API Reference
Log In
API Reference
Start typing to search…

/auth/api/v1/idp/clients

post https://example.com/auth/api/v1/idp/clients

Creates a new identity provider client configuration. client_id and client_secret are automatically generated by server.

Log in to see full request history
Body Params
string

ID of the identity provider client config

string

Name of the identity provider client config

string
Defaults to oidc

Identity provider client type, "oidc" or "saml"

string
Defaults to Provided by server

The authorization server's issuer identifier. Read-only.

oidc_audience
array of strings
Defaults to testdomain.local

Custom audience(s) for the IdP config. By default, the audience is your client_id. Use this to add more audiences.

oidc_audience
string
Defaults to Provided by server

OAuth 2.0 Client Identifier valid at the Authorization Server.

string
Defaults to Provided by server

OAuth 2.0 Client secret valid at the Authorization Server.

oidc_scopes_enabled
array of strings
Defaults to Provided by server

Array containing a list of the enabled OAuth 2.0 [RFC6749] "scope" values. "openid" scope is implicitly enabled.

oidc_scopes_enabled
oidc_response_types_supported
array of strings
Defaults to Provided by server

Array containing a list of the OAuth 2.0 [RFC6749] "response_type" values. Read only.

oidc_response_types_supported
oidc_grant_types_supported
array of strings
Defaults to Provided by server

Array containing a list of the OAuth 2.0 [RFC6749] grant type values. Read only.

oidc_grant_types_supported
boolean
Defaults to true

Enable PKCE with S256 code_challenge_method

string
Defaults to client_secret_basic

Selected client authentication method used by the Token Endpoint. Allowed values "none","client_secret_basic","client_secret_post" or "private_key_jwt".

boolean
Defaults to true

Enable POST method for client_id/client_secret authentication in addition to HTTP Basic Auth.

boolean
Defaults to true

Enable refresh_token grant use.

string

Default post logout redirect uri, if end_session is called without redirect uri.

oidc_allowed_redirect_uris
array of strings

Array containing a list of allowed redirect URIs for Code and Implicit flow.

oidc_allowed_redirect_uris
oidc_attribute_mapping
object

An object containing attribute:token mappings for mapping user attributes to idToken attributes. Allowed token attribute values are sub, name, preferred_username, family_name, given_name, locale, email, and phone_number.

string
Defaults to RS256

Token signature algorithm [RFC7518]. Allowed values are RS256,RS384,RS512,ES256,ES384,ES512,PS256,PS384,PS512

integer
Defaults to 5

Access token validity in minutes.

integer
Defaults to 480

Refresh token validity in minutes.

string
Defaults to Provided by server

The authorization server's entity ID. Global setting, read-only.

string
Defaults to Provided by server

SAML SSO Service address. Global setting, read-only. TBD

string
Defaults to Provided by server

SAML metadata address. Global setting, read-only. TBD

string

SAML Assorted Consumer Service url for authentication response. TBD

saml_attribute_mapping
object

An object containing mappings for SAML attributes.

string
Defaults to Provider by server

SAML public X509 certificate. Read-only.

string

User filter. Only users matching this filter are allowed to log in. Leave empty to allow all users.

boolean
Defaults to true

Enable/disable IDP client config

Responses

Updated over 1 year ago

Did this page help you?
Language
Credentials
OAuth2
Click Try It! to start a request and see the response here! Or choose an example:
application/json

Updated over 1 year ago

Did this page help you?