Add ConvertOnlyMultiValuedClaimsToArray config for selective multi-valued claim handling by PasinduYeshan · Pull Request #8157 · wso2/carbon-identity-framework

PasinduYeshan · 2026-06-15T17:48:48Z

Purpose

Exposes the opt-in config key oauth.oidc.convert_only_multi_valued_claims_to_array (default false) in the identity.xml.j2 template and the identity-core feature default JSON, so it can be set via deployment.toml:

[oauth.oidc]
convert_only_multi_valued_claims_to_array = true

When true, a claim value containing the multi-attribute separator is emitted as a JSON array in JWT access tokens, ID tokens and the UserInfo response only when the claim's local-claim metadata has multiValued=true. Default false preserves the legacy comma-split behaviour unchanged.

Related PR

Consuming logic: wso2-extensions/identity-inbound-auth-oauth#3255

Doc

New config key; default false → no behavioural change for existing deployments.

🤖 Generated with Claude Code

…l.j2 and feature defaults Expose the opt-in config key oauth.oidc.convert_only_multi_valued_claims_to_array (default false) in the identity.xml.j2 template and the feature default JSON so it can be set via deployment.toml. When true, claim values containing commas are emitted as a JSON array in JWT access tokens, ID tokens and UserInfo responses only when the claim's local-claim metadata has multiValued=true.

coderabbitai · 2026-06-15T17:49:19Z

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: acbcf7c1-4cce-4c3f-ae14-f713db23a7ff

📥 Commits

Reviewing files that changed from the base of the PR and between 9073bb7 and b0ae69b.

📒 Files selected for processing (2)

features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2
features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json

📝 Walkthrough

Walkthrough

Two configuration files are updated to introduce a new OIDC setting, ConvertOnlyMultiValuedClaimsToArray, bound to the key oauth.oidc.convert_only_multi_valued_claims_to_array. The default value is set to false in the feature default JSON, and the corresponding element is added to the <OpenIDConnect> block in identity.xml.j2.

OIDC Multi-Valued Claims Config

Layer / File(s)	Summary
OIDC config template and default value `features/identity-core/.../identity.xml.j2`, `features/identity-core/.../org.wso2.carbon.identity.core.server.feature.default.json`	Adds the `<ConvertOnlyMultiValuedClaimsToArray>` element inside `<OpenIDConnect>` in the Jinja2 template, and registers `oauth.oidc.convert_only_multi_valued_claims_to_array` with a default of `false` in the feature defaults JSON.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is incomplete. It lacks required sections including Goals, Approach, User Stories, Release Notes, Documentation, Training, Certification, Marketing, Automation Tests, Security Checks, Samples, Migrations, and Test Environment.	Complete all required sections from the template, especially Goals, Release Notes, Automation Tests (with code coverage), and Security Checks (secure coding standards, FindSecurityBugs verification, and secrets confirmation).

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding a new OIDC configuration option for selective multi-valued claim handling, which aligns with the changeset.
Linked Issues check	✅ Passed	The PR successfully exposes the required configuration option to resolve issue `#27652`. The new config key `oauth.oidc.convert_only_multi_valued_claims_to_array` enables selective multi-valued claim handling based on claim metadata, directly addressing the issue's requirement.
Out of Scope Changes check	✅ Passed	All changes are in-scope: adding the configuration option to identity.xml.j2 template and feature default JSON files, which are necessary to expose and expose the feature described in the linked issue.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

sonarqubecloud · 2026-06-15T17:52:23Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

codecov · 2026-06-15T18:10:06Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 52.95%. Comparing base (0ebc488) to head (b0ae69b).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff            @@
##             master    #8157   +/-   ##
=========================================
  Coverage     52.95%   52.95%           
+ Complexity    20988    20932   -56     
=========================================
  Files          2186     2186           
  Lines        129041   129041           
  Branches      19224    19224           
=========================================
  Hits          68328    68328           
  Misses        52394    52394           
  Partials       8319     8319

Flag	Coverage Δ
unit	`38.12% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

PasinduYeshan mentioned this pull request Jun 15, 2026

Introduce selective multi-valued claim handling in JWT and UserInfo based on claim metadata wso2-extensions/identity-inbound-auth-oauth#3255

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add ConvertOnlyMultiValuedClaimsToArray config for selective multi-valued claim handling#8157

Add ConvertOnlyMultiValuedClaimsToArray config for selective multi-valued claim handling#8157
PasinduYeshan wants to merge 1 commit into
wso2:masterfrom
PasinduYeshan:fix/selective-multivalued-claims-config

PasinduYeshan commented Jun 15, 2026 •

edited

Loading

Uh oh!

coderabbitai Bot commented Jun 15, 2026 •

edited

Loading

Walkthrough

❌ Failed checks (1 warning)

Uh oh!

sonarqubecloud Bot commented Jun 15, 2026

Uh oh!

codecov Bot commented Jun 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

PasinduYeshan commented Jun 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Purpose

Related PR

Doc

Uh oh!

coderabbitai Bot commented Jun 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

❌ Failed checks (1 warning)

Uh oh!

sonarqubecloud Bot commented Jun 15, 2026

Quality Gate passed

Uh oh!

codecov Bot commented Jun 15, 2026

Codecov Report

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

PasinduYeshan commented Jun 15, 2026 •

edited

Loading

coderabbitai Bot commented Jun 15, 2026 •

edited

Loading