Missing switch 'ID Token as detached signature' in the admin console client settings (#42807)

closes #42769


(cherry picked from commit 201ea6d19c92ea91a9943521d486402d55fd1b63)

Signed-off-by: mposolda <mposolda@gmail.com>

js/apps/admin-ui/maven-resources/theme/keycloak.v2/admin/messages/messages_en.properties

@@ -2101,6 +2101,7 @@ assignedClientScope=Assigned client scope
 savePasswordSuccess=The password has been set successfully.
 Tuesday=Tuesday
 idTokenEncryptionContentEncryptionAlgorithm=ID token encryption content encryption algorithm
+idTokenAsDetachedSignature=Use ID Token as a Detached Signature
 newRoleName=New role name
 listExplain=Identity providers are social networks or identity brokers that allow users to authenticate to Keycloak.
 emptyInstructions=Change your search criteria or add a user
@@ -2486,6 +2487,7 @@ id=ID
 join=Join
 clientUpdaterSourceGroupsHelp=The condition checks the group of the entity who tries to create/update the client to determine whether the policy is applied.
 idTokenEncryptionContentEncryptionAlgorithmHelp=JWA Algorithm used for content encryption in encrypting ID tokens. This option is needed just if you want encrypted ID tokens. If left empty, ID Tokens are just signed, but not encrypted.
+idTokenAsDetachedSignatureHelp=This makes ID token returned from Authorization Endpoint in OIDC Hybrid flow use as a detached signature defined in FAPI 1.0 Advanced Security Profile. Therefore, this ID token does not include an authenticated user's information.
 messageBundleDescription=You can only edit the supported locales. If you haven't selected supported locales yet, you can only edit the English locale.
 saveEventListenersError=Error saving event listener\: {{error}}
 scopesHelp=The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to 'openid'.

js/apps/admin-ui/src/clients/AdvancedTab.tsx

@@ -99,6 +99,7 @@ export const AdvancedTab = ({ save, client }: AdvancedProps) => {
                       "id.token.signed.response.alg",
                       "id.token.encrypted.response.alg",
                       "id.token.encrypted.response.enc",
+                      "id.token.as.detached.signature",
                       "user.info.response.signature.alg",
                       "user.info.encrypted.response.alg",
                       "user.info.encrypted.response.enc",

js/apps/admin-ui/src/clients/advanced/FineGrainOpenIdConnect.tsx

@@ -127,6 +127,35 @@ export const FineGrainOpenIdConnect = ({
         }}
         options={prependEmpty(contentEncryptionProviders!)}
       />
+      <FormGroup
+        label={t("idTokenAsDetachedSignature")}
+        fieldId="idTokenAsDetachedSignature"
+        hasNoPaddingTop
+        labelIcon={
+          <HelpItem
+            helpText={t("idTokenAsDetachedSignatureHelp")}
+            fieldLabelId="idTokenAsDetachedSignature"
+          />
+        }
+      >
+        <Controller
+          name={convertAttributeNameToForm<FormFields>(
+            "attributes.id.token.as.detached.signature",
+          )}
+          defaultValue="false"
+          control={control}
+          render={({ field }) => (
+            <Switch
+              id="idTokenAsDetachedSignature"
+              label={t("on")}
+              labelOff={t("off")}
+              isChecked={field.value === "true"}
+              onChange={(_event, value) => field.onChange(value.toString())}
+              aria-label={t("idTokenAsDetachedSignature")}
+            />
+          )}
+        />
+      </FormGroup>
       <SelectControl
         name={convertAttributeNameToForm<FormFields>(
           "attributes.user.info.response.signature.alg",