Client Configuration
A Client is an application registered within a tenant that needs to authenticate users or obtain tokens from the identity provider.
Table name: client
| Field | Type | Description |
|---|---|---|
| tenant_id | CHAR(10) | Tenant identifier (Part of Primary Key) |
| client_id | VARCHAR(100) | Unique client identifier (Part of Primary Key, auto-generated) |
| client_name | VARCHAR(100) | Human-readable client name (must be unique within tenant) |
| client_secret | VARCHAR(100) | Client secret for authentication (auto-generated) |
| client_uri | VARCHAR(2083) | URL of the client’s home page |
| contacts | JSON | Array of contact email addresses |
| grant_types | JSON | OAuth 2.0 grant types supported (e.g., [“authorization_code”, “refresh_token”]) |
| logo_uri | VARCHAR(2083) | URL of the client’s logo |
| policy_uri | VARCHAR(2083) | URL of the client’s privacy policy |
| redirect_uris | JSON | Array of authorized redirect URIs |
| response_types | JSON | OAuth 2.0 response types supported (e.g., [“code”]) |
| client_type | CHAR(11) | Client type: “first_party” (this clients can access all apis) or “third_party” (this clients can access only oidc apis) (default: “third_party”) |
| is_default | BOOLEAN | Whether this is the default client for the tenant (default: false) |
| created_at | TIMESTAMP | Timestamp when client was created |
| updated_at | TIMESTAMP | Timestamp when client was last updated |
Creating a Client via API
Section titled “Creating a Client via API”Endpoint: POST /v1/admin/client
Headers:
Content-Type: application/jsontenant-id: <your-tenant-id>(required)
Request Body:
{
"client_name": "My Application",
"client_uri": "https://myapp.com",
"contacts": ["admin@myapp.com", "support@myapp.com"],
"grant_types": ["authorization_code", "refresh_token"],
"logo_uri": "https://myapp.com/logo.png",
"policy_uri": "https://myapp.com/privacy",
"redirect_uris": ["https://myapp.com/callback", "https://myapp.com/silent-renew"],
"response_types": ["code"],
"client_type": "third_party",
"is_default": false
}Request Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
| client_name | string | Yes | Human-readable name for the client (must be unique within tenant) |
| grant_types | array | Yes | OAuth 2.0 grant types: [“authorization_code”, “client_credentials”, “refresh_token”] |
| redirect_uris | array | Yes | List of authorized redirect URIs (must be valid URIs) |
| response_types | array | Yes | OAuth 2.0 response types: [“code”] |
| client_uri | string | No | URL of the client’s home page |
| contacts | array | No | List of contact email addresses |
| logo_uri | string | No | URL of the client’s logo |
| policy_uri | string | No | URL of the client’s privacy policy |
| client_type | string | No | Client type: “first_party” (this clients can access all apis) or “third_party” (this clients can access only oidc apis) (default: “third_party”) |
| is_default | boolean | No | Whether this is the default client (default: false) |
Response: 201 Created
{
"client_id": "aB3dE5fG7hI9jK1lM",
"client_name": "My Application",
"client_secret": "xyz789abc123...",
"client_uri": "https://myapp.com",
"contacts": ["admin@myapp.com"],
"grant_types": ["authorization_code", "refresh_token"],
"logo_uri": "https://myapp.com/logo.png",
"policy_uri": "https://myapp.com/privacy",
"redirect_uris": ["https://myapp.com/callback"],
"response_types": ["code"],
"client_type": "third_party",
"is_default": false
}Important Notes:
client_idandclient_secretare automatically generated- Store the
client_secretsecurely as it cannot be retrieved later - Grant types and response types must be valid OAuth 2.0 values
Prerequisites
Section titled “Prerequisites”- Tenant Configuration - A tenant must be created first
Related Configurations
Section titled “Related Configurations”- Token Configuration - Required for all flows
- User Configuration - Required for all flows