clients can obtain additional attributes from the UserInfo endpoint at /idp/userinfo.openid (see UserInfo endpoint).
- Optional:
Select the Include State Hash in ID Token check box to
include the s_hash claim in ID tokens.
Note:
A state hash protects the state parameter by binding it to the ID token. For more information, refer to Financial Services – Financial API - Part 2: Read and Write API Security Profile from OpenID Foundation (openid.net/specs/openid-financial-api-part-2.html).
- Optional: Select the Return ID Token On Refresh Grant checkbox to return an ID token for OpenID Connect to Salesforce and Kubernetes when the OAuth access token is refreshed.