Skip to main content
Version: 8.2411.x.x RR

Format

IDs

setupId

Format: XXXXXXXXXXXXXXXXXXXXXXXXX

Example: 3b1d1fd97f0b6255356dacf130bb9976

clientId

Format: XXXXXXXXXXXXXXXXXXXXXXXXX

Example: 3b1d1fd97f0b6255356dacf130bb997e

Client resource

redirect_uris

Data type: list of strings

OAuth2 redirect URLs.

token_endpoint_auth_method

Data type: string

Possible values and constraints: none, client_secret_post, client_secret_basic, client_secret_jwt

String indicator of the requested authentication method for the token endpoint.

none: The client is a public client as defined in OAuth 2.0, and does not have a client secret.

client_secret_jwt: The client uses JSON Web Token as defined in OAuth 2.0.

client_secret_post: The client uses the HTTP POST parameters as defined in OAuth 2.0.

client_secret_basic (default): The client uses HTTP Basic as defined in OAuth 2.0.

grant_types

Data type: list of strings

Possible values and constraints: authorization_code, client_credentials, implicit, jwt_bearer

OAuth2 flows.

authorization_code (default): If you select this value, set the attribute response_types to code.

implicit: If you select this value, set the attribute response_types to token or id_token.

response_types

Data type: list of strings

Possible values and constraints: code, token, id_token

code (default): If you select this value, set the attribute grant_types to authorization_code.

token, id_token: If you select one of these values, set the attribute grant_types to implicit.

client_name

Data type: string

Possible values and constraints: Not blank.

Required.

Display name of client.

client_uri

Data type: string

URL string of a web page providing information about the client.

logo_uri

Data type: string

URL string that references a logo for the client.

scope

Data type: string

Possible values and constraints: all defined scopes of resource servers in the according setup.

OAuth2 scopes separated by spaces.

contacts

Data type: list of strings

Contact information.

tos_uri

Data type: string

URL string that points to a human-readable terms of service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client.

policy_uri

Data type: string

URL string that points to a human-readable privacy policy document that describes how the deployment organization collects, uses, retains, and discloses personal data.

id_token_signed_response_alg

Data type: enum

(Optional) Algorithm used to sign the Id Token, see the OpenID Connect Core 1.0, chapter Client Metadata. Default value is RS256. Supported values are: RS256, RS384, RS512, ES256, ES256K, ES384, ES512.

id_token_encrypted_response_alg

Data type: enum

(Optional) Algorithm for encrypting the Id Token. This field signals that the ID Token should be encrypted. If the property is not set, no encryption will be done. The public key for the encryption is taken from the JWKS URI or JWKS fields. The key is picked by algorithm family and type. In case more than one key is found, the one having the longest validity is used. Note, that keys having no validity defined are valid indefinitely. For more see the OpenID Connect Core 1.0, chapter Client Metadata. Supported values are: RSA1_5, RSA-OAEP, RSA-OAEP-256, RSA-OAEP-384, RSA-OAEP-512, ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW.

id_token_encrypted_response_enc

Data type: enum

(Optional) Encryption method for the ID Token. This property only makes sense if Id Token encryption algorithm is also set, setting this property without the Id Token encryption algorithm will result in an error. Supported values are: A128CBC-HS256, A192CBC-HS384, A256CBC-HS512, A128GCM, A192GCM, A256GCM. For more see the OpenID Connect Core 1.0, chapter Client Metadata.

jwks_uri

Data type: string

URL string referencing the client's JSON Web Key (JWK) Set [RFC7517] document, which contains the client's public keys.

jwks

Data type: object

Client's JSON Web Key Set [RFC7517] document value, which contains the client's public keys.

force_pushed_authorization_requests

Data type: boolean

Force Authorization Server use the client's Pushed Authorization Requests

  • false (default) Authorization Server will accept any Authorization Request.
  • true force Authorization Server only use Pushed Authorization Request from the client.