Download OpenAPI specification:Download
Allows an application to manage its clients, including updating existing clients and creating additional clients. To authorize API calls, use an access token for the relevant application. To manage apps and their clients as a tenant admin, see Application APIs.
Creates an additional client for the app. To authorize a request, use an access token for the relevant application.
name required | string Name of the client |
description | string Short description of the client |
redirect_uris required | Array of strings List of URIs approved for redirects for your client |
client_type | string Default: "web" Client type |
response_types | Array of strings Default: ["code","id_token"] Items Enum: "code" "id_token" |
token_endpoint_auth_method | string Deprecated Default: "client_secret_basic" This field is deprecated- to configure pkce use "pkce" field instead |
resources | Array of strings List of resources IDs associated with this client |
object Configuration for an OAuth Device Authorization Flow | |
object CIBA authorization flow configuration | |
pkce | string PKCE configuration |
{- "name": "My Client",
- "description": "string",
- "client_type": "web",
- "response_types": [
- "code"
], - "token_endpoint_auth_method": "client_secret_basic",
- "resources": [
- "string"
], - "device_authorization": {
- "enabled": false,
}, - "pkce": "enforcePkceInsteadOfClientCredentials"
}
{- "app_id": "string",
- "tenant_id": "string",
- "client_id": "string",
- "client_secret": "string",
- "name": "string",
- "description": "string",
- "resources": [
- "string"
], - "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "authentication_protocol": "oidc",
- "client_group_id": "string",
- "default_custom_claims": [
- "tid"
], - "redirect_uris": [
- "string"
], - "client_type": "web",
- "response_types": [
- "code"
], - "token_endpoint_auth_method": "client_secret_basic",
- "pkce": "enforcePkceInsteadOfClientCredentials",
- "device_authorization": {
- "enabled": false,
}, - "supported_prompts": [
- "login"
], - "authentication_configuration": {
- "method": "client_secret_basic",
- "jwks": { },
- "isMtlsCertTokenBound": true
}, - "token_expiration": {
- "access_token_ttl": 0,
- "refresh_token_ttl": 0,
- "max_refresh_rotate": 0
}
}
Retrieves a list of clients for the app. To authorize a request, use an access token for the relevant application.
[- {
- "app_id": "string",
- "tenant_id": "string",
- "client_id": "string",
- "client_secret": "string",
- "name": "string",
- "description": "string",
- "resources": [
- "string"
], - "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "authentication_protocol": "oidc",
- "client_group_id": "string",
- "default_custom_claims": [
- "tid"
], - "redirect_uris": [
- "string"
], - "client_type": "web",
- "response_types": [
- "code"
], - "token_endpoint_auth_method": "client_secret_basic",
- "pkce": "enforcePkceInsteadOfClientCredentials",
- "device_authorization": {
- "enabled": false,
}, - "supported_prompts": [
- "login"
], - "authentication_configuration": {
- "method": "client_secret_basic",
- "jwks": { },
- "isMtlsCertTokenBound": true
}, - "token_expiration": {
- "access_token_ttl": 0,
- "refresh_token_ttl": 0,
- "max_refresh_rotate": 0
}
}
]
Deletes all clients associated with the app. To authorize a request, use an access token for the relevant application. Note that the application cannot be used without clients.
{- "message": "Bad request",
- "error_code": 400
}
Retrieves a client by client ID. To authorize a request, use an access token for the relevant application.
{- "app_id": "string",
- "tenant_id": "string",
- "client_id": "string",
- "client_secret": "string",
- "name": "string",
- "description": "string",
- "resources": [
- "string"
], - "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "authentication_protocol": "oidc",
- "client_group_id": "string",
- "default_custom_claims": [
- "tid"
], - "redirect_uris": [
- "string"
], - "client_type": "web",
- "response_types": [
- "code"
], - "token_endpoint_auth_method": "client_secret_basic",
- "pkce": "enforcePkceInsteadOfClientCredentials",
- "device_authorization": {
- "enabled": false,
}, - "supported_prompts": [
- "login"
], - "authentication_configuration": {
- "method": "client_secret_basic",
- "jwks": { },
- "isMtlsCertTokenBound": true
}, - "token_expiration": {
- "access_token_ttl": 0,
- "refresh_token_ttl": 0,
- "max_refresh_rotate": 0
}
}
Update a client by its ID. To authorize a request, use an access token for the relevant application. Note: Fields that are objects cannot be partially updated, since the new value you set will just replace the current one.
name | string Name of the client |
description | string Short description of the client |
redirect_uris | Array of strings List of URIs approved for redirects for your client |
client_type | string Default: "web" Client type |
response_types | Array of strings Default: ["code","id_token"] Items Enum: "code" "id_token" |
token_endpoint_auth_method | string Deprecated Default: "client_secret_basic" This field is deprecated- to configure pkce use "pkce" field instead |
resources | Array of strings List of resources IDs associated with this client |
object Configuration for an OAuth Device Authorization Flow | |
object CIBA authorization flow configuration | |
pkce | string PKCE configuration |
{- "name": "My Client",
- "description": "string",
- "client_type": "web",
- "response_types": [
- "code"
], - "token_endpoint_auth_method": "client_secret_basic",
- "resources": [
- "string"
], - "device_authorization": {
- "enabled": false,
}, - "pkce": "enforcePkceInsteadOfClientCredentials"
}
{- "app_id": "string",
- "tenant_id": "string",
- "client_id": "string",
- "client_secret": "string",
- "name": "string",
- "description": "string",
- "resources": [
- "string"
], - "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "authentication_protocol": "oidc",
- "client_group_id": "string",
- "default_custom_claims": [
- "tid"
], - "redirect_uris": [
- "string"
], - "client_type": "web",
- "response_types": [
- "code"
], - "token_endpoint_auth_method": "client_secret_basic",
- "pkce": "enforcePkceInsteadOfClientCredentials",
- "device_authorization": {
- "enabled": false,
}, - "supported_prompts": [
- "login"
], - "authentication_configuration": {
- "method": "client_secret_basic",
- "jwks": { },
- "isMtlsCertTokenBound": true
}, - "token_expiration": {
- "access_token_ttl": 0,
- "refresh_token_ttl": 0,
- "max_refresh_rotate": 0
}
}
Deletes a client. To authorize a request, use an access token for the relevant application.
{- "message": "Bad request",
- "error_code": 400
}
Updates the list of resources that a client is allowed to explicitly request access to. To authorize a request, use an access token for the relevant application.
{- "resource_ids": [
- "string"
]
}
{- "app_id": "string",
- "tenant_id": "string",
- "client_id": "string",
- "client_secret": "string",
- "name": "string",
- "description": "string",
- "resources": [
- "string"
], - "created_at": "2019-08-24T14:15:22Z",
- "updated_at": "2019-08-24T14:15:22Z",
- "authentication_protocol": "oidc",
- "client_group_id": "string",
- "default_custom_claims": [
- "tid"
], - "redirect_uris": [
- "string"
], - "client_type": "web",
- "response_types": [
- "code"
], - "token_endpoint_auth_method": "client_secret_basic",
- "pkce": "enforcePkceInsteadOfClientCredentials",
- "device_authorization": {
- "enabled": false,
}, - "supported_prompts": [
- "login"
], - "authentication_configuration": {
- "method": "client_secret_basic",
- "jwks": { },
- "isMtlsCertTokenBound": true
}, - "token_expiration": {
- "access_token_ttl": 0,
- "refresh_token_ttl": 0,
- "max_refresh_rotate": 0
}
}