Class ClientsManager

Create a new client (application or SSO integration).

Notes:

• We recommend leaving the client_secret parameter unspecified to allow the generation of a safe secret.
• The client_authentication_methods and token_endpoint_auth_method properties are mutually exclusive. Use client_authentication_methods to configure the client with Private Key JWT authentication method. Otherwise, use token_endpoint_auth_method to configure the client with client secret (basic or post) or with no authentication method (none).
• When using client_authentication_methods to configure the client with Private Key JWT authentication method, specify fully defined credentials. These credentials will be automatically enabled for Private Key JWT authentication on the client.
• To configure client_authentication_methods, the create:client_credentials scope is required.
• To configure client_authentication_methods, the property jwt_configuration.alg must be set to RS256.

Create a client

Throws

Create a client credential associated to the client. The credential will be created but not yet enabled Create a client credential

Throws

Delete a client and related configuration (rules, connections, etc). Delete a client

Throws

Delete a client credential

Throws

Retrieve client details. A list of fields to include or exclude may also be specified. Note:

• client_id, app_type, name, and description can be retrieved with the any of the scopes.
• callbacks, oidc_backchannel_logout, allowed_origins, web_origins, tenant, global, config_route, callback_url_template, jwt_configuration, jwt_configuration.lifetime_in_seconds, jwt_configuration.secret_encoded, jwt_configuration.scopes, jwt_configuration.alg, api_type, logo_uri, allowed_clients, owners, custom_login_page, custom_login_page_off, sso, addons, form_template, custom_login_page_codeview, resource_servers, client_metadata, mobile, mobile.android, mobile.ios, allowed_logout_urls, token_endpoint_auth_method, is_first_party, oidc_conformant, is_token_endpoint_ip_header_trusted, initiate_login_uri, grant_types, refresh_token, refresh_token.rotation_type, refresh_token.expiration_type, refresh_token.leeway, refresh_token.token_lifetime, organization_usage, organization_require_behavior properties can only be retrieved with the read:clients or read:client_keys scope.
• encryption_key, encryption_key.pub, encryption_key.cert, client_secret, client_authentication_methods and signing_key properties can only be retrieved with the read:client_keys or read:client_credentials scope.

Get a client

Throws

Retrieve clients (applications and SSO integrations) matching provided filters. A list of fields to include or exclude may also be specified. Note:

• client_id, app_type, name, and description can be retrieved with any scope.
• callbacks, oidc_backchannel_logout, allowed_origins, web_origins, tenant, global, config_route, callback_url_template, jwt_configuration, jwt_configuration.lifetime_in_seconds, jwt_configuration.secret_encoded, jwt_configuration.scopes, jwt_configuration.alg, api_type, logo_uri, allowed_clients, owners, custom_login_page, custom_login_page_off, sso, addons, form_template, custom_login_page_codeview, resource_servers, client_metadata, mobile, mobile.android, mobile.ios, allowed_logout_urls, token_endpoint_auth_method, is_first_party, oidc_conformant, is_token_endpoint_ip_header_trusted, initiate_login_uri, grant_types, refresh_token, refresh_token.rotation_type, refresh_token.expiration_type, refresh_token.leeway, refresh_token.token_lifetime, organization_usage, organization_require_behavior properties can only be retrieved with the read:clients or read:client_keys scope.
• encryption_key, encryption_key.pub, encryption_key.cert, client_secret, client_authentication_methods and signing_key properties can only be retrieved with the read:client_keys or read:client_credentials scope.

Get clients

Throws

Get the details of a client credential. Get client credential

Throws

Get the list of client credentials that are associated to the client.

Important: To enable credentials to be used Get client credentials

Throws

Rotate a client secret.

This endpoint cannot be used with clients configured with Private Key JWT authentication method (client_authentication_methods configured with private_key_jwt).

Note: The generated secret is NOT base64 encoded.

Rotate a client secret

Throws

Notes:

• The client_secret and signing_key attributes can only be updated with the update:client_keys scope.
• The client_authentication_methods and token_endpoint_auth_method properties are mutually exclusive. Use client_authentication_methods to configure the client with Private Key JWT authentication method. Otherwise, use token_endpoint_auth_method to configure the client with client secret (basic or post) or with no authentication method (none).
• When using client_authentication_methods to configure the client with Private Key JWT authentication method, only specify the credential IDs that were generated when creating the credentials on the client.
• To configure client_authentication_methods, the update:client_credentials scope is required.
• To configure client_authentication_methods, the property jwt_configuration.alg must be set to RS256. Update a client

Throws

Update a client credential

Throws