Jump to

• Request
• Response

Find OAuth Client by name or ID

get

/oam/services/rest/ssa/api/v1/oauthpolicyadmin/client

Returns an OAuth Client. The search can be done either with the name or the ID of the Client. Only one of the query parameters needs to be specified.

Request

Supported Media Types

• application/json
• application/x-www-form-urlencoded

Query Parameters

• id(required): string
  ClientID of the client
• identityDomainName(required): string
  Name of the Identity Domain under which the Client exits
• name(required): string
  Name of the Client

Back to Top

Response

Supported Media Types

• application/json

200 Response

Sucessfully retrieved entity - OAuthClient, detail

Body ()

Root Schema : Client

Type: object

Show Source

• accessTokenCustomClaims: array accessTokenCustomClaims
• attributes: array attributes
• clientType: string
  Allowed Values: [ "CONFIDENTIAL_CLIENT", "PUBLIC_CLIENT", "MOBILE_CLIENT" ]

  Type of the client
• defaultScope: string
  Mandatory scope which is the default scope returned in the token
• description: string
• grantTypes: array grantTypes
• id: string
  ClientID for the client. Will be auto generated if not specified
• idDomain: string
  Name of the Identity Domain under which the Client exists
• idTokenCustomClaims: array idTokenCustomClaims
• issueTLSClientCertificateBoundAccessTokens: string
  Tokens should be bound to certificate or not true/false
• name(required): string
  Name of the Client
• oldSecretRetentionTimeInDays: integer
  Specifies the rollover period for previous client secret to continue working. The previous client secret is assigned when a client secret is changed.
• redirectURIs: array redirectURIs
• scopes: array scopes
• secret: string
  Password for the client if confidential
• tlsClientAuthSANDNS: string
  Certificate SAN DNS value to be matched for the client.
• tlsClientAuthSANEmail: string
  Certificate SAN email value to be matched for the client.
• tlsClientAuthSANIP: string
  Certificate SAN IP value to be matched for the client.
• tlsClientAuthSANURI: string
  Certificate SAN URI value to be matched for the client.
• tlsClientAuthSubjectDN: string
  Certificate subject value to be matched for the client.
• tokenEndpointAuthMethod: string
  Allowed Values: [ "tls_client_auth", "self_signed_tls_client_auth", "private_key_jwt", "client_secret_basic" ]

  Client Authentication method supported by the client. If "tls_client_auth" or "self_signed_tls_client_auth" is specified then one of the "tlsClientAuthSubjectDN","tlsClientAuthSANDNS","tlsClientAuthSANURI","tlsClientAuthSANIP","tlsClientAuthSANIP","tlsClientAuthSANEmail" property is required.
• usePKCE: string
  Allowed Values: [ "NON_STRICT", "STRICT" ]

  Optional parameter to enable PKCE for this client. If not specified, default will be null.
• userInfoCustomClaims: array userInfoCustomClaims

{
    "type":"object",
    "required":[
        "name"
    ],
    "properties":{
        "name":{
            "type":"string",
            "description":"Name of the Client"
        },
        "description":{
            "type":"string"
        },
        "idDomain":{
            "type":"string",
            "description":"Name of the Identity Domain under which the Client exists"
        },
        "id":{
            "type":"string",
            "description":"ClientID for the client. Will be auto generated if not specified"
        },
        "secret":{
            "type":"string",
            "description":"Password for the client if confidential"
        },
        "clientType":{
            "type":"string",
            "description":"Type of the client",
            "enum":[
                "CONFIDENTIAL_CLIENT",
                "PUBLIC_CLIENT",
                "MOBILE_CLIENT"
            ]
        },
        "grantTypes":{
            "type":"array",
            "xml":{
                "name":"grantTypes",
                "wrapped":true
            },
            "items":{
                "type":"string",
                "enum":[
                    "PASSWORD",
                    "REFRESH_TOKEN",
                    "JWT_BEARER",
                    "CLIENT_CREDENTIALS",
                    "AUTHORIZATION_CODE"
                ]
            }
        },
        "scopes":{
            "type":"array",
            "xml":{
                "name":"scopes",
                "wrapped":true
            },
            "items":{
                "$ref":"#/definitions/ScopeSettings"
            }
        },
        "usePKCE":{
            "type":"string",
            "description":"Optional parameter to enable PKCE for this client. If not specified, default will be null.",
            "enum":[
                "NON_STRICT",
                "STRICT"
            ]
        },
        "defaultScope":{
            "type":"string",
            "description":"Mandatory scope which is the default scope returned in the token"
        },
        "redirectURIs":{
            "type":"array",
            "xml":{
                "name":"redirectURIs",
                "wrapped":true
            },
            "items":{
                "$ref":"#/definitions/RedirectURI"
            }
        },
        "attributes":{
            "type":"array",
            "xml":{
                "name":"attributes",
                "wrapped":true
            },
            "items":{
                "$ref":"#/definitions/TokenAttributeSettings"
            }
        },
        "tokenEndpointAuthMethod":{
            "type":"string",
            "description":"Client Authentication method supported by the client. If \"tls_client_auth\" or  \"self_signed_tls_client_auth\" is specified then one of the \"tlsClientAuthSubjectDN\",\"tlsClientAuthSANDNS\",\"tlsClientAuthSANURI\",\"tlsClientAuthSANIP\",\"tlsClientAuthSANIP\",\"tlsClientAuthSANEmail\" property is required.",
            "enum":[
                "tls_client_auth",
                "self_signed_tls_client_auth",
                "private_key_jwt",
                "client_secret_basic"
            ]
        },
        "issueTLSClientCertificateBoundAccessTokens":{
            "type":"string",
            "description":"Tokens should be bound to certificate or not true/false"
        },
        "tlsClientAuthSubjectDN":{
            "type":"string",
            "description":"Certificate subject value to be matched  for the client."
        },
        "tlsClientAuthSANDNS":{
            "type":"string",
            "description":"Certificate SAN DNS value to be matched  for the client."
        },
        "tlsClientAuthSANURI":{
            "type":"string",
            "description":"Certificate SAN URI value to be matched  for the client."
        },
        "tlsClientAuthSANIP":{
            "type":"string",
            "description":"Certificate SAN IP value to be matched  for the client."
        },
        "tlsClientAuthSANEmail":{
            "type":"string",
            "description":"Certificate SAN email value to be matched  for the client."
        },
        "accessTokenCustomClaims":{
            "type":"array",
            "items":{
                "type":"string",
                "description":"Represents a list of claims that must be included in the Access Token in addition to other claims that are being requested via scope or other configurations"
            }
        },
        "idTokenCustomClaims":{
            "type":"array",
            "items":{
                "type":"string",
                "description":"Represents a list of claims that must be included in the Identity Token in addition to other claims that are being requested via scope or other configurations"
            }
        },
        "userInfoCustomClaims":{
            "type":"array",
            "items":{
                "type":"string",
                "description":"Represents a list of claims that must be included in the User Info response in addition to other claims that are being requested via scope or other configurations"
            }
        },
        "oldSecretRetentionTimeInDays":{
            "type":"integer",
            "description":"Specifies the rollover period for previous client secret to continue working. The previous client secret is assigned when a client secret is changed."
        }
    }
}

Nested Schema : accessTokenCustomClaims

Type: array

Show Source

• Array of: string
  Represents a list of claims that must be included in the Access Token in addition to other claims that are being requested via scope or other configurations

{
    "type":"array",
    "items":{
        "type":"string",
        "description":"Represents a list of claims that must be included in the Access Token in addition to other claims that are being requested via scope or other configurations"
    }
}

Nested Schema : attributes

Type: array

Show Source

• Array of: object TokenAttributeSettings
  Custom attributes that can be added to the Access Token

{
    "type":"array",
    "xml":{
        "name":"attributes",
        "wrapped":true
    },
    "items":{
        "$ref":"#/definitions/TokenAttributeSettings"
    }
}

Nested Schema : grantTypes

Type: array

Show Source

• Array of: string
  Allowed Values: [ "PASSWORD", "REFRESH_TOKEN", "JWT_BEARER", "CLIENT_CREDENTIALS", "AUTHORIZATION_CODE" ]

{
    "type":"array",
    "xml":{
        "name":"grantTypes",
        "wrapped":true
    },
    "items":{
        "type":"string",
        "enum":[
            "PASSWORD",
            "REFRESH_TOKEN",
            "JWT_BEARER",
            "CLIENT_CREDENTIALS",
            "AUTHORIZATION_CODE"
        ]
    }
}

Nested Schema : idTokenCustomClaims

Type: array

Show Source

• Array of: string
  Represents a list of claims that must be included in the Identity Token in addition to other claims that are being requested via scope or other configurations

{
    "type":"array",
    "items":{
        "type":"string",
        "description":"Represents a list of claims that must be included in the Identity Token in addition to other claims that are being requested via scope or other configurations"
    }
}

Nested Schema : redirectURIs

Type: array

Show Source

• Array of: object RedirectURI

{
    "type":"array",
    "xml":{
        "name":"redirectURIs",
        "wrapped":true
    },
    "items":{
        "$ref":"#/definitions/RedirectURI"
    }
}

Nested Schema : scopes

Type: array

Show Source

• Array of: object ScopeSettings

{
    "type":"array",
    "xml":{
        "name":"scopes",
        "wrapped":true
    },
    "items":{
        "$ref":"#/definitions/ScopeSettings"
    }
}

Nested Schema : userInfoCustomClaims

Type: array

Show Source

• Array of: string
  Represents a list of claims that must be included in the User Info response in addition to other claims that are being requested via scope or other configurations

{
    "type":"array",
    "items":{
        "type":"string",
        "description":"Represents a list of claims that must be included in the User Info response in addition to other claims that are being requested via scope or other configurations"
    }
}

Nested Schema : TokenAttributeSettings

Type: object

Custom attributes that can be added to the Access Token

Show Source

• attrName(required): string
  Name of the custom attribute
• attrType(required): string
  Allowed Values: [ "STATIC", "DYNAMIC" ]

  Type of the Attribute
• attrValue(required): string
  Value of the custom attribute. This could be a static value or a dynamic one that is evaluated and substituted.

{
    "type":"object",
    "description":"Custom attributes that can be added to the Access Token",
    "required":[
        "attrName",
        "attrValue",
        "attrType"
    ],
    "properties":{
        "attrName":{
            "type":"string",
            "description":"Name of the custom attribute"
        },
        "attrValue":{
            "type":"string",
            "description":"Value of the custom attribute. This could be a static value or a dynamic one that is evaluated and substituted."
        },
        "attrType":{
            "type":"string",
            "description":"Type of the Attribute",
            "enum":[
                "STATIC",
                "DYNAMIC"
            ]
        }
    }
}

Nested Schema : RedirectURI

Type: object

Show Source

• isHttps: boolean
  Default Value: true
• url(required): string
  Redirect URL

{
    "type":"object",
    "required":[
        "url"
    ],
    "properties":{
        "url":{
            "type":"string",
            "description":"Redirect URL"
        },
        "isHttps":{
            "type":"boolean",
            "default":"true"
        }
    }
}

Nested Schema : ScopeSettings

Type: object

Show Source

• scopeName(required): string
  Name of the scope

{
    "type":"object",
    "required":[
        "scopeName"
    ],
    "properties":{
        "scopeName":{
            "type":"string",
            "description":"Name of the scope"
        }
    }
}

422 Response

Failed to retrive OAuth entity "Client" - name "NameofClient"

Back to Top