Create a dynamic client.

post https://{tenanturl}/v1.0/endpoint/{opName}/client_registration

Use this API to create a dynamic client.

Entitlements required: manageAppAccessAdmin (Manage application lifecycle).

Path Params

opName

string

required

Defaults to default

The OpenID Connect provider ID. The default provider ID is "default".

Body Params

Dynamic client payload

client_name

string

required

Client name.

client_id

string

required

Client ID. Will be automatically generated if not provided.

client_secret

string

required

Client secret. Will be automatically generated if not provided.

redirect_uris

array of strings

required

Array of redirection URIs for use in redirect-based flows.

redirect_uris*

request_uris

array of strings

Array of request_uri values that are pre-registered by the RP for use at the OP.

request_uris

response_types

array of strings

Array of the OAuth 2.0 response types that the client may use.

response_types

grant_types

array of strings

Array of grant types that the client may use. The allowed grant types are 'authorization_code', 'implicit', 'password', 'refresh_token' and 'urn:ietf:params:oauth:grant-type:device_code'.

grant_types

jwks_uri

string

URL referencing the client's JSON Web Key Set document representing the client's public keys.

id_token_signed_response_alg

string

Token signing algorithm. Required for signing the ID token issued for this client.

userinfo_signed_response_alg

string

Userinfo response JWT signing algorithm.

userinfo_encrypted_response_alg

string

Userinfo response JWT encryption algorithm.

userinfo_encrypted_response_enc

string

Userinfo response JWT encryption content algorithm.

request_object_signing_alg

string

JWS alg algorithm that MUST be used for signing request objects sent to the OP.

request_object_encryption_alg

string

JWE alg algorithm the RP is declaring that it may use for encrypting request objects sent to the OP.

request_object_encryption_enc

string

JWE enc algorithm the RP is declaring that it may use for encrypting request objects sent to the OP.

token_endpoint_auth_method

string

Requested authentication method for the token endpoint.

token_endpoint_auth_signing_alg

string

JWS alg algorithm that MUST be used for signing the JWT used to authenticate the Client at the Token Endpoint for the private_key_jwt and client_secret_jwt authentication methods.

initiate_login_uri

string

URI using the https scheme that a third party can use to initiate a login by the RP.

all_users_entitled

boolean

Set to true if all users are entitled to use this client.

consent_action

boolean

Request for user consent.

enforce_pkce

boolean

Enforce the usage of PKCE.

tls_client_certificate_bound_access_tokens

boolean

Indicates if certificate binding for access token is required.

tls_client_auth_subject_dn

string

The expected subject distinguished name of the certificate that the client will use in mutual TLS authentication.

tls_client_auth_san_dns

string

The expected DNS name SAN entry in the certificate that the client will use in mutual TLS authentication.

tls_client_auth_san_uri

string

The expected URI SAN entry in the certificate that the client will use in mutual TLS authentication.

tls_client_auth_san_ip

string

The expected IP address SAN entry in the certificate that the client will use in mutual TLS authentication.

tls_client_auth_san_email

string

The expected email address SAN entry in the certificate that the client will use in mutual TLS authentication.

Headers

Authorization

string

required

Bearer access token

Responses

Language

URL


xxxxxxxxxx
1
curl --request POST \
2
     --url https://tenant_url/v1.0/endpoint/default/client_registration \
3
     --header 'accept: application/json' \
4
     --header 'content-type: application/json'

Choose an example:

application/json

200Successful Creation

400Bad Request Exception

403Forbidden

500Internal Server Error