Skip to content

[OID4VCI] Remove signed metadata toggle from admin UI #47515

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mposolda merged 4 commits into from
Mar 27, 2026
Merged

[OID4VCI] Remove signed metadata toggle from admin UI #47515

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
f045815
fix(admin-ui): always show oid4vci signed metadata settings
Ogenbertrand Mar 27, 2026
31d2369
test(admin-ui): cover oid4vci signed metadata defaults
Ogenbertrand Mar 27, 2026
6be56fa
chore(admin-ui): remove unused oid4vci toggle translations
Ogenbertrand Mar 27, 2026
52ebb99
Merge branch 'main' into issue-47476
Ogenbertrand Mar 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions ...dmin-ui/maven-resources-community/theme/keycloak.v2/admin/messages/messages_es.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3582,8 +3582,6 @@ oid4vciNonceLifetimeHelp=La vida útil del nonce OID4VCI.
preAuthorizedCodeLifespan=Duración del código preautorizado
preAuthorizedCodeLifespanHelp=La vida útil del código preautorizado.
oid4vciFormValidationError=Asegúrese de que los campos de atributo OID4VCI estén llenos con valores de 30 segundos o más.
signedIssuerMetadata=Metadatos del emisor firmado
signedIssuerMetadataHelp=Habilitar la firma de los metadatos del emisor. Al habilitar esta opción, los metadatos del emisor se firmarán con el algoritmo de firma configurado.
signedMetadataLifespan=Duración de los metadatos firmados
signedMetadataLifespanHelp=La vida útil de los metadatos firmados. Transcurrido este tiempo, caducarán.
signedMetadataSigningAlgorithm=Algoritmo de firma de metadatos firmados
Expand Down
2 changes: 0 additions & 2 deletions ...dmin-ui/maven-resources-community/theme/keycloak.v2/admin/messages/messages_fr.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3644,8 +3644,6 @@ smtpSocketReadTimeoutHelp=Le timeout en millisecondes pour la lecture depuis le
smtpSocketWriteTimeoutHelp=Le timeout en millisecondes pour l'écriture vers le serveur SMTP.
jwtAuthorizationGrantLimitAccessTokenExp=Limiter l'expiration du jeton d'accès
jwtAuthorizationGrantLimitAccessTokenExpHelp=Si activé, la durée de vie du jeton d'accès sera limitée à l'expiration de l'assertion JWT, seulement si l'expiration de l'assertion JWT est plus petite que l'expiration calculée du jeton d'accès.
signedIssuerMetadata=Les métadonnées signées de l'émetteur
signedIssuerMetadataHelp=Activer la signature des métadonnées de l'émetteur. Quand activé, les métadonnées de l'émetteur seront signées avec l'algorithme de signature configuré.
signedMetadataLifespan=Durée de vie des métadonnées signées
signedMetadataLifespanHelp=La durée de vie des métadonnées signées. Après cette durée, les métadonnées signées expireront.
signedMetadataSigningAlgorithm=Algorithme de signature des métadonnées signées
Expand Down
2 changes: 0 additions & 2 deletions ...dmin-ui/maven-resources-community/theme/keycloak.v2/admin/messages/messages_ru.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3599,8 +3599,6 @@ referrerPolicyHelp=Значение по умолчанию предотвращ
includeInOpenIdProviderMetadata=Включить в метаданные OpenID Provider
includeInOpenIdProviderMetadataHelp=Если включено, эта клиентская область будет включена в метаданные OpenID Provider.
repeatHelp=Определяет, как задаётся временное ограничение политики. Если «Не повторять», политика предоставляется только между временем начала и окончания. Если «Повторять», вы можете дополнительно ограничить политику конкретными повторяющимися временными периодами, такими как диапазоны месяцев, дней, часов и минут.
signedIssuerMetadata=Подписанные метаданные издателя
signedIssuerMetadataHelp=Включить подписывание метаданных издателя. Когда включено, метаданные издателя будут подписаны с использованием настроенного алгоритма подписи.
signedMetadataLifespan=Срок действия подписанных метаданных
signedMetadataLifespanHelp=Время жизни подписанных метаданных. По истечении этого времени подписанные метаданные истекут.
signedMetadataSigningAlgorithm=Алгоритм подписи подписанных метаданных
Expand Down
2 changes: 0 additions & 2 deletions ...dmin-ui/maven-resources-community/theme/keycloak.v2/admin/messages/messages_sv.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3631,8 +3631,6 @@ oid4vciNonceLifetimeHelp=Livslängden för OID4VCI-noncen.
preAuthorizedCodeLifespan=Förhandsauktoriserad kod Livslängd
preAuthorizedCodeLifespanHelp=Livslängden för den förauktoriserade koden.
oid4vciFormValidationError=Se till att attributfälten för OID4VCI fylls i med värden som är 30 sekunder eller större.
signedIssuerMetadata=Metadata för signerad utfärdare
signedIssuerMetadataHelp=Aktivera signering av emittentens metadata. När detta är aktiverat kommer utfärdarens metadata att signeras med hjälp av den konfigurerade signeringsalgoritmen.
signedMetadataLifespan=Livslängd för signerade metadata
signedMetadataLifespanHelp=Livslängden för de signerade metadata. Efter denna tid kommer de signerade metadata att upphöra att gälla.
signedMetadataSigningAlgorithm=Signerade metadata Signeringsalgoritm
Expand Down
2 changes: 0 additions & 2 deletions ...dmin-ui/maven-resources-community/theme/keycloak.v2/admin/messages/messages_tr.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3645,8 +3645,6 @@ smtpSocketReadTimeout=Soket okuma zaman aşımı
smtpSocketReadTimeoutHelp=SMTP sunucusundan okuma için milisaniye cinsinden zaman aşımı.
smtpSocketWriteTimeout=Soket yazma zaman aşımı
smtpSocketWriteTimeoutHelp=SMTP sunucusuna yazma için milisaniye cinsinden zaman aşımı.
signedIssuerMetadata=İmzalanmış Issuer Meta Verisi
signedIssuerMetadataHelp=Issuer meta verisinin imzalanmasını etkinleştirir. Etkinleştirildiğinde, issuer meta verisi yapılandırılmış imzalama algoritması kullanılarak imzalanır.
signedMetadataLifespan=İmzalanmış Meta Veri Geçerlilik Süresi
signedMetadataLifespanHelp=İmzalanmış meta verinin geçerlilik süresi. Bu süreden sonra imzalanmış meta verinin süresi dolar.
signedMetadataSigningAlgorithm=İmzalanmış Meta Veri İmzalama Algoritması
Expand Down
2 changes: 0 additions & 2 deletions ...ui/maven-resources-community/theme/keycloak.v2/admin/messages/messages_zh_Hans.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3647,8 +3647,6 @@ credentialDisplayHelp=包含钱包显示元数据(如名称、Logo、背景色
jwtAuthorizationGrantLimitAccessTokenExp=有限访问令牌的有效期
jwtAuthorizationGrantLimitAccessTokenExpHelp=如果启用此功能,访问令牌的有效期将受限于 JWT 断言的有效期,但前提是 JWT 断言的有效期短于计算出的访问令牌有效期。
repeatHelp=指定策略时间限制的定义方式。如果选择“不重复”,则策略仅在开始时间和结束时间之间有效。如果选择“重复”,则可以进一步将策略限制在特定的重复时间段内,例如按月、日、小时和分钟范围进行限制。
signedIssuerMetadata=已签名的签发方元数据
signedIssuerMetadataHelp=启用签发方元数据签名功能。启用后,签发方元数据将使用配置的签名算法进行签名。
signedMetadataLifespan=已签名元数据的有效期
signedMetadataLifespanHelp=已签名元数据的有效期。超过此时间后,已签名元数据将失效。
signedMetadataSigningAlgorithm=已签名元数据的签名算法
Expand Down
2 changes: 0 additions & 2 deletions ...ui/maven-resources-community/theme/keycloak.v2/admin/messages/messages_zh_Hant.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3638,8 +3638,6 @@ claimDisplayLocalePlaceholder=例如,英文、德文、法文
addClaimDisplay=添加顯示條目
removeClaimDisplay=移除顯示條目
noClaimDisplayEntries=沒有顯示條目。顯示條目在錢包應用程式裡面給不同的語系提供了使用者友善的聲明名稱。
signedIssuerMetadata=已簽署的發行者元資料
signedIssuerMetadataHelp=啟用發行者元資料簽署。當啟用時,發行者元資料將會使用設定好的簽署算法進行簽署。
signedMetadataLifespan=簽署元資料持續時間
signedMetadataLifespanHelp=簽署元資料的時間。超過這個時間後,簽署的元資料將會過期。
jwtAuthorizationGrantLimitAccessTokenExp=有限存取權杖的效期
Expand Down
2 changes: 0 additions & 2 deletions js/apps/admin-ui/maven-resources/theme/keycloak.v2/admin/messages/messages_en.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3656,8 +3656,6 @@ oid4vciNonceLifetimeHelp=The lifetime of the OID4VCI nonce.
preAuthorizedCodeLifespan=Pre-Authorized Code Lifespan
preAuthorizedCodeLifespanHelp=The lifespan of the pre-authorized code.
oid4vciFormValidationError=Please ensure the OID4VCI attribute fields are filled with values 30 seconds or greater.
signedIssuerMetadata=Signed Issuer Metadata
signedIssuerMetadataHelp=Enable signing of the issuer metadata. When enabled, the issuer metadata will be signed using the configured signing algorithm.
signedMetadataLifespan=Signed Metadata Lifespan
signedMetadataLifespanHelp=The lifetime of the signed metadata. After this time, the signed metadata will expire.
signedMetadataSigningAlgorithm=Signed Metadata Signing Algorithm
Expand Down
69 changes: 24 additions & 45 deletions js/apps/admin-ui/src/realm-settings/TokensTab.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,14 +94,6 @@ export const RealmSettingsTokensTab = ({
defaultValue: false,
});

const signedMetadataEnabled = useWatch({
control,
name: convertAttributeNameToForm(
"attributes.oid4vci.signed_metadata.enabled",
),
defaultValue: realm.attributes?.["oid4vci.signed_metadata.enabled"],
});

const encryptionRequired = useWatch({
control,
name: convertAttributeNameToForm("attributes.oid4vci.encryption.required"),
Expand Down Expand Up @@ -703,46 +695,33 @@ export const RealmSettingsTokensTab = ({
min={30}
units={["second", "minute", "hour"]}
/>
<DefaultSwitchControl
<TimeSelectorControl
name={convertAttributeNameToForm(
"attributes.oid4vci.signed_metadata.enabled",
"attributes.oid4vci.signed_metadata.lifespan",
)}
label={t("signedIssuerMetadata")}
labelIcon={t("signedIssuerMetadataHelp")}
stringify
data-testid="signed-metadata-switch"
label={t("signedMetadataLifespan")}
labelIcon={t("signedMetadataLifespanHelp")}
controller={{
defaultValue: 60,
}}
units={["second", "minute", "hour"]}
data-testid="signed-metadata-lifespan"
/>
<SelectControl
name={convertAttributeNameToForm(
"attributes.oid4vci.signed_metadata.alg",
)}
label={t("signedMetadataSigningAlgorithm")}
labelIcon={t("signedMetadataSigningAlgorithmHelp")}
controller={{
defaultValue: "RS256",
}}
options={asymmetricSigAlgOptions.map((p) => ({
key: p,
value: p,
}))}
data-testid="signed-metadata-signing-algorithm"
/>
{signedMetadataEnabled === "true" && (
<>
<TimeSelectorControl
name={convertAttributeNameToForm(
"attributes.oid4vci.signed_metadata.lifespan",
)}
label={t("signedMetadataLifespan")}
labelIcon={t("signedMetadataLifespanHelp")}
controller={{
defaultValue: 60,
}}
units={["second", "minute", "hour"]}
data-testid="signed-metadata-lifespan"
/>
<SelectControl
name={convertAttributeNameToForm(
"attributes.oid4vci.signed_metadata.alg",
)}
label={t("signedMetadataSigningAlgorithm")}
labelIcon={t("signedMetadataSigningAlgorithmHelp")}
controller={{
defaultValue: "RS256",
}}
options={asymmetricSigAlgOptions.map((p) => ({
key: p,
value: p,
}))}
data-testid="signed-metadata-signing-algorithm"
/>
</>
)}
<DefaultSwitchControl
name={convertAttributeNameToForm(
"attributes.oid4vci.encryption.required",
Expand Down
10 changes: 6 additions & 4 deletions js/apps/admin-ui/test/realm-settings/oid4vci-attributes.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -253,16 +253,18 @@ test("should save signed metadata, encryption, and batch issuance settings", asy
const signedMetadataSwitch = page.getByTestId(
"attributes.oid4vci.signed_metadata.enabled",
);
await signedMetadataSwitch.click({ force: true });
await expect(signedMetadataSwitch).toHaveCount(0);

const signedMetadataLifespan = page.getByTestId(
"attributes.oid4vci🍺signed_metadata🍺lifespan",
);
await expect(signedMetadataLifespan).toBeVisible();
await signedMetadataLifespan.fill("120");

const signedMetadataAlgField = page.locator(
'[id="attributes.oid4vci🍺signed_metadata🍺alg"]',
);
await expect(signedMetadataAlgField).toBeVisible();
await selectItem(page, signedMetadataAlgField, "ES256");

const requireEncryptionSwitch = page.getByTestId(
Expand All @@ -282,9 +284,9 @@ test("should save signed metadata, encryption, and batch issuance settings", asy
).toBeVisible();

const realmData = await adminClient.getRealm(testBed.realm);
expect(realmData?.attributes?.["oid4vci.signed_metadata.enabled"]).toBe(
"true",
);
expect(
realmData?.attributes?.["oid4vci.signed_metadata.enabled"],
).toBeUndefined();
expect(realmData?.attributes?.["oid4vci.signed_metadata.lifespan"]).toBe(
"7200",
);
Expand Down
Loading