Format
IDs
setupId
Format: XXXXXXXXXXXXXXXXXXXXXXXXX
Example: 3b1d1fd97f0b6255356dacf130bb9976
clientId
Format: XXXXXXXXXXXXXXXXXXXXXXXXX
Example: 3b1d1fd97f0b6255356dacf130bb997e
Client resource
redirect_uris
Data type: list of strings
OAuth2 redirect URLs.
token_endpoint_auth_method
Data type: string
Possible values and constraints: none
, client_secret_post
, client_secret_basic
, client_secret_jwt
String indicator of the requested authentication method for the token endpoint.
none
: The client is a public client as defined in OAuth 2.0, and does not have a client secret.
client_secret_jwt
: The client uses JSON Web Token as defined in OAuth 2.0.
client_secret_post
: The client uses the HTTP POST parameters as defined in OAuth 2.0.
client_secret_basic
(default): The client uses HTTP Basic as defined in OAuth 2.0.
grant_types
Data type: list of strings
Possible values and constraints: authorization_code
, client_credentials
, implicit
, jwt_bearer
OAuth2 flows.
authorization_code
(default): If you select this value, set the attribute response_types
to code
.
implicit
: If you select this value, set the attribute response_types
to token
or id_token
.
response_types
Data type: list of strings
Possible values and constraints: code
, token
, id_token
code
(default): If you select this value, set the attribute grant_types to authorization_code
.
token
, id_token
: If you select one of these values, set the attribute grant_types to implicit
.
client_name
Data type: string
Possible values and constraints: Not blank.
Required.
Display name of client.
client_uri
Data type: string
URL string of a web page providing information about the client.
logo_uri
Data type: string
URL string that references a logo for the client.
scope
Data type: string
Possible values and constraints: all defined scopes of resource servers in the according setup.
OAuth2 scopes separated by spaces.
contacts
Data type: list of strings
Contact information.
tos_uri
Data type: string
URL string that points to a human-readable terms of service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client.
policy_uri
Data type: string
URL string that points to a human-readable privacy policy document that describes how the deployment organization collects, uses, retains, and discloses personal data.
id_token_signed_response_alg
Data type: enum
(Optional) Algorithm used to sign the Id Token, see the OpenID Connect Core 1.0, chapter Client Metadata. Default value is RS256. Supported values are: RS256, RS384, RS512, ES256, ES256K, ES384, ES512.
id_token_encrypted_response_alg
Data type: enum
(Optional) Algorithm for encrypting the Id Token. This field signals that the ID Token should be encrypted. If the property is not set, no encryption will be done. The public key for the encryption is taken from the JWKS URI or JWKS fields. The key is picked by algorithm family and type. In case more than one key is found, the one having the longest validity is used. Note, that keys having no validity defined are valid indefinitely. For more see the OpenID Connect Core 1.0, chapter Client Metadata. Supported values are: RSA1_5, RSA-OAEP, RSA-OAEP-256, RSA-OAEP-384, RSA-OAEP-512, ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW.
id_token_encrypted_response_enc
Data type: enum
(Optional) Encryption method for the ID Token. This property only makes sense if Id Token encryption algorithm is also set, setting this property without the Id Token encryption algorithm will result in an error. Supported values are: A128CBC-HS256, A192CBC-HS384, A256CBC-HS512, A128GCM, A192GCM, A256GCM. For more see the OpenID Connect Core 1.0, chapter Client Metadata.
jwks_uri
Data type: string
URL string referencing the client's JSON Web Key (JWK) Set [RFC7517] document, which contains the client's public keys.
jwks
Data type: object
Client's JSON Web Key Set [RFC7517] document value, which contains the client's public keys.
force_pushed_authorization_requests
Data type: boolean
Force Authorization Server use the client's Pushed Authorization Requests
false
(default) Authorization Server will accept any Authorization Request.true
force Authorization Server only use Pushed Authorization Request from the client.