From 7145e703d786c5a2ecd89bd71653c255c248f26a Mon Sep 17 00:00:00 2001
From: kyy <b24053@hanmaceng.co.kr>
Date: Wed, 17 Jun 2026 17:34:36 +0900
Subject: [PATCH] =?UTF-8?q?=ED=81=B4=EB=A0=88=EC=9E=84=20=ED=86=A0?=
 =?UTF-8?q?=EA=B8=80=20=EB=B0=8F=20=EB=B9=84=ED=99=9C=EC=84=B1=ED=99=94=20?=
 =?UTF-8?q?=EC=A0=80=EC=9E=A5=20=EC=B2=98=EB=A6=AC=20=EC=B6=94=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../clients/ClientGeneralPage.claims.test.tsx |  55 +-
 .../features/clients/ClientGeneralPage.tsx    | 928 +++++++++---------
 devfront/src/locales/en.toml                  |   1 +
 devfront/src/locales/ko.toml                  |   1 +
 devfront/src/locales/template.toml            |   1 +
 5 files changed, 540 insertions(+), 446 deletions(-)

diff --git a/devfront/src/features/clients/ClientGeneralPage.claims.test.tsx b/devfront/src/features/clients/ClientGeneralPage.claims.test.tsx
index 359c4d3a..c605560f 100644
--- a/devfront/src/features/clients/ClientGeneralPage.claims.test.tsx
+++ b/devfront/src/features/clients/ClientGeneralPage.claims.test.tsx
@@ -98,8 +98,8 @@ function makeClientDetail(
     });
   }
 
-    return {
-      client: {
+  return {
+    client: {
       id: "client-claims",
       name: "Claims App",
       type: "private",
@@ -334,6 +334,47 @@ describe("ClientGeneralPage RP claims", () => {
     );
   });
 
+  it("clears saved RP claims when custom claims are disabled", async () => {
+    const { container } = await renderPage();
+
+    const claimToggle = Array.from(
+      container.querySelectorAll<HTMLButtonElement>('[role="switch"]'),
+    ).find((button) =>
+      (button.getAttribute("aria-label") ?? "").includes("커스텀 클레임 사용"),
+    );
+    expect(claimToggle).toBeDefined();
+    expect(claimToggle?.getAttribute("aria-checked")).toBe("true");
+
+    await act(async () => {
+      claimToggle?.dispatchEvent(new MouseEvent("click", { bubbles: true }));
+    });
+    await flush();
+
+    expect(claimToggle?.getAttribute("aria-checked")).toBe("false");
+
+    const saveButton = Array.from(container.querySelectorAll("button")).find(
+      (button) =>
+        button.textContent?.includes("저장") ||
+        button.textContent?.includes("Save"),
+    );
+    expect(saveButton).toBeDefined();
+
+    await act(async () => {
+      saveButton?.dispatchEvent(new MouseEvent("click", { bubbles: true }));
+    });
+    await flush();
+
+    expect(updateClientMock).toHaveBeenCalledWith(
+      "client-claims",
+      expect.objectContaining({
+        metadata: expect.objectContaining({
+          id_token_claims_enabled: false,
+          id_token_claims: [],
+        }),
+      }),
+    );
+  });
+
   it("preserves tenants scope mandatory state when tenant access restriction is off", async () => {
     fetchClientMock.mockResolvedValue(
       makeClientDetail("old_claim", {
@@ -354,7 +395,7 @@ describe("ClientGeneralPage RP claims", () => {
 
     const tenantScopeRow = Array.from(container.querySelectorAll("tr")).find(
       (row) =>
-      Array.from(row.querySelectorAll("input")).some(
+        Array.from(row.querySelectorAll("input")).some(
           (input) => (input as HTMLInputElement).value === "tenants",
         ),
     );
@@ -389,10 +430,10 @@ describe("ClientGeneralPage RP claims", () => {
     expect(updateClientMock).toHaveBeenCalledWith(
       "client-claims",
       expect.objectContaining({
-          metadata: expect.objectContaining({
-            tenant_access_restricted: false,
-            structured_scopes: expect.arrayContaining([
-              expect.objectContaining({
+        metadata: expect.objectContaining({
+          tenant_access_restricted: false,
+          structured_scopes: expect.arrayContaining([
+            expect.objectContaining({
               name: "tenants",
               mandatory: false,
               locked: false,
diff --git a/devfront/src/features/clients/ClientGeneralPage.tsx b/devfront/src/features/clients/ClientGeneralPage.tsx
index 55a04383..51d65218 100644
--- a/devfront/src/features/clients/ClientGeneralPage.tsx
+++ b/devfront/src/features/clients/ClientGeneralPage.tsx
@@ -633,6 +633,7 @@ function ClientGeneralPage() {
   const [allowedTenantIds, setAllowedTenantIds] = useState<string[]>([]);
   const [autoLoginSupported, setAutoLoginSupported] = useState(false);
   const [autoLoginUrl, setAutoLoginUrl] = useState("");
+  const [idTokenClaimsEnabled, setIdTokenClaimsEnabled] = useState(false);
 
   // Public Key Registration States
   const [tokenEndpointAuthMethod, setTokenEndpointAuthMethod] =
@@ -956,7 +957,13 @@ function ClientGeneralPage() {
         ),
       );
     }
-    setIdTokenClaims(readIdTokenClaimsMetadata(metadata));
+    const savedIdTokenClaims = readIdTokenClaimsMetadata(metadata);
+    setIdTokenClaims(savedIdTokenClaims);
+    setIdTokenClaimsEnabled(
+      typeof metadata.id_token_claims_enabled === "boolean"
+        ? metadata.id_token_claims_enabled
+        : savedIdTokenClaims.length > 0,
+    );
   }, [data, normalizeScopesForTenantAccess]);
 
   const securityProfile: SecurityProfile =
@@ -1089,6 +1096,7 @@ function ClientGeneralPage() {
   };
 
   const addIdTokenClaim = () => {
+    setIdTokenClaimsEnabled(true);
     setIdTokenClaims((current) => [
       ...current,
       createIdTokenClaimItem(`claim-${Date.now()}`),
@@ -1253,48 +1261,50 @@ function ClientGeneralPage() {
   }
 
   const claimValidationErrors: string[] = [];
-  const seenClaimKeys = new Set<string>();
-  for (const claim of normalizedIdTokenClaimItems) {
-    if (!claim.key) {
-      claimValidationErrors.push(
-        t(
-          "msg.dev.clients.general.id_token_claims.key_required",
-          "Claim key를 입력해야 합니다.",
-        ),
-      );
-      continue;
-    }
+  if (idTokenClaimsEnabled) {
+    const seenClaimKeys = new Set<string>();
+    for (const claim of normalizedIdTokenClaimItems) {
+      if (!claim.key) {
+        claimValidationErrors.push(
+          t(
+            "msg.dev.clients.general.id_token_claims.key_required",
+            "Claim key를 입력해야 합니다.",
+          ),
+        );
+        continue;
+      }
 
-    const keySignature = `${claim.namespace}:${claim.key}`;
-    if (seenClaimKeys.has(keySignature)) {
-      claimValidationErrors.push(
-        t(
-          "msg.dev.clients.general.id_token_claims.duplicate_key",
-          "중복된 claim key가 있습니다: {{namespace}}.{{key}}",
-          {
-            namespace: t(
-              "ui.dev.clients.general.id_token_claims.namespace_rp_claims",
-              "rp_claims",
-            ),
-            key: claim.key,
-          },
-        ),
-      );
-      continue;
-    }
-    seenClaimKeys.add(keySignature);
+      const keySignature = `${claim.namespace}:${claim.key}`;
+      if (seenClaimKeys.has(keySignature)) {
+        claimValidationErrors.push(
+          t(
+            "msg.dev.clients.general.id_token_claims.duplicate_key",
+            "중복된 claim key가 있습니다: {{namespace}}.{{key}}",
+            {
+              namespace: t(
+                "ui.dev.clients.general.id_token_claims.namespace_rp_claims",
+                "rp_claims",
+              ),
+              key: claim.key,
+            },
+          ),
+        );
+        continue;
+      }
+      seenClaimKeys.add(keySignature);
 
-    const defaultValueError = claimDefaultValueValidationError(claim);
-    if (defaultValueError) {
-      claimValidationErrors.push(defaultValueError);
+      const defaultValueError = claimDefaultValueValidationError(claim);
+      if (defaultValueError) {
+        claimValidationErrors.push(defaultValueError);
+      }
     }
   }
   validationErrors.push(...claimValidationErrors);
 
   const hasValidationErrors = validationErrors.length > 0;
-  const idTokenClaimPreview = buildIdTokenClaimsPreview(
-    normalizedIdTokenClaimItems,
-  );
+  const idTokenClaimPreview = idTokenClaimsEnabled
+    ? buildIdTokenClaimsPreview(normalizedIdTokenClaimItems)
+    : [];
   const idTokenClaimPreviewJson = JSON.stringify(idTokenClaimPreview, null, 2);
   const tenantOptions: TenantSummary[] = tenantData?.items ?? [];
   const selectedAllowedTenants = allowedTenantIds
@@ -1435,7 +1445,8 @@ function ClientGeneralPage() {
           auto_login_supported: autoLoginSupported,
           auto_login_url: autoLoginSupported ? trimmedAutoLoginUrl : undefined,
           structured_scopes: normalizedScopes,
-          id_token_claims: normalizedIdTokenClaims,
+          id_token_claims_enabled: idTokenClaimsEnabled,
+          id_token_claims: idTokenClaimsEnabled ? normalizedIdTokenClaims : [],
           token_endpoint_auth_method: effectiveTokenEndpointAuthMethod,
           headless_login_enabled: headlessLoginEnabled,
           headless_token_endpoint_auth_method: headlessLoginEnabled
@@ -1908,7 +1919,7 @@ function ClientGeneralPage() {
             </CardDescription>
           </div>
           <Button
-            variant="outline"
+            variant="default"
             size="sm"
             onClick={addScope}
             className="gap-2"
@@ -2315,306 +2326,293 @@ function ClientGeneralPage() {
       <Card className="glass-panel">
         <CardHeader className="pb-4">
           <div className="flex flex-col gap-2 md:flex-row md:items-start md:justify-between">
-            <div className="space-y-1">
-              <CardTitle className="text-xl font-bold">
-                {t(
-                  "ui.dev.clients.general.id_token_claims.title",
-                  "Custom Claims",
-                )}
-              </CardTitle>
-              <CardDescription>
-                {t(
-                  "msg.dev.clients.general.id_token_claims.subtitle",
-                  "RP 전용 확장 claim을 구분해서 관리합니다.",
-                )}
-              </CardDescription>
+            <div className="space-y-3">
+              <div className="space-y-1">
+                <CardTitle className="text-xl font-bold">
+                  {t(
+                    "ui.dev.clients.general.id_token_claims.title",
+                    "Custom Claims",
+                  )}
+                </CardTitle>
+                <CardDescription>
+                  {t(
+                    "msg.dev.clients.general.id_token_claims.subtitle",
+                    "RP 전용 확장 claim을 구분해서 관리합니다.",
+                  )}
+                </CardDescription>
+              </div>
+              {idTokenClaimsEnabled ? (
+                <Button
+                  size="sm"
+                  onClick={addIdTokenClaim}
+                  className="gap-2"
+                  disabled={isGeneralSettingsReadOnly}
+                >
+                  <Plus className="h-4 w-4" />
+                  {t(
+                    "ui.dev.clients.general.id_token_claims.add",
+                    "Claim 추가",
+                  )}
+                </Button>
+              ) : null}
+            </div>
+            <div className="flex shrink-0 items-center gap-3 rounded-xl border border-border bg-muted/30 px-4 py-3">
+              <div className="space-y-0.5 text-right">
+                <p className="text-sm font-semibold">
+                  {idTokenClaimsEnabled
+                    ? t("ui.common.enabled", "사용")
+                    : t("ui.common.disabled", "사용 안 함")}
+                </p>
+                <p className="text-xs text-muted-foreground">
+                  {t(
+                    "ui.dev.clients.general.id_token_claims.enabled",
+                    "커스텀 클레임 사용",
+                  )}
+                </p>
+              </div>
+              <Switch
+                checked={idTokenClaimsEnabled}
+                onCheckedChange={setIdTokenClaimsEnabled}
+                id="custom-claims-enabled"
+                aria-label={t(
+                  "ui.dev.clients.general.id_token_claims.enabled",
+                  "커스텀 클레임 사용",
+                )}
+                disabled={isGeneralSettingsReadOnly}
+              />
             </div>
-            <Button
-              onClick={addIdTokenClaim}
-              className="gap-2"
-              disabled={isGeneralSettingsReadOnly}
-            >
-              <Plus className="h-4 w-4" />
-              {t("ui.dev.clients.general.id_token_claims.add", "Claim 추가")}
-            </Button>
           </div>
         </CardHeader>
-        <CardContent className="space-y-4">
-          <div className="grid gap-4 xl:grid-cols-[minmax(0,1.45fr)_minmax(360px,0.75fr)]">
-            <div className="space-y-3">
-              <SettingsTableShell>
-                <SettingsTable>
-                  <SettingsTableHeader>
-                    <tr>
-                      <SettingsTableHead>
-                        {t(
-                          "ui.dev.clients.general.id_token_claims.table.key",
-                          "Claim Key",
-                        )}
-                      </SettingsTableHead>
-                      <SettingsTableHead>
-                        {t(
-                          "ui.dev.clients.general.id_token_claims.table.namespace",
-                          "Namespace",
-                        )}
-                      </SettingsTableHead>
-                      <SettingsTableHead>
-                        {t(
-                          "ui.dev.clients.general.id_token_claims.table.value_type",
-                          "Value Type",
-                        )}
-                      </SettingsTableHead>
-                      <SettingsTableHead className="text-center">
-                        {t(
-                          "ui.dev.clients.general.id_token_claims.table.nullable",
-                          "Nullable",
-                        )}
-                      </SettingsTableHead>
-                      <SettingsTableHead className="text-center">
-                        {t(
-                          "ui.dev.clients.general.id_token_claims.table.read_user_allowed",
-                          "User read",
-                        )}
-                      </SettingsTableHead>
-                      <SettingsTableHead className="text-center">
-                        {t(
-                          "ui.dev.clients.general.id_token_claims.table.write_user_allowed",
-                          "User write",
-                        )}
-                      </SettingsTableHead>
-                      <SettingsTableHead>
-                        {t(
-                          "ui.dev.clients.general.id_token_claims.table.default_value",
-                          "Default Value",
-                        )}
-                      </SettingsTableHead>
-                      <SettingsTableHead className="w-[56px] text-center">
-                        {t(
-                          "ui.dev.clients.general.id_token_claims.table.delete",
-                          "Delete",
-                        )}
-                      </SettingsTableHead>
-                    </tr>
-                  </SettingsTableHeader>
-                  <SettingsTableBody>
-                    {idTokenClaims.length > 0 ? (
-                      idTokenClaims.map((claim) => {
-                        const defaultValueError =
-                          claimDefaultValueValidationError(claim);
+        {idTokenClaimsEnabled ? (
+          <CardContent className="space-y-4">
+            <div className="grid gap-4 xl:grid-cols-[minmax(0,1.45fr)_minmax(360px,0.75fr)]">
+              <div className="space-y-3">
+                <SettingsTableShell>
+                  <SettingsTable>
+                    <SettingsTableHeader>
+                      <tr>
+                        <SettingsTableHead>
+                          {t(
+                            "ui.dev.clients.general.id_token_claims.table.key",
+                            "Claim Key",
+                          )}
+                        </SettingsTableHead>
+                        <SettingsTableHead>
+                          {t(
+                            "ui.dev.clients.general.id_token_claims.table.namespace",
+                            "Namespace",
+                          )}
+                        </SettingsTableHead>
+                        <SettingsTableHead>
+                          {t(
+                            "ui.dev.clients.general.id_token_claims.table.value_type",
+                            "Value Type",
+                          )}
+                        </SettingsTableHead>
+                        <SettingsTableHead className="text-center">
+                          {t(
+                            "ui.dev.clients.general.id_token_claims.table.nullable",
+                            "Nullable",
+                          )}
+                        </SettingsTableHead>
+                        <SettingsTableHead className="text-center">
+                          {t(
+                            "ui.dev.clients.general.id_token_claims.table.read_user_allowed",
+                            "User read",
+                          )}
+                        </SettingsTableHead>
+                        <SettingsTableHead className="text-center">
+                          {t(
+                            "ui.dev.clients.general.id_token_claims.table.write_user_allowed",
+                            "User write",
+                          )}
+                        </SettingsTableHead>
+                        <SettingsTableHead>
+                          {t(
+                            "ui.dev.clients.general.id_token_claims.table.default_value",
+                            "Default Value",
+                          )}
+                        </SettingsTableHead>
+                        <SettingsTableHead className="w-[56px] text-center">
+                          {t(
+                            "ui.dev.clients.general.id_token_claims.table.delete",
+                            "Delete",
+                          )}
+                        </SettingsTableHead>
+                      </tr>
+                    </SettingsTableHeader>
+                    <SettingsTableBody>
+                      {idTokenClaims.length > 0 ? (
+                        idTokenClaims.map((claim) => {
+                          const defaultValueError =
+                            claimDefaultValueValidationError(claim);
 
-                        return (
-                          <SettingsTableRow
-                            key={claim.id}
-                            className="hover:bg-muted/20"
-                          >
-                            <SettingsTableCell>
-                              <Input
-                                value={claim.key}
-                                onChange={(e) =>
-                                  updateIdTokenClaim(
-                                    claim.id,
-                                    "key",
-                                    e.target.value,
-                                  )
-                                }
-                                className="h-8 font-mono text-xs"
-                                placeholder={t(
-                                  "ui.dev.clients.general.id_token_claims.key_placeholder",
-                                  "e.g. locale",
-                                )}
-                                disabled={isGeneralSettingsReadOnly}
-                              />
-                            </SettingsTableCell>
-                            <SettingsTableCell>
-                              <Badge
-                                variant="muted"
-                                className="h-8 rounded-md border bg-muted/40 px-3 py-1.5 font-mono text-xs"
-                              >
-                                {t(
-                                  "ui.dev.clients.general.id_token_claims.namespace_rp_claims",
-                                  "rp_claims",
-                                )}
-                              </Badge>
-                            </SettingsTableCell>
-                            <SettingsTableCell>
-                              <select
-                                value={claim.valueType}
-                                onChange={(e) =>
-                                  updateIdTokenClaim(
-                                    claim.id,
-                                    "valueType",
-                                    e.target.value as ClaimValueType,
-                                  )
-                                }
-                                aria-label={t(
-                                  "ui.dev.clients.general.id_token_claims.value_type_label",
-                                  "Claim 값 타입",
-                                )}
-                                className="h-8 w-full rounded-md border border-input bg-background px-3 text-sm shadow-sm transition-colors focus-visible:outline-none focus-visible:ring-1 focus-visible:ring-ring"
-                                disabled={isGeneralSettingsReadOnly}
-                              >
-                                <option value="text">
-                                  {t(
-                                    "ui.dev.clients.general.id_token_claims.value_type_text",
-                                    "Text",
-                                  )}
-                                </option>
-                                <option value="number">
-                                  {t(
-                                    "ui.dev.clients.general.id_token_claims.value_type_number",
-                                    "Number",
-                                  )}
-                                </option>
-                                <option value="float">
-                                  {t(
-                                    "ui.dev.clients.general.id_token_claims.value_type_float",
-                                    "Float",
-                                  )}
-                                </option>
-                                <option value="boolean">
-                                  {t(
-                                    "ui.dev.clients.general.id_token_claims.value_type_boolean",
-                                    "Boolean",
-                                  )}
-                                </option>
-                                <option value="array">
-                                  {t(
-                                    "ui.dev.clients.general.id_token_claims.value_type_array",
-                                    "Array",
-                                  )}
-                                </option>
-                                <option value="object">
-                                  {t(
-                                    "ui.dev.clients.general.id_token_claims.value_type_object",
-                                    "Object",
-                                  )}
-                                </option>
-                                <option value="date">
-                                  {t(
-                                    "ui.dev.clients.general.id_token_claims.value_type_date",
-                                    "Date",
-                                  )}
-                                </option>
-                                <option value="datetime">
-                                  {t(
-                                    "ui.dev.clients.general.id_token_claims.value_type_datetime",
-                                    "Datetime",
-                                  )}
-                                </option>
-                              </select>
-                            </SettingsTableCell>
-                            <SettingsTableCell className="text-center">
-                              <div className="flex h-8 items-center justify-center">
-                                <Switch
-                                  checked={claim.nullable}
-                                  onCheckedChange={(checked) =>
-                                    updateIdTokenClaim(
-                                      claim.id,
-                                      "nullable",
-                                      checked,
-                                    )
-                                  }
-                                  aria-label={t(
-                                    "ui.dev.clients.general.id_token_claims.nullable_label",
-                                    "Nullable",
-                                  )}
-                                  disabled={isGeneralSettingsReadOnly}
-                                />
-                              </div>
-                            </SettingsTableCell>
-                            <SettingsTableCell className="text-center">
-                              <div className="flex h-8 items-center justify-center">
-                                <Switch
-                                  checked={
-                                    claim.readPermission === "user_and_admin"
-                                  }
-                                  onCheckedChange={(checked) =>
-                                    setIdTokenClaimPermissionAllowed(
-                                      claim.id,
-                                      "readPermission",
-                                      checked,
-                                    )
-                                  }
-                                  aria-label={t(
-                                    "ui.dev.clients.general.id_token_claims.read_user_allowed_label",
-                                    "사용자 읽기 허용",
-                                  )}
-                                  disabled={isGeneralSettingsReadOnly}
-                                />
-                              </div>
-                            </SettingsTableCell>
-                            <SettingsTableCell className="text-center">
-                              <div className="flex h-8 items-center justify-center">
-                                <Switch
-                                  checked={
-                                    claim.writePermission === "user_and_admin"
-                                  }
-                                  onCheckedChange={(checked) =>
-                                    setIdTokenClaimPermissionAllowed(
-                                      claim.id,
-                                      "writePermission",
-                                      checked,
-                                    )
-                                  }
-                                  aria-label={t(
-                                    "ui.dev.clients.general.id_token_claims.write_user_allowed_label",
-                                    "사용자 쓰기 허용",
-                                  )}
-                                  disabled={isGeneralSettingsReadOnly}
-                                />
-                              </div>
-                            </SettingsTableCell>
-                            <SettingsTableCell>
-                              {claim.valueType === "array" ||
-                              claim.valueType === "object" ? (
-                                <Textarea
-                                  value={claim.value}
+                          return (
+                            <SettingsTableRow
+                              key={claim.id}
+                              className="hover:bg-muted/20"
+                            >
+                              <SettingsTableCell>
+                                <Input
+                                  value={claim.key}
                                   onChange={(e) =>
                                     updateIdTokenClaim(
                                       claim.id,
-                                      "value",
+                                      "key",
                                       e.target.value,
                                     )
                                   }
-                                  className="min-h-9 font-mono text-xs"
-                                  placeholder={
-                                    claim.valueType === "array"
-                                      ? `["value"]`
-                                      : `{"key": "value"}`
-                                  }
+                                  className="h-8 font-mono text-xs"
+                                  placeholder={t(
+                                    "ui.dev.clients.general.id_token_claims.key_placeholder",
+                                    "e.g. locale",
+                                  )}
                                   disabled={isGeneralSettingsReadOnly}
                                 />
-                              ) : claim.valueType === "boolean" ? (
+                              </SettingsTableCell>
+                              <SettingsTableCell>
+                                <Badge
+                                  variant="muted"
+                                  className="h-8 rounded-md border bg-muted/40 px-3 py-1.5 font-mono text-xs"
+                                >
+                                  {t(
+                                    "ui.dev.clients.general.id_token_claims.namespace_rp_claims",
+                                    "rp_claims",
+                                  )}
+                                </Badge>
+                              </SettingsTableCell>
+                              <SettingsTableCell>
                                 <select
-                                  value={
-                                    claim.value === "false" ? "false" : "true"
-                                  }
+                                  value={claim.valueType}
                                   onChange={(e) =>
                                     updateIdTokenClaim(
                                       claim.id,
-                                      "value",
-                                      e.target.value,
+                                      "valueType",
+                                      e.target.value as ClaimValueType,
                                     )
                                   }
-                                  className="h-8 w-full rounded-md border border-input bg-background px-3 font-mono text-xs shadow-sm focus-visible:outline-none focus-visible:ring-1 focus-visible:ring-ring"
+                                  aria-label={t(
+                                    "ui.dev.clients.general.id_token_claims.value_type_label",
+                                    "Claim 값 타입",
+                                  )}
+                                  className="h-8 w-full rounded-md border border-input bg-background px-3 text-sm shadow-sm transition-colors focus-visible:outline-none focus-visible:ring-1 focus-visible:ring-ring"
                                   disabled={isGeneralSettingsReadOnly}
                                 >
-                                  <option value="true">true</option>
-                                  <option value="false">false</option>
+                                  <option value="text">
+                                    {t(
+                                      "ui.dev.clients.general.id_token_claims.value_type_text",
+                                      "Text",
+                                    )}
+                                  </option>
+                                  <option value="number">
+                                    {t(
+                                      "ui.dev.clients.general.id_token_claims.value_type_number",
+                                      "Number",
+                                    )}
+                                  </option>
+                                  <option value="float">
+                                    {t(
+                                      "ui.dev.clients.general.id_token_claims.value_type_float",
+                                      "Float",
+                                    )}
+                                  </option>
+                                  <option value="boolean">
+                                    {t(
+                                      "ui.dev.clients.general.id_token_claims.value_type_boolean",
+                                      "Boolean",
+                                    )}
+                                  </option>
+                                  <option value="array">
+                                    {t(
+                                      "ui.dev.clients.general.id_token_claims.value_type_array",
+                                      "Array",
+                                    )}
+                                  </option>
+                                  <option value="object">
+                                    {t(
+                                      "ui.dev.clients.general.id_token_claims.value_type_object",
+                                      "Object",
+                                    )}
+                                  </option>
+                                  <option value="date">
+                                    {t(
+                                      "ui.dev.clients.general.id_token_claims.value_type_date",
+                                      "Date",
+                                    )}
+                                  </option>
+                                  <option value="datetime">
+                                    {t(
+                                      "ui.dev.clients.general.id_token_claims.value_type_datetime",
+                                      "Datetime",
+                                    )}
+                                  </option>
                                 </select>
-                              ) : (
-                                <div className="flex flex-col gap-2">
-                                  <Input
-                                    key={claim.valueType}
-                                    type={claimDefaultInputType(
-                                      claim.valueType,
+                              </SettingsTableCell>
+                              <SettingsTableCell className="text-center">
+                                <div className="flex h-8 items-center justify-center">
+                                  <Switch
+                                    checked={claim.nullable}
+                                    onCheckedChange={(checked) =>
+                                      updateIdTokenClaim(
+                                        claim.id,
+                                        "nullable",
+                                        checked,
+                                      )
+                                    }
+                                    aria-label={t(
+                                      "ui.dev.clients.general.id_token_claims.nullable_label",
+                                      "Nullable",
                                     )}
-                                    inputMode={claimDefaultInputMode(
-                                      claim.valueType,
+                                    disabled={isGeneralSettingsReadOnly}
+                                  />
+                                </div>
+                              </SettingsTableCell>
+                              <SettingsTableCell className="text-center">
+                                <div className="flex h-8 items-center justify-center">
+                                  <Switch
+                                    checked={
+                                      claim.readPermission === "user_and_admin"
+                                    }
+                                    onCheckedChange={(checked) =>
+                                      setIdTokenClaimPermissionAllowed(
+                                        claim.id,
+                                        "readPermission",
+                                        checked,
+                                      )
+                                    }
+                                    aria-label={t(
+                                      "ui.dev.clients.general.id_token_claims.read_user_allowed_label",
+                                      "사용자 읽기 허용",
                                     )}
-                                    pattern={claimDefaultInputPattern(
-                                      claim.valueType,
+                                    disabled={isGeneralSettingsReadOnly}
+                                  />
+                                </div>
+                              </SettingsTableCell>
+                              <SettingsTableCell className="text-center">
+                                <div className="flex h-8 items-center justify-center">
+                                  <Switch
+                                    checked={
+                                      claim.writePermission === "user_and_admin"
+                                    }
+                                    onCheckedChange={(checked) =>
+                                      setIdTokenClaimPermissionAllowed(
+                                        claim.id,
+                                        "writePermission",
+                                        checked,
+                                      )
+                                    }
+                                    aria-label={t(
+                                      "ui.dev.clients.general.id_token_claims.write_user_allowed_label",
+                                      "사용자 쓰기 허용",
                                     )}
+                                    disabled={isGeneralSettingsReadOnly}
+                                  />
+                                </div>
+                              </SettingsTableCell>
+                              <SettingsTableCell>
+                                {claim.valueType === "array" ||
+                                claim.valueType === "object" ? (
+                                  <Textarea
                                     value={claim.value}
                                     onChange={(e) =>
                                       updateIdTokenClaim(
@@ -2623,110 +2621,161 @@ function ClientGeneralPage() {
                                         e.target.value,
                                       )
                                     }
-                                    className="h-8 font-mono text-xs"
-                                    placeholder={t(
-                                      "ui.dev.clients.general.id_token_claims.value_placeholder",
-                                      "Enter the default value",
-                                    )}
-                                    disabled={isGeneralSettingsReadOnly}
-                                    aria-invalid={
-                                      defaultValueError ? true : undefined
+                                    className="min-h-9 font-mono text-xs"
+                                    placeholder={
+                                      claim.valueType === "array"
+                                        ? `["value"]`
+                                        : `{"key": "value"}`
                                     }
+                                    disabled={isGeneralSettingsReadOnly}
                                   />
-                                  {(claim.valueType === "date" ||
-                                    claim.valueType === "datetime") && (
-                                    <select
-                                      value={claim.timeZone}
-                                      onChange={(event) =>
+                                ) : claim.valueType === "boolean" ? (
+                                  <select
+                                    value={
+                                      claim.value === "false" ? "false" : "true"
+                                    }
+                                    onChange={(e) =>
+                                      updateIdTokenClaim(
+                                        claim.id,
+                                        "value",
+                                        e.target.value,
+                                      )
+                                    }
+                                    className="h-8 w-full rounded-md border border-input bg-background px-3 font-mono text-xs shadow-sm focus-visible:outline-none focus-visible:ring-1 focus-visible:ring-ring"
+                                    disabled={isGeneralSettingsReadOnly}
+                                  >
+                                    <option value="true">true</option>
+                                    <option value="false">false</option>
+                                  </select>
+                                ) : (
+                                  <div className="flex flex-col gap-2">
+                                    <Input
+                                      key={claim.valueType}
+                                      type={claimDefaultInputType(
+                                        claim.valueType,
+                                      )}
+                                      inputMode={claimDefaultInputMode(
+                                        claim.valueType,
+                                      )}
+                                      pattern={claimDefaultInputPattern(
+                                        claim.valueType,
+                                      )}
+                                      value={claim.value}
+                                      onChange={(e) =>
                                         updateIdTokenClaim(
                                           claim.id,
-                                          "timeZone",
-                                          event.target.value,
+                                          "value",
+                                          e.target.value,
                                         )
                                       }
-                                      className="h-8 w-full rounded-md border border-input bg-background px-3 font-mono text-xs shadow-sm focus-visible:outline-none focus-visible:ring-1 focus-visible:ring-ring"
-                                      disabled={isGeneralSettingsReadOnly}
-                                      aria-label={t(
-                                        "ui.dev.clients.general.id_token_claims.timezone_label",
-                                        "Claim 기본값 시간대",
+                                      className="h-8 font-mono text-xs"
+                                      placeholder={t(
+                                        "ui.dev.clients.general.id_token_claims.value_placeholder",
+                                        "Enter the default value",
                                       )}
-                                    >
-                                      {timeZoneOptions.map((timeZone) => (
-                                        <option key={timeZone} value={timeZone}>
-                                          {timeZone}
-                                        </option>
-                                      ))}
-                                    </select>
-                                  )}
-                                </div>
-                              )}
-                              {defaultValueError && (
-                                <p className="mt-1 text-xs text-destructive">
-                                  {defaultValueError}
-                                </p>
-                              )}
-                            </SettingsTableCell>
-                            <SettingsTableCell className="w-[56px] text-center align-top">
-                              <Button
-                                variant="ghost"
-                                size="icon"
-                                onClick={() => removeIdTokenClaim(claim.id)}
-                                className="h-8 w-8 text-muted-foreground hover:text-destructive"
-                                disabled={isGeneralSettingsReadOnly}
-                              >
-                                <Trash2 className="h-4 w-4" />
-                              </Button>
-                            </SettingsTableCell>
-                          </SettingsTableRow>
-                        );
-                      })
-                    ) : (
-                      <SettingsTableEmptyState colSpan={8}>
-                        {t(
-                          "msg.dev.clients.general.id_token_claims.empty",
-                          "아직 추가된 ID Token claim이 없습니다.",
-                        )}
-                      </SettingsTableEmptyState>
-                    )}
-                  </SettingsTableBody>
-                </SettingsTable>
-              </SettingsTableShell>
-              <p className="text-xs leading-6 text-muted-foreground">
-                {t(
-                  "msg.dev.clients.general.id_token_claims.hint",
-                  "사용자별 claim 값은 동의 및 Claims 탭에서 수정합니다.",
-                )}
-              </p>
-            </div>
+                                      disabled={isGeneralSettingsReadOnly}
+                                      aria-invalid={
+                                        defaultValueError ? true : undefined
+                                      }
+                                    />
+                                    {(claim.valueType === "date" ||
+                                      claim.valueType === "datetime") && (
+                                      <select
+                                        value={claim.timeZone}
+                                        onChange={(event) =>
+                                          updateIdTokenClaim(
+                                            claim.id,
+                                            "timeZone",
+                                            event.target.value,
+                                          )
+                                        }
+                                        className="h-8 w-full rounded-md border border-input bg-background px-3 font-mono text-xs shadow-sm focus-visible:outline-none focus-visible:ring-1 focus-visible:ring-ring"
+                                        disabled={isGeneralSettingsReadOnly}
+                                        aria-label={t(
+                                          "ui.dev.clients.general.id_token_claims.timezone_label",
+                                          "Claim 기본값 시간대",
+                                        )}
+                                      >
+                                        {timeZoneOptions.map((timeZone) => (
+                                          <option
+                                            key={timeZone}
+                                            value={timeZone}
+                                          >
+                                            {timeZone}
+                                          </option>
+                                        ))}
+                                      </select>
+                                    )}
+                                  </div>
+                                )}
+                                {defaultValueError && (
+                                  <p className="mt-1 text-xs text-destructive">
+                                    {defaultValueError}
+                                  </p>
+                                )}
+                              </SettingsTableCell>
+                              <SettingsTableCell className="w-[56px] text-center align-top">
+                                <Button
+                                  variant="ghost"
+                                  size="icon"
+                                  onClick={() => removeIdTokenClaim(claim.id)}
+                                  className="h-8 w-8 text-muted-foreground hover:text-destructive"
+                                  disabled={isGeneralSettingsReadOnly}
+                                >
+                                  <Trash2 className="h-4 w-4" />
+                                </Button>
+                              </SettingsTableCell>
+                            </SettingsTableRow>
+                          );
+                        })
+                      ) : (
+                        <SettingsTableEmptyState colSpan={8}>
+                          {t(
+                            "msg.dev.clients.general.id_token_claims.empty",
+                            "아직 추가된 ID Token claim이 없습니다.",
+                          )}
+                        </SettingsTableEmptyState>
+                      )}
+                    </SettingsTableBody>
+                  </SettingsTable>
+                </SettingsTableShell>
+                <p className="text-xs leading-6 text-muted-foreground">
+                  {t(
+                    "msg.dev.clients.general.id_token_claims.hint",
+                    "사용자별 claim 값은 동의 및 Claims 탭에서 수정합니다.",
+                  )}
+                </p>
+              </div>
 
-            <div className="space-y-3">
-              <div className="rounded-xl border border-border bg-muted/20 p-4">
-                <div className="flex items-center gap-2">
-                  <Info className="h-4 w-4 text-primary" />
-                  <div>
-                    <p className="text-sm font-semibold">
-                      {t(
-                        "ui.dev.clients.general.id_token_claims.preview_title",
-                        "Saved JSON Preview",
-                      )}
-                    </p>
-                    <p className="text-xs text-muted-foreground">
-                      {t(
-                        "msg.dev.clients.general.id_token_claims.preview_hint",
-                        "설정 저장 시 반영될 claim 구성을 미리 볼 수 있습니다.",
-                      )}
-                    </p>
+              <div className="space-y-3">
+                <div className="rounded-xl border border-border bg-muted/20 p-4">
+                  <div className="flex items-center gap-2">
+                    <Info className="h-4 w-4 text-primary" />
+                    <div>
+                      <p className="text-sm font-semibold">
+                        {t(
+                          "ui.dev.clients.general.id_token_claims.preview_title",
+                          "Saved JSON Preview",
+                        )}
+                      </p>
+                      <p className="text-xs text-muted-foreground">
+                        {t(
+                          "msg.dev.clients.general.id_token_claims.preview_hint",
+                          "설정 저장 시 반영될 claim 구성을 미리 볼 수 있습니다.",
+                        )}
+                      </p>
+                    </div>
                   </div>
+                  <Textarea
+                    readOnly
+                    value={idTokenClaimPreviewJson}
+                    className="mt-4 min-h-72 font-mono text-xs"
+                  />
                 </div>
-                <Textarea
-                  readOnly
-                  value={idTokenClaimPreviewJson}
-                  className="mt-4 min-h-72 font-mono text-xs"
-                />
               </div>
             </div>
-          </div>
-        </CardContent>
+          </CardContent>
+        ) : null}
       </Card>
 
       {/* 4. Tenant Access Restriction */}
@@ -2994,42 +3043,43 @@ function ClientGeneralPage() {
             </div>
           </div>
         </CardHeader>
-        <CardContent className="space-y-4">
-          <div className="space-y-2">
-            <Label htmlFor="auto-login-url" className="text-sm font-semibold">
-              {t(
-                "ui.dev.clients.general.auto_login.url",
-                "자동 로그인 시작 URL",
-              )}
-            </Label>
-            <Input
-              id="auto-login-url"
-              value={autoLoginUrl}
-              onChange={(event) => setAutoLoginUrl(event.target.value)}
-              disabled={!autoLoginSupported}
-              aria-invalid={!hasValidAutoLoginUrl}
-              className={!hasValidAutoLoginUrl ? "border-destructive" : ""}
-              placeholder={t(
-                "ui.dev.clients.general.auto_login.url_placeholder",
-                "https://app.example.com/login?auto=1",
-              )}
-            />
-            <p className="text-xs text-muted-foreground">
-              {t(
-                "msg.dev.clients.general.auto_login.help",
-                "이 URL은 RP가 state, nonce, PKCE 값을 직접 생성한 뒤 Baron OIDC로 리다이렉트해야 합니다.",
-              )}
-            </p>
-            {!hasValidAutoLoginUrl ? (
-              <p className="text-xs text-destructive">
+        {autoLoginSupported ? (
+          <CardContent className="space-y-4">
+            <div className="space-y-2">
+              <Label htmlFor="auto-login-url" className="text-sm font-semibold">
                 {t(
-                  "msg.dev.clients.general.auto_login.invalid_url",
-                  "자동 로그인 URL 형식이 올바르지 않습니다. http 또는 https 주소를 입력하세요.",
+                  "ui.dev.clients.general.auto_login.url",
+                  "자동 로그인 시작 URL",
+                )}
+              </Label>
+              <Input
+                id="auto-login-url"
+                value={autoLoginUrl}
+                onChange={(event) => setAutoLoginUrl(event.target.value)}
+                aria-invalid={!hasValidAutoLoginUrl}
+                className={!hasValidAutoLoginUrl ? "border-destructive" : ""}
+                placeholder={t(
+                  "ui.dev.clients.general.auto_login.url_placeholder",
+                  "https://app.example.com/login?auto=1",
+                )}
+              />
+              <p className="text-xs text-muted-foreground">
+                {t(
+                  "msg.dev.clients.general.auto_login.help",
+                  "이 URL은 RP가 state, nonce, PKCE 값을 직접 생성한 뒤 Baron OIDC로 리다이렉트해야 합니다.",
                 )}
               </p>
-            ) : null}
-          </div>
-        </CardContent>
+              {!hasValidAutoLoginUrl ? (
+                <p className="text-xs text-destructive">
+                  {t(
+                    "msg.dev.clients.general.auto_login.invalid_url",
+                    "자동 로그인 URL 형식이 올바르지 않습니다. http 또는 https 주소를 입력하세요.",
+                  )}
+                </p>
+              ) : null}
+            </div>
+          </CardContent>
+        ) : null}
       </Card>
 
       {/* 6. Security Settings */}
diff --git a/devfront/src/locales/en.toml b/devfront/src/locales/en.toml
index 04fa3e1f..aa938726 100644
--- a/devfront/src/locales/en.toml
+++ b/devfront/src/locales/en.toml
@@ -1649,6 +1649,7 @@ picker_hint_with_count = "{{count}} tenants selected."
 [ui.dev.clients.general.id_token_claims]
 title = "Custom Claims"
 add = "Add Claim"
+enabled = "Custom Claims Enabled"
 preview_title = "Saved JSON Preview"
 namespace_label = "Claim namespace"
 namespace_top_level = "top-level"
diff --git a/devfront/src/locales/ko.toml b/devfront/src/locales/ko.toml
index 8e11dd73..ccbcf4ad 100644
--- a/devfront/src/locales/ko.toml
+++ b/devfront/src/locales/ko.toml
@@ -1648,6 +1648,7 @@ picker_hint_with_count = "현재 {{count}}개가 선택되어 있습니다."
 [ui.dev.clients.general.id_token_claims]
 title = "커스텀 클레임"
 add = "Claim 추가"
+enabled = "커스텀 클레임 사용"
 preview_title = "저장 JSON 미리보기"
 namespace_label = "Claim 네임스페이스"
 namespace_top_level = "top-level"
diff --git a/devfront/src/locales/template.toml b/devfront/src/locales/template.toml
index 2d3fe891..eae7ede3 100644
--- a/devfront/src/locales/template.toml
+++ b/devfront/src/locales/template.toml
@@ -1698,6 +1698,7 @@ picker_hint_with_count = ""
 [ui.dev.clients.general.id_token_claims]
 title = ""
 add = ""
+enabled = ""
 preview_title = ""
 namespace_label = ""
 namespace_top_level = ""