Create a client of a setup using DCR

POST 
/v3/modules/:module/setups/:setupId/clients

Creates an OAuth client using the Dynamic Client Registration (DCR) standard protocol. Only client creation is supported; reads, updates and deletions must be done via the V2 API.

Request

Path Parameters

module stringrequired
setupId stringrequired

application/json

Body

redirect_uris uri[]required
grant_types string[]
response_types string[]
contacts string[]
metadata object[]
Array [
name string
value string
locale string
]
jwks object
keys object[]
Array [
keyStore object
type string
provider object
property name* string
private boolean
algorithm object
name string
requirement string
Possible values: [REQUIRED, RECOMMENDED, OPTIONAL]
x509CertSHA256Thumbprint object
keyOperations string[]
Possible values: [sign, verify, encrypt, decrypt, wrapKey, unwrapKey, deriveKey, deriveBits]
keyUse object
value string
keyRevocation object
reason object
value string
revocationTime date-time
x509CertChain object[]
x509CertURL uri
x509CertThumbprint object
parsedX509CertChain object[]
Array [
signature byte[]
basicConstraints int32
version int32
subjectAlternativeNames array[]
sigAlgParams byte[]
serialNumber integer
notBefore date-time
notAfter date-time
extendedKeyUsage string[]
subjectDN object
name string
issuerDN object
name string
tbscertificate byte[]
sigAlgOID string
issuerUniqueID boolean[]
subjectUniqueID boolean[]
issuerAlternativeNames array[]
sigAlgName string
keyUsage boolean[]
issuerX500Principal object
name string
encoded byte[]
subjectX500Principal object
name string
encoded byte[]
nonCriticalExtensionOIDs string[]
criticalExtensionOIDs string[]
type string
encoded byte[]
publicKey object
params object
encoded byte[]
format string
algorithm string
]
notBeforeTime date-time
issueTime date-time
requiredParams object
property name* object
keyType object
value string
requirement string
Possible values: [REQUIRED, RECOMMENDED, OPTIONAL]
keyID string
expirationTime date-time
]
empty boolean
additionalMembers object
property name* object
client_name stringrequired
scope string
client_id string
client_secret string
client_uri string
jwks_uri uri
logo_uri uri
tos_uri uri
policy_uri uri
token_endpoint_auth_method string
require_pushed_authorization_requests string
id_token_signed_response_alg string

Possible values: [RS256, RS384, RS512, ES256, ES256K, ES384, ES512]

id_token_encrypted_response_alg string

Possible values: [RSA1_5, RSA-OAEP, RSA-OAEP-256, RSA-OAEP-384, RSA-OAEP-512, ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, none]

id_token_encrypted_response_enc string

Possible values: [A128CBC-HS256, A192CBC-HS384, A256CBC-HS512, A128GCM, A192GCM, A256GCM, none]

software_id string
software_version string

Responses

201

The client was registered successfully using DCR; the response contains the client's credentials and metadata

application/json

Schema

Schema

client_id string
client_secret string
client_id_issued_at int64
client_secret_expires_at string

Example (from schema)

{
  "client_id": "string",
  "client_secret": "string",
  "client_id_issued_at": 0,
  "client_secret_expires_at": "string"
}

400

The DCR request body contains invalid or missing client metadata fields

403

The caller does not have the required privileges to register clients in this setup

404

No setup exists with the specified ID

Loading...