Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.2

OAuth 2 clients must be registered with SSO management application to enable OAuth integration. During registration JSON formatted client metadata is exchanged with SSO management.

...

Anchor

...

Registeration request
Registeration request
Registration Request

http://openid.net/specs/openid-connect-registration-1_0.html#RegistrationRequest
https://tools.ietf.org/html/rfc7591#section-3.1

Parameters

...

List of allowed grant types for client
Default is to allow all grant types. It is recommended to list here the grant types the application specifically requires.
Specify empty list "[]" to disable all grant types but password, refresh_token and authorization_code

Code Block
languagexml
themeRDark
titleSample registration request
{
"redirect_uris": [ "https://client.example.com/response" ],
"grant_types": [ "authorization_code" ]
}

Anchor
Registeration response
Registeration response
Registration Response

http://openid.net/specs/openid-connect-registration-1_0.html#RegistrationResponse
https://tools.ietf.org/html/rfc7591#section-3.2

Parameters

...


In addition to client_id and client_secret, the registration response contains all parameters from registration request.

Code Block
languagexmlthemeRDark
titleSample registration response
{
"redirect_uris": [ "https://client.example.com/response" ],
"grant_types": [ "authorization_code" ],
"client_id": "2001221477",
"client_secret": "***"
}

OAuth API Requests with Client Identifier and Secret

OAuth API requests such as Access Token Request  and TokenInfo Request require at Authorization code grant and web single sign-on and Token Introspection at Authorization code grant and native applications require client_id and client_secret as input.

The client_id and client_secret parameters are either encoded as http basic authorization header or alternatively given as form or query parameters. With SSO the recommended method is http basic authorization header.

The http basic authorization mechanism is defined in http://tools.ietf.org/html/rfc2617#section-2.