Create a dynamic client.

post https://{tenanturl}/oauth2/register

Use this API to create a dynamic client. If dynamic client registration is configured to require bearer token authentication, the token needs to have the manageAppAccessAdmin (Manage application lifecycle) entitlement.

Body Params

Dynamic client payload

client_name

string

Client name.

client_id

string

Client ID. Will be automatically generated if not provided.

client_secret

string

Client secret. Will be automatically generated if not provided.

redirect_uris

array of strings

required

Array of redirection URIs for use in redirect-based flows.

redirect_uris*

response_types

array of strings

Array of the OAuth 2.0 response types that the client may use.

response_types

grant_types

array of strings

Array of grant types that the client may use. The allowed grant types are 'authorization_code', 'implicit', 'password', and 'refresh_token'.

grant_types

jwks_uri

string

URL referencing the client's JSON Web Key Set document representing the client's public keys.

id_token_signed_response_alg

string

Token signing algorithm. Required for signing the ID token issued for this client.

userinfo_signed_response_alg

string

Userinfo response JWT signing algorithm.

userinfo_encrypted_response_alg

string

Userinfo response JWT encryption algorithm.

userinfo_encrypted_response_enc

string

Userinfo response JWT encryption content algorithm.

token_endpoint_auth_method

string

Requested authentication method for the token endpoint.

initiate_login_uri

string

URI using the https scheme that a third party can use to initiate a login by the RP.

all_users_entitled

boolean

Set to true if all users are entitled to use this client.

consent_action

string

Request for user consent.

enforce_pkce

boolean

Enforce the usage of PKCE.

tls_client_certificate_bound_access_tokens

boolean

Indicates if certificate binding for access token is required.

tls_client_auth_subject_dn

string

The expected subject distinguished name of the certificate that the client will use in mutual TLS authentication.

tls_client_auth_san_dns

string

The expected DNS name SAN entry in the certificate that the client will use in mutual TLS authentication.

tls_client_auth_san_email

string

The expected email address SAN entry in the certificate that the client will use in mutual TLS authentication.

tls_client_auth_san_uri

string

The expected URI SAN entry in the certificate that the client will use in mutual TLS authentication.

tls_client_auth_san_ip

string

The expected IP address SAN entry in the certificate that the client will use in mutual TLS authentication.

scope

string

Space-delimited string of allowed scopes.

id_token_claims

array of strings

List of claims for id_token and user information.

id_token_claims

token_claims

array of strings

List of claims for introspect and JWT access token.

token_claims

Headers

Authorization

string

Bearer access token

Responses

Language

URL


xxxxxxxxxx
1
curl --request POST \
2
     --url https://tenant_url/oauth2/register \
3
     --header 'accept: application/json' \
4
     --header 'content-type: application/json'

Choose an example:

application/json

*/*

200Successful Creation

400Bad Request Exception

403Forbidden

500An internal server error occurred.