From b0ae69b1baf14639ebbd4f274f77cd71173b670b Mon Sep 17 00:00:00 2001
From: Pasindu Yeshan <pasinduyeshan98@gmail.com>
Date: Mon, 15 Jun 2026 23:18:15 +0530
Subject: [PATCH] Add ConvertOnlyMultiValuedClaimsToArray config support in
 identity.xml.j2 and feature defaults

Expose the opt-in config key oauth.oidc.convert_only_multi_valued_claims_to_array (default false)
in the identity.xml.j2 template and the feature default JSON so it can be set via deployment.toml.
When true, claim values containing commas are emitted as a JSON array in JWT access tokens, ID
tokens and UserInfo responses only when the claim's local-claim metadata has multiValued=true.
---
 .../resources/identity.xml.j2                                    | 1 +
 .../org.wso2.carbon.identity.core.server.feature.default.json    | 1 +
 2 files changed, 2 insertions(+)

diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2 b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2
index 3d5bc9166322..404c7669c963 100644
--- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2
+++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2
@@ -1038,6 +1038,7 @@
             <UserInfoEndpointRequestValidator>{{oauth.oidc.extensions.user_info_request_validator}}</UserInfoEndpointRequestValidator>
             <UserInfoEndpointAccessTokenValidator>{{oauth.oidc.extensions.user_info_access_token_validator}}</UserInfoEndpointAccessTokenValidator>
             <UserInfoMultiValueSupportEnabled>{{oauth.oidc.user_info.enable_multi_value_support}}</UserInfoMultiValueSupportEnabled>
+            <ConvertOnlyMultiValuedClaimsToArray>{{oauth.oidc.convert_only_multi_valued_claims_to_array}}</ConvertOnlyMultiValuedClaimsToArray>
             <UserInfoRemoveInternalPrefixFromRoles>{{oauth.oidc.user_info.remove_internal_prefix_from_roles}}</UserInfoRemoveInternalPrefixFromRoles>
             <ReturnOnlyAppAssociatedRolesInUserInfo>{{oauth.oidc.user_info.return_only_app_associated_roles}}</ReturnOnlyAppAssociatedRolesInUserInfo>
             {% if oauth.oidc.extensions.user_info_response_builder is defined %}
diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json
index 6fced01e08fe..94625a6c7dd1 100644
--- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json
+++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json
@@ -309,6 +309,7 @@
   "oauth.oidc.extensions.user_info_request_validator": "org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInforRequestDefaultValidator",
   "oauth.oidc.extensions.user_info_access_token_validator": "org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoISAccessTokenValidator",
   "oauth.oidc.user_info.enable_multi_value_support": true,
+  "oauth.oidc.convert_only_multi_valued_claims_to_array": false,
   "oauth.oidc.user_info.return_only_app_associated_roles": true,
   "oauth.oidc.user_info.remove_internal_prefix_from_roles": true,