Set OAuth2 Client using OpenID Dynamic Client Registration
PUT {{baseUrl}}/oauth2/register/:id
This endpoint behaves like the administrative counterpart (setOAuth2Client) but is capable of facing the
public internet directly to be used by third parties. It implements the OpenID Connect
Dynamic Client Registration Protocol.
This feature is disabled per default. It can be enabled by a system administrator.
If you pass client_secret the secret is used, otherwise the existing secret is used. If set, the secret is echoed in the response.
It is not possible to retrieve it later on.
To use this endpoint, you will need to present the client's authentication credentials. If the OAuth2 Client
uses the Token Endpoint Authentication Method client_secret_post, you need to present the client secret in the URL query.
If it uses client_secret_basic, present the Client ID and the Client Secret in the Authorization header.
OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities.
Request Body
{"allowed_cors_origins"=>["<string>", "<string>"], "audience"=>["<string>", "<string>"], "authorization_code_grant_access_token_lifespan"=>"173800s989083199m9629244ns0154ms50936786ms875191s233226us35633069816s66275ns134962s", "authorization_code_grant_id_token_lifespan"=>"940925675m316826927us504ms4ns7ns1h2380666755h", "authorization_code_grant_refresh_token_lifespan"=>"097161834ns3933719ms6153214us688183141s73635us3766072197ms101012203h0080409113ms43393258ns", "backchannel_logout_session_required"=>"<boolean>", "backchannel_logout_uri"=>"<string>", "client_credentials_grant_access_token_lifespan"=>"675898h7181644m88h6771m288161ns50732428885m74626948ms077s", "client_id"=>"<string>", "client_name"=>"<string>", "client_secret"=>"<string>", "client_secret_expires_at"=>"<long>", "client_uri"=>"<string>", "contacts"=>["<string>", "<string>"], "created_at"=>"<dateTime>", "frontchannel_logout_session_required"=>"<boolean>", "frontchannel_logout_uri"=>"<string>", "grant_types"=>["<string>", "<string>"], "implicit_grant_access_token_lifespan"=>"944s04940936239us428815us71285535m580m19303513318m3876764984ns9472682us24512ms3306901716h", "implicit_grant_id_token_lifespan"=>"90472535220us92254236ms872445623s", "jwks"=>{"description"=>"OAuth 2.0 Client JSON Web Key Set\n\nClient's JSON Web Key Set [JWK] document, passed by value. The semantics of the jwks parameter are the same as\nthe jwks_uri parameter, other than that the JWK Set is passed by value, rather than by reference. This parameter\nis intended only to be used by Clients that, for some reason, are unable to use the jwks_uri parameter, for\ninstance, by native applications that might not have a location to host the contents of the JWK Set. If a Client\ncan use jwks_uri, it MUST NOT use jwks. One significant downside of jwks is that it does not enable key rotation\n(which jwks_uri does, as described in Section 10 of OpenID Connect Core 1.0 [OpenID.Core]). The jwks_uri and jwks\nparameters MUST NOT be used together."}, "jwks_uri"=>"<string>", "jwt_bearer_grant_access_token_lifespan"=>"71ns54331082352h25ns", "logo_uri"=>"<string>", "metadata"=>{"title"=>"JSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger."}, "owner"=>"<string>", "policy_uri"=>"<string>", "post_logout_redirect_uris"=>["<string>", "<string>"], "redirect_uris"=>["<string>", "<string>"], "refresh_token_grant_access_token_lifespan"=>"986h151ms197ms09118861ns1230802045us43ns41273009988ns", "refresh_token_grant_id_token_lifespan"=>"07284380968m80m5280228549ns", "refresh_token_grant_refresh_token_lifespan"=>"93ms49949h12571ns6387ms450833ns22002087m", "registration_access_token"=>"<string>", "registration_client_uri"=>"<string>", "request_object_signing_alg"=>"<string>", "request_uris"=>["<string>", "<string>"], "response_types"=>["<string>", "<string>"], "scope"=>"<string>", "sector_identifier_uri"=>"<string>", "subject_type"=>"<string>", "token_endpoint_auth_method"=>"<string>", "token_endpoint_auth_signing_alg"=>"<string>", "tos_uri"=>"<string>", "updated_at"=>"<dateTime>", "userinfo_signed_response_alg"=>"<string>"}
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Content-Type | string | ||
Accept | string |
RESPONSES
status: OK
{"allowed_cors_origins":["\u003cstring\u003e","\u003cstring\u003e"],"audience":["\u003cstring\u003e","\u003cstring\u003e"],"authorization_code_grant_access_token_lifespan":"173800s989083199m9629244ns0154ms50936786ms875191s233226us35633069816s66275ns134962s","authorization_code_grant_id_token_lifespan":"940925675m316826927us504ms4ns7ns1h2380666755h","authorization_code_grant_refresh_token_lifespan":"097161834ns3933719ms6153214us688183141s73635us3766072197ms101012203h0080409113ms43393258ns","backchannel_logout_session_required":"\u003cboolean\u003e","backchannel_logout_uri":"\u003cstring\u003e","client_credentials_grant_access_token_lifespan":"675898h7181644m88h6771m288161ns50732428885m74626948ms077s","client_id":"\u003cstring\u003e","client_name":"\u003cstring\u003e","client_secret":"\u003cstring\u003e","client_secret_expires_at":"\u003clong\u003e","client_uri":"\u003cstring\u003e","contacts":["\u003cstring\u003e","\u003cstring\u003e"],"created_at":"\u003cdateTime\u003e","frontchannel_logout_session_required":"\u003cboolean\u003e","frontchannel_logout_uri":"\u003cstring\u003e","grant_types":["\u003cstring\u003e","\u003cstring\u003e"],"implicit_grant_access_token_lifespan":"944s04940936239us428815us71285535m580m19303513318m3876764984ns9472682us24512ms3306901716h","implicit_grant_id_token_lifespan":"90472535220us92254236ms872445623s","jwks":{"description":"OAuth 2.0 Client JSON Web Key Set\n\nClient's JSON Web Key Set [JWK] document, passed by value. The semantics of the jwks parameter are the same as\nthe jwks_uri parameter, other than that the JWK Set is passed by value, rather than by reference. This parameter\nis intended only to be used by Clients that, for some reason, are unable to use the jwks_uri parameter, for\ninstance, by native applications that might not have a location to host the contents of the JWK Set. If a Client\ncan use jwks_uri, it MUST NOT use jwks. One significant downside of jwks is that it does not enable key rotation\n(which jwks_uri does, as described in Section 10 of OpenID Connect Core 1.0 [OpenID.Core]). The jwks_uri and jwks\nparameters MUST NOT be used together."},"jwks_uri":"\u003cstring\u003e","jwt_bearer_grant_access_token_lifespan":"71ns54331082352h25ns","logo_uri":"\u003cstring\u003e","metadata":{"title":"JSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger."},"owner":"\u003cstring\u003e","policy_uri":"\u003cstring\u003e","post_logout_redirect_uris":["\u003cstring\u003e","\u003cstring\u003e"],"redirect_uris":["\u003cstring\u003e","\u003cstring\u003e"],"refresh_token_grant_access_token_lifespan":"986h151ms197ms09118861ns1230802045us43ns41273009988ns","refresh_token_grant_id_token_lifespan":"07284380968m80m5280228549ns","refresh_token_grant_refresh_token_lifespan":"93ms49949h12571ns6387ms450833ns22002087m","registration_access_token":"\u003cstring\u003e","registration_client_uri":"\u003cstring\u003e","request_object_signing_alg":"\u003cstring\u003e","request_uris":["\u003cstring\u003e","\u003cstring\u003e"],"response_types":["\u003cstring\u003e","\u003cstring\u003e"],"scope":"\u003cstring\u003e","sector_identifier_uri":"\u003cstring\u003e","subject_type":"\u003cstring\u003e","token_endpoint_auth_method":"\u003cstring\u003e","token_endpoint_auth_signing_alg":"\u003cstring\u003e","tos_uri":"\u003cstring\u003e","updated_at":"\u003cdateTime\u003e","userinfo_signed_response_alg":"\u003cstring\u003e"}