Registering OAuth Client Applications

Perform the following steps to register a client application:

  1. Log in to the Identity Server, click the drop-down menu in the upper right corner.

  2. Click Administer OAuth Apps > Register New Clients > Client Configuration.

  3. Specify the following details:

    Field

    Description

    Client Name

    Specify the name of the client.

    Client Type

    Select whether this is a web-based or a desktop client.

    For web-based applications specify the client type in this format: https://client.example.org/callback

    For native/desktop applications, specify the client type in any one of the following formats:

    https://www.namacme.in/

    or

    x-com.acme.sample://www.namacme.in/

    Redirect URIs

    Specify the URIs that the Identity Server uses to send the authorization code and implicit requests.

    NOTE:The redirect URI, urn:ietf:wg:oauth:2.0:oob is not supported for the implicit and the hybrid flows.

    Grants Required

    Select the grant types required for this client. Available grant types include Authorization Code (default), Implicit, Resource Owner Credentials, SAML 2 Assertion and Client Credentials.

    Token Types

    Select the token type that the authorization server will return to this client. Supported tokens include Code, ID Token, Refresh Token, and Access Token.

    Refresh Token

    Select Always Issue New Token to issue a new refresh token on every refresh token request.

  4. (Conditional) If you have selected ID Token in Token Types under Client Configuration, then click OpenID Connect Configuration and configure the following settings:

    Field

    Description

    JSON Web Key Set URI

    Specify the URI of the JSON file containing the json web keys.

    ID Token Signed Response Algorithm

    Specify the ID Token Signed Response Algorithm.

    This is a mandatory field for issuing ID token.

    NOTE:ID tokens are not signed by default. If you select the None option, the ID token is sent as an unsigned token. Ensure that you select the None option only if you can trust the integrity of an unsigned ID token.

    ID Token Encrypted Response Algorithm

    Specify the algorithm that is used to encrypt the key.

    ID Token Encrypted Response Enc

    Specify the algorithm that is used to encrypt the content.

  5. Click Token Timeout Configuration.

    You can use this option if you want to choose specific timeout duration for a specific client application instead of using the duration mentioned in the global settings. You can specify timeout information for the following settings:

    • Authorization Code Timeout

    • Access Token and ID Token Timeout

    • Refresh Token Timeout

  6. Click Consent Screen Configuration.

    Specify the following details:

    Field

    Description

    Client Logo URL

    Specify the Logo URL that you want to include in the consent page.

    Privacy Policy URL

    You can define your own privacy policy. Specify the URL of the privacy policy you want to include in the consent page.

    Terms of Service URL

    Specify the URL of the terms of service.

    Contact

    Specify email addresses of people who are related to this client.

  7. Click Authorized JavaScript origins (CORS) and add Domains. The domains configured here can access restricted resources available on the client application. This is an optional step.

  8. Click Register Client.

For trademark and copyright information, see Legal Notice.