API Reference
Start typing to search…

Use this endpoint to dynamically register a client

post https://{pointofcontact}/oauth2/register

Dynamically register a client with the OIDC Provider. In the process,
client is able to present a set of metadata, such as a set of valid
redirection URIs. The metadata can either be communicated in a self-asserted
fashion or as a set of metadata called a software statement, which is digitally
signed; in the case of a software statement, the issuer is vouching for the
validity of the data about the client.

Log in to see full request history
Body Params
array of strings
required
redirect_uris*
array of strings
response_types
array of strings
grant_types
string

Kind of the application.

array of strings
contacts
string

Name of the Client to be presented to the End-User.

string

URL that references a logo for the Client application.

string

URL of the home page of the Client.

string

URL that the Relying Party Client provides to the End-User to read
about the how the profile data will be used.

string

URL that the Relying Party Client provides to the End-User to read
about the Relying Party's terms of service.

string

URL for the Client's JSON Web Key Set document.

object

Client's JSON Web Key Set document, passed by value.

string

URL using the https scheme to be used in calculating Pseudonymous
Identifiers by the OIDC Provider. It is not supported by this implementation
since it only support public subject_type.

string

subject_type requested for responses to this Client.

string

JWS "alg" algorithm REQUIRED for signing the ID Token issued to this Client.

string

JWE "alg" algorithm REQUIRED for encrypting the ID Token issued to this Client.

string

JWE "enc" algorithm REQUIRED for encrypting the ID Token issued to this Client.

string

JWS "alg" algorithm REQUIRED for signing UserInfo Responses

string

JWE "alg" algorithm REQUIRED for encrypting UserInfo Responses

string

JWE "enc" algorithm REQUIRED for encrypting UserInfo Responses

string

JWS "alg" algorithm that MUST be used for signing Request Objects
sent to the OIDC Provider

string

JWE "alg" algorithm the Relying Party is declaring that it may use
for encrypting Request Objects sent to the OIDC Provider

string

JWE "enc" algorithm the Relying Party is declaring that it may use
for encrypting Request Objects sent to the OIDC Provider

string

Requested Client Authentication method for the Token Endpoint

string

JWS "alg" algorithm that MUST be used for signing the JWT used to
authenticate the Client at the Token Endpoint for the private_key_jwt
authentication method.

boolean

Whether private_key_jwt client assertion can only be used once. This is
done by checking the "jti" claim uniqueness.

number

Default Maximum Authentication Age
This implementation does not read this configuration.

boolean

Whether the auth_time Claim in the ID Token is required.
This implementation by default will output auth_time whether it is
required or not.

array of strings
default_acr_values
string

URI using the https scheme that a third party can use to initiate
a login by the Relying Party

array of strings
request_uris
string

Space-delimited string containing list of scope values that the client
can use when requesting access tokens.

string

Expected subject distinguished name of the certificate that the
client will use in mutual-TLS authentication.

string

Expected DNS Name SAN entry in the certificate that the client
will use in mutual-TLS authentication.

string

Expected RFC822 Name SAN entry in the certificate that the client
will use in mutual-TLS authentication.

string

Expected IP Address SAN entry in the certificate that the client
will use in mutual-TLS authentication.

string

Expected Uniform Resource Identifier (URI) SAN entry in the
certificate that the client will use in mutual-TLS authentication

boolean

Indicate the client's intention to use mutual-TLS client
certificate-bound access tokens.

boolean

Indicates whether the client is required to use Pushed Authorization
Request to initiate authorization requests.

boolean

Indicates whether the client is required to use Proof Key for Code Exchange
(PKCE) in the authorization requests.

string

Method of delivering the tokens after a successful user authentication.

string

The endpoint to which the OIDC Provider will post a notification
after a successful or failed end-user authentication. Required if the
token delivery mode is set to "ping".

boolean

Indicates whether the client is sending user_code parameter

string

A unique identifier string assigned by the client developer or software
publisher used by registration endpoints to identify the client software to
be dynamically registered. The value of this field is not intended to be
human readable and is usually opaque to the client and authorization server.

string

A version identifier string for the client software identified by
"software_id". The value of the "software_version" SHOULD change
on any update to the client software identified by the same "software_id".

string

A software statement is a JSON Web Token (JWT) that asserts metadata values about
the client software as a bundle. All the properties above can be specified in
a software statement. When presented to the authorization server as part of a
client registration request, the software statement MUST be digitally signed
and MUST contain an "iss" (issuer) claim denoting the party attesting to the
claims in the software statement. Client metadata values conveyed in the
software statement will take precedence over those conveyed using plain JSON elements.
When using Dynamic Client Registration for FAPI specification, the software statement
is generated by regulatory body and there are certain rules to follow.

Headers
string

MTLS Client Certificate

Responses

Updated 12 days ago

Did this page help you?
Language
URL
Click Try It! to start a request and see the response here! Or choose an example:
application/json

Updated 12 days ago

Did this page help you?