Create a dynamic client.

post

https://{tenanturl}/oauth2/register

Use this API to create a dynamic client. If dynamic client registration is configured to require bearer token authentication, the token needs to have the manageAppAccessAdmin (Manage application lifecycle) entitlement.

Recent Requests

Time	Status	User Agent
Retrieving recent requests…

Loading…

Body Params

Dynamic client payload

access_policy

string

Access Policy ID.

all_users_entitled

boolean

Set to true if all users are entitled to use this client.

api_entitlements

array of strings

List of API entitlements.

api_entitlements

authorization_encrypted_response_alg

string

JWE 'alg' algorithm required for encrypting authorization responses.

authorization_encrypted_response_enc

string

JWE 'enc' algorithm required for encrypting authorization responses.

authorization_signed_response_alg

string

JWS 'alg' required for signing authorization responses.

authorize_request_mapping

array of objects

Configuration to add request parameters for authorize endpoint

authorize_request_mapping

authorize_response_mapping

array of objects

Configuration to add response parameters for authorize endpoint

authorize_response_mapping

client_name

string

Client name.

consent_action

string

enum

Request for user consent.

Allowed:

enforce_pkce

boolean

Enforce the usage of PKCE.

grant_types

array of strings

Array of grant types that the client may use. The allowed grant types are 'authorization_code', 'implicit', 'password', and 'refresh_token'.

grant_types

id_token_encrypted_response_alg

string

JWE alg algorithm required for encrypting the ID Token assigned to this client.

id_token_encrypted_response_enc

string

JWE enc algorithm required for encrypting the ID Token assigned to this client.

id_token_signed_response_alg

string

Token signing algorithm required for signing the ID token issued for this client.

identity_providers

array of strings

List of identity providers.

identity_providers

initiate_login_uri

string

URI that uses the https scheme that a third party can use to initiate a login by the RP.

jwks_uri

string

URL referencing the client's JSON Web Key Set document representing the client's public keys.

redirect_uris

array of strings

required

Array of redirection URIs for use in redirect-based flows.

redirect_uris*

request_object_check_expiry

boolean

Flag to indicate whether expiry claims should be set in the request object.

request_object_encryption_alg

string

JWE 'alg' algorithm the RP is declaring that it can use for encrypting Request Objects sent to the OP.

request_object_encryption_enc

string

JWE 'enc' algorithm the RP is declaring that it can use for encrypting Request Objects sent to the OP.

request_object_lifetime

integer

The lifetime of the request object.

request_object_parameters_only

boolean

Flag to suggest whether all the request parameters should only be in the request object.

request_object_signing_alg

string

JWS 'alg' algorithm that MUST be used for signing Request Objects sent to the OP.

require_pushed_authorization_requests

boolean

Flag to indicate whether pushed authorization request (PAR) is required.

request_uris

array of strings

Array of request_uri values that are pre-registered by the RP for use at the OP.

request_uris

response_types

array of strings

Array of the OAuth 2.0 response types that the client may use.

response_types

restrict_api_entitlements

boolean

Flag to indicate whether API entitlements should be restricted.

scope

string

A space-delimited string of allowed scopes.

software_id

string

A unique identifier string that identifies the client software to be digitally registered.

software_statement

string

A signed JWT that asserts metadata values about the client software as a bundle.

theme_id

string

The theme ID, if any.

tls_client_auth_san_dns

string

The expected DNS name SAN entry in the certificate that the client will use in mutual TLS authentication.

tls_client_auth_subject_dn

string

The expected subject distinguished name of the certificate that the client will use in mutual TLS authentication.

tls_client_auth_san_email

string

The expected email address SAN entry in the certificate that the client will use in mutual TLS authentication.

tls_client_auth_san_ip

string

The expected IP address SAN entry in the certificate that the client will use in mutual TLS authentication.

tls_client_auth_san_uri

string

The expected URI SAN entry in the certificate that the client will use in mutual TLS authentication.

tls_client_certificate_bound_access_tokens

boolean

Indicates if certificate binding for access token is required.

token_endpoint_auth_method

string

enum

The client authentication method for the token endpoint.

Allowed:

token_endpoint_auth_signing_alg

string

JWS 'alg' algorithm that must be used for signing the JWT used to authenticate the client at the Token Endpoint for the 'private_key_jwt' authentication methods.

token_endpoint_auth_single_use_jti

boolean

Flag to indicate whether the JTI for token endpoint is single-use only.

token_request_mapping

array of objects

Configuration to add request parameters for token endpoint

token_request_mapping

token_response_mapping

array of objects

Configuration to add response parameters for token endpoint

token_response_mapping

userinfo_encrypted_response_alg

string

Userinfo response JWT encryption algorithm.

userinfo_encrypted_response_enc

string

Userinfo response JWT encryption content algorithm.

userinfo_signed_response_alg

string

Userinfo response JWT signing algorithm.

client_id

string

Client ID. Will be automatically generated if not provided.

client_secret

string

Client secret. Will be automatically generated if not provided.

id_token_claims

array of strings

List of claims for id_token and user information.

id_token_claims

token_claims

array of strings

List of claims for introspect and JWT access token.

token_claims

Headers

Authorization

string

Bearer access token

string

enum

Defaults to application/json

Generated from available response content types

Allowed:

Responses

Language

URL

Loading…

Response

Choose an example:

application/json

*/*

201Successful Creation

400Bad Request Exception

403Forbidden

500An internal server error occurred.