Add ConvertOnlyMultiValuedClaimsToArray config for selective multi-valued claim handling

[PasinduYeshan]

Purpose

Resolves wso2/product-is#27652.

Exposes the opt-in config key oauth.oidc.convert_only_multi_valued_claims_to_array (default false) in the identity.xml.j2 template and the identity-core feature default JSON, so it can be set via deployment.toml:

[oauth.oidc]
convert_only_multi_valued_claims_to_array = true

When true, a claim value containing the multi-attribute separator is emitted as a JSON array in JWT access tokens, ID tokens and the UserInfo response only when the claim's local-claim metadata has multiValued=true. Default false preserves the legacy comma-split behaviour unchanged.

Related PR

Consuming logic: wso2-extensions/identity-inbound-auth-oauth#3255

Doc

New config key; default false → no behavioural change for existing deployments.

🤖 Generated with Claude Code

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: acbcf7c1-4cce-4c3f-ae14-f713db23a7ff

📥 Commits

Reviewing files that changed from the base of the PR and between 9073bb7 and b0ae69b.

📒 Files selected for processing (2)

• features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2
• features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json

---

📝 Walkthrough

Walkthrough

Two configuration files are updated to introduce a new OIDC setting, ConvertOnlyMultiValuedClaimsToArray, bound to the key oauth.oidc.convert_only_multi_valued_claims_to_array. The default value is set to false in the feature default JSON, and the corresponding element is added to the <OpenIDConnect> block in identity.xml.j2.

OIDC Multi-Valued Claims Config

Layer / File(s)	Summary
OIDC config template and default value features/identity-core/.../identity.xml.j2, features/identity-core/.../org.wso2.carbon.identity.core.server.feature.default.json	Adds the <ConvertOnlyMultiValuedClaimsToArray> element inside <OpenIDConnect> in the Jinja2 template, and registers oauth.oidc.convert_only_multi_valued_claims_to_array with a default of false in the feature defaults JSON.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is incomplete. It lacks required sections including Goals, Approach, User Stories, Release Notes, Documentation, Training, Certification, Marketing, Automation Tests, Security Checks, Samples, Migrations, and Test Environment.	Complete all required sections from the template, especially Goals, Release Notes, Automation Tests (with code coverage), and Security Checks (secure coding standards, FindSecurityBugs verification, and secrets confirmation).

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding a new OIDC configuration option for selective multi-valued claim handling, which aligns with the changeset.
Linked Issues check	✅ Passed	The PR successfully exposes the required configuration option to resolve issue #27652. The new config key oauth.oidc.convert_only_multi_valued_claims_to_array enables selective multi-valued claim handling based on claim metadata, directly addressing the issue's requirement.
Out of Scope Changes check	✅ Passed	All changes are in-scope: adding the configuration option to identity.xml.j2 template and feature default JSON files, which are necessary to expose and expose the feature described in the linked issue.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 52.95%. Comparing base (0ebc488) to head (b0ae69b).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff            @@
##             master    #8157   +/-   ##
=========================================
  Coverage     52.95%   52.95%           
+ Complexity    20988    20932   -56     
=========================================
  Files          2186     2186           
  Lines        129041   129041           
  Branches      19224    19224           
=========================================
  Hits          68328    68328           
  Misses        52394    52394           
  Partials       8319     8319           

Flag	Coverage Δ
unit	38.12% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.