On the Manage Policy tab, enter the required information and configure optional settings for ID tokens issued under this policy.
- Go to Applications > OAuth > OpenID Connect Policy Management and click Add Policy.
- In the Policy ID field, enter the policy identifier.
- In the Name field, enter the policy name.
- From the Access Token Manager list, select an access token management instance.
- Optional:
In minutes, define the expiry information for ID tokens issued based on this policy
in the ID Token Lifetime field.
The default value is
5
minutes. - Optional: Select the Include Session Identifier in ID Token check box to add a session identifier (pi.sri) in the ID tokens.
- Optional:
Select the Include User Info in ID Token check box to
include additional attributes in the ID tokens.
Tip:
OAuth clients can also obtain additional attributes from the UserInfo endpoint at /idp/userinfo.openid. For more information, see UserInfo endpoint.
- Optional:
Select the Include State Hash in ID Token check box to
include the s_hash claim in ID tokens.
Note:
A state hash protects the state parameter by binding it to the ID token. For more information, see Financial Services – Financial API - Part 2: Read and Write API Security Profile.
- Optional: Select the Return ID Token On Refresh Grant checkbox to return an ID token for OpenID Connect to Salesforce and Kubernetes when the OAuth access token is refreshed.