...
List of allowed grant types for client
Default is to allow all grant types. It is recommended to list here the grant types the application specifically requires.
Specify empty list "[]" to disable all grant types but password, refresh_token and authorization_code
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
{ "redirect_uris": [ "https://client.example.com/response" ], "grant_types": [ "authorization_code" ] } |
...
In addition to client_id and client_secret, the registration response contains all parameters from registration request.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
{ "redirect_uris": [ "https://client.example.com/response" ], "grant_types": [ "authorization_code" ], "client_id": "2001221477", "client_secret": "***" } |
...
OAuth API requests such as Access Token Request 4512350299 and TokenInfo Request require client_id and client_secret as input.
The client_id and client_secret parameters are either encoded as http basic authorization header or alternatively given as form or query parameters. With SSO the recommended method is http basic authorization header.
The http basic authorization mechanism is defined in http://tools.ietf.org/html/rfc2617#section-2.