Add a new OAuth Client
post
/oam/services/rest/ssa/api/v1/oauthpolicyadmin/client
Request
Supported Media Types
- application/json
OAuth Client that needs to be created
Root Schema : Client
Type:
Show Source
object-
accessTokenCustomClaims:
array accessTokenCustomClaims
-
attributes:
array attributes
-
clientType:
string
Allowed Values:
[ "CONFIDENTIAL_CLIENT", "PUBLIC_CLIENT", "MOBILE_CLIENT" ]Type of the client -
defaultScope:
string
Mandatory scope which is the default scope returned in the token
-
description:
string
-
grantTypes:
array grantTypes
-
id:
string
ClientID for the client. Will be auto generated if not specified
-
idDomain:
string
Name of the Identity Domain under which the Client exists
-
idTokenCustomClaims:
array idTokenCustomClaims
-
issueTLSClientCertificateBoundAccessTokens:
string
Tokens should be bound to certificate or not true/false
-
name(required):
string
Name of the Client
-
oldSecretRetentionTimeInDays:
integer
Specifies the rollover period for previous client secret to continue working. The previous client secret is assigned when a client secret is changed.
-
redirectURIs:
array redirectURIs
-
scopes:
array scopes
-
secret:
string
Password for the client if confidential
-
tlsClientAuthSANDNS:
string
Certificate SAN DNS value to be matched for the client.
-
tlsClientAuthSANEmail:
string
Certificate SAN email value to be matched for the client.
-
tlsClientAuthSANIP:
string
Certificate SAN IP value to be matched for the client.
-
tlsClientAuthSANURI:
string
Certificate SAN URI value to be matched for the client.
-
tlsClientAuthSubjectDN:
string
Certificate subject value to be matched for the client.
-
tokenEndpointAuthMethod:
string
Allowed Values:
[ "tls_client_auth", "self_signed_tls_client_auth", "private_key_jwt", "client_secret_basic" ]Client Authentication method supported by the client. If "tls_client_auth" or "self_signed_tls_client_auth" is specified then one of the "tlsClientAuthSubjectDN","tlsClientAuthSANDNS","tlsClientAuthSANURI","tlsClientAuthSANIP","tlsClientAuthSANIP","tlsClientAuthSANEmail" property is required. -
usePKCE:
string
Allowed Values:
[ "NON_STRICT", "STRICT" ]Optional parameter to enable PKCE for this client. If not specified, default will be null. -
userInfoCustomClaims:
array userInfoCustomClaims
Nested Schema : accessTokenCustomClaims
Type:
Show Source
array-
Array of:
string
Represents a list of claims that must be included in the Access Token in addition to other claims that are being requested via scope or other configurations
Nested Schema : attributes
Type:
Show Source
array-
Array of:
object TokenAttributeSettings
Custom attributes that can be added to the Access Token
Nested Schema : grantTypes
Type:
Show Source
array-
Array of:
string
Allowed Values:
[ "PASSWORD", "REFRESH_TOKEN", "JWT_BEARER", "CLIENT_CREDENTIALS", "AUTHORIZATION_CODE" ]
Nested Schema : idTokenCustomClaims
Type:
Show Source
array-
Array of:
string
Represents a list of claims that must be included in the Identity Token in addition to other claims that are being requested via scope or other configurations
Nested Schema : userInfoCustomClaims
Type:
Show Source
array-
Array of:
string
Represents a list of claims that must be included in the User Info response in addition to other claims that are being requested via scope or other configurations
Nested Schema : TokenAttributeSettings
Type:
objectCustom attributes that can be added to the Access Token
Show Source
-
attrName(required):
string
Name of the custom attribute
-
attrType(required):
string
Allowed Values:
[ "STATIC", "DYNAMIC" ]Type of the Attribute -
attrValue(required):
string
Value of the custom attribute. This could be a static value or a dynamic one that is evaluated and substituted.
Nested Schema : RedirectURI
Type:
Show Source
object-
isHttps:
boolean
Default Value:
true -
url(required):
string
Redirect URL
Nested Schema : ScopeSettings
Type:
Show Source
object-
scopeName(required):
string
Name of the scope
Response
Supported Media Types
- application/json
200 Response
Sucessfully created entity - OAuthClient, detail
Root Schema : Client
Type:
Show Source
object-
accessTokenCustomClaims:
array accessTokenCustomClaims
-
attributes:
array attributes
-
clientType:
string
Allowed Values:
[ "CONFIDENTIAL_CLIENT", "PUBLIC_CLIENT", "MOBILE_CLIENT" ]Type of the client -
defaultScope:
string
Mandatory scope which is the default scope returned in the token
-
description:
string
-
grantTypes:
array grantTypes
-
id:
string
ClientID for the client. Will be auto generated if not specified
-
idDomain:
string
Name of the Identity Domain under which the Client exists
-
idTokenCustomClaims:
array idTokenCustomClaims
-
issueTLSClientCertificateBoundAccessTokens:
string
Tokens should be bound to certificate or not true/false
-
name(required):
string
Name of the Client
-
oldSecretRetentionTimeInDays:
integer
Specifies the rollover period for previous client secret to continue working. The previous client secret is assigned when a client secret is changed.
-
redirectURIs:
array redirectURIs
-
scopes:
array scopes
-
secret:
string
Password for the client if confidential
-
tlsClientAuthSANDNS:
string
Certificate SAN DNS value to be matched for the client.
-
tlsClientAuthSANEmail:
string
Certificate SAN email value to be matched for the client.
-
tlsClientAuthSANIP:
string
Certificate SAN IP value to be matched for the client.
-
tlsClientAuthSANURI:
string
Certificate SAN URI value to be matched for the client.
-
tlsClientAuthSubjectDN:
string
Certificate subject value to be matched for the client.
-
tokenEndpointAuthMethod:
string
Allowed Values:
[ "tls_client_auth", "self_signed_tls_client_auth", "private_key_jwt", "client_secret_basic" ]Client Authentication method supported by the client. If "tls_client_auth" or "self_signed_tls_client_auth" is specified then one of the "tlsClientAuthSubjectDN","tlsClientAuthSANDNS","tlsClientAuthSANURI","tlsClientAuthSANIP","tlsClientAuthSANIP","tlsClientAuthSANEmail" property is required. -
usePKCE:
string
Allowed Values:
[ "NON_STRICT", "STRICT" ]Optional parameter to enable PKCE for this client. If not specified, default will be null. -
userInfoCustomClaims:
array userInfoCustomClaims
Nested Schema : accessTokenCustomClaims
Type:
Show Source
array-
Array of:
string
Represents a list of claims that must be included in the Access Token in addition to other claims that are being requested via scope or other configurations
Nested Schema : attributes
Type:
Show Source
array-
Array of:
object TokenAttributeSettings
Custom attributes that can be added to the Access Token
Nested Schema : grantTypes
Type:
Show Source
array-
Array of:
string
Allowed Values:
[ "PASSWORD", "REFRESH_TOKEN", "JWT_BEARER", "CLIENT_CREDENTIALS", "AUTHORIZATION_CODE" ]
Nested Schema : idTokenCustomClaims
Type:
Show Source
array-
Array of:
string
Represents a list of claims that must be included in the Identity Token in addition to other claims that are being requested via scope or other configurations
Nested Schema : userInfoCustomClaims
Type:
Show Source
array-
Array of:
string
Represents a list of claims that must be included in the User Info response in addition to other claims that are being requested via scope or other configurations
Nested Schema : TokenAttributeSettings
Type:
objectCustom attributes that can be added to the Access Token
Show Source
-
attrName(required):
string
Name of the custom attribute
-
attrType(required):
string
Allowed Values:
[ "STATIC", "DYNAMIC" ]Type of the Attribute -
attrValue(required):
string
Value of the custom attribute. This could be a static value or a dynamic one that is evaluated and substituted.
Nested Schema : RedirectURI
Type:
Show Source
object-
isHttps:
boolean
Default Value:
true -
url(required):
string
Redirect URL
Nested Schema : ScopeSettings
Type:
Show Source
object-
scopeName(required):
string
Name of the scope
422 Response
Failed to create OAuth entity "Client" - name "NameofClient"
Examples
This example demonstrates a sample request against the server for creating a new Client.
cURL Example
curl -i -H 'Content-Type: application/json' -H 'Authorization:Basic d2VibG9naWM6V2VsY29tZTE='
--request POST http:<AdminServerHost:Port>/oam/services/rest/ssa/api/v1/oauthpolicyadmin/client -d
{"attributes":[{"attrName":"customeAttr1","attrValue":"CustomValue","attrType":"static"}],"secret":"welcome1","id":"TestClient","scopes":["ResServer1.scope1"],"clientType":"CONFIDENTIAL_CLIENT","idDomain":"TestDomain1",
"description":"Client Description","name":"TestClient","grantTypes":["PASSWORD","CLIENT_CREDENTIALS","JWT_BEARER","REFRESH_TOKEN","AUTHORIZATION_CODE"],"defaultScope":"ResServer1.scope1","redirectURIs":[{"url":"http://localhost:8080/Sample.jsp","isHttps":true}]}
Example of Request Body
The following example shows the contents of the response body for creating a new Client in JSON format.
HTTP/1.1 200 OK Date: Thu, 27 Jul 2017 17:30:16 GMT Content-Length: 27 Content-Type: text/plain X-ORACLE-DMS-ECID: 78d30c19-07b6-4ac2-a39b-f1cbd8182ebb-0000012d X-ORACLE-DMS-RID: 0 Set-Cookie: JSESSIONID=4J2FGVVUN8MXI5vdemvJw3HFPHyraFXIDVRoRUZwc_7Uia_SOhG5!-1875566563; path=/; HttpOnly Sucessfully created entity - OAuthClient, detail...