Perform the following steps to register a client application:
Log in to the Identity Server, click the drop-down menu in the upper right corner.
Click
> > .Specify the following details:
Field |
Description |
---|---|
|
Specify the name of the client. |
|
Select whether this is a web-based or a desktop client. For web-based applications specify the client type in this format: https://client.example.org/callback For native/desktop applications, specify the client type in any one of the following formats: https://www.namacme.in/ or x-com.acme.sample://www.namacme.in/ |
|
Specify the URIs that the Identity Server uses to send the authorization code and implicit requests. NOTE:The redirect URI, urn:ietf:wg:oauth:2.0:oob is not supported for the implicit and the hybrid flows. |
|
Select the grant types required for this client. Available grant types include Authorization Code (default), Implicit, Resource Owner Credentials, SAML 2 Assertion and Client Credentials. |
|
Select the token type that the authorization server will return to this client. Supported tokens include Code, ID Token, Refresh Token, and Access Token. |
|
Select to issue a new refresh token on every refresh token request. |
(Conditional) If you have selected
in under , then click and configure the following settings:
Field |
Description |
---|---|
|
Specify the URI of the JSON file containing the json web keys. |
|
Specify the ID Token Signed Response Algorithm. This is a mandatory field for issuing ID token. NOTE:ID tokens are not signed by default. If you select the option, the ID token is sent as an unsigned token. Ensure that you select the option only if you can trust the integrity of an unsigned ID token. |
|
Specify the algorithm that is used to encrypt the key. |
|
Specify the algorithm that is used to encrypt the content. |
Click
.You can use this option to specify the required token format for access and refresh tokens. Also, you can use this option if you want to choose a specific timeout duration for a specific client application instead of using the duration mentioned in the global settings.
To specify the required token configuration, use the following settings:
Authorization Code Timeout: Specify the duration after which the authorization code will expire.
Access Token and ID Token Timeout: Specify the duration after which the access and the ID token will expire.
Refresh Token Timeout: Specify the duration after which the refresh token will expire.
Access Token and Refresh Token Format: It is recommended to select JWT token, but you can select any of the following options based on your requirement:
Default: Select this option if you want to use the format that the Access Manager administrator has set globally for a specific Identity Server (Authorization server). If the administrator changes the format globally, you will receive the tokens in the changed format.
For example, if you select this option and if the administrator has set the format as binary, you will receive the tokens in the binary format. Now, if the administrator changes the format to JWT, you will receive the tokens in JWT format.
Binary: Select this option if you require the tokens in binary format. When you select this option, the token format will always be binary even when the administrator changes the format in the global settings of Identity Server (authorization server).
The
option is recommended only if you have an existing client application that cannot use JWT because of the browser restrictions for the length of the parameter values.Binary tokens are always encrypted using Access Manager keys. Hence, to validate the token you must use the
and the endpoints.If the tokens are in binary format, the following features are unavailable:
Providing option for resource Server to decrypt the access token
Revoking a refresh token
JWT: Select this option if you require the client application to use tokens in JWT format. When you select this option, the token format will always be JWT even when the administrator changes the format in the global settings of Identity Server (authorization server).
Click
.Specify the following details:
Field |
Description |
---|---|
|
Specify the Logo URL that you want to include in the consent page. |
|
You can define your own privacy policy. Specify the URL of the privacy policy you want to include in the consent page. |
|
Specify the URL of the terms of service. |
|
Specify email addresses of people who are related to this client. |
Click
and add . The domains configured here can access restricted resources available on the client application. This is an optional step.Click
.For trademark and copyright information, see Legal Notice.