BaseOAuthClient Object
Includes information about the OAuth Client settings for the specified app.
Most of the values are standard OAuth values. For information about them, refer to the OAuth specification parameters list (external link).
This object is used by the following operations:
- Operations that reference the OAuthClient object
The properties included in the BaseOAuthClient object are listed below.
| Property | Type | Description | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| RuntimeID | string | Although this field is labeled RuntimeID it is actually the AppVersionID; the unique ID for the specific app version. | ||||||||||||||||||||
| OAuthClientID | string | Unique ID for the OAuth Client. | ||||||||||||||||||||
| OAuthClientType | string | The OAuth client type. Example: com.soa.oauth.clienttype.public. Required in the request when adding or changing OAuth client properties. For valid values, see OAuth Client Type. Required in requests. | ||||||||||||||||||||
| Title | string | Title for the app. | ||||||||||||||||||||
| SubTitle | string | Subtitle for the app. | ||||||||||||||||||||
| Description | string | Text description of the app. | ||||||||||||||||||||
| AppURI | anyURI | URL for the app, such as a company website address, if provided. | ||||||||||||||||||||
| LegalDisclaimer | string | Up to 1024 characters for legal disclaimer information, if needed. | ||||||||||||||||||||
| LogoPictureID | long | A unique Dropbox ID for the logo to be assigned on an app's public profile. | ||||||||||||||||||||
| LogoAssigned | boolean | Indicates whether a specific logo has been uploaded for the app's public profile. | ||||||||||||||||||||
| includeResourceOwnerUserInfoOption | string | Indicates whether resource owner userinfo should be included in the token. | ||||||||||||||||||||
| require_authtime_claim | boolean | Indicates whether the require_auth_time claim, optional per the OpenID Connect specification, is required. | ||||||||||||||||||||
| supports_openid_connect | boolean | Indicates whether the app wants to use OpenID Connect support. | ||||||||||||||||||||
| logo_uri | anyURI | The URI for the logo associated with the app. | ||||||||||||||||||||
| Created | dateTime | The date/time stamp when the resource was first created. Used only in response messages. | ||||||||||||||||||||
| Updated | dateTime | The date/time stamp when the resource was last updated. Used only in response messages. | ||||||||||||||||||||
| response_types | string[ ] | Indicates one or more response types valid for the app. | ||||||||||||||||||||
| grant_types | string[ ] | One or more grant types valid for the app. | ||||||||||||||||||||
| token_type | string | One or more token types valid for the app. | ||||||||||||||||||||
| contacts | string[ ] | One or more contacts for the app. | ||||||||||||||||||||
| client_uri | string | The URI for the client app. | ||||||||||||||||||||
| policy_uri | string | The URL that points to a human-readable policy document for the client. | ||||||||||||||||||||
| tos_uri | string | The URL that points to a human-readable terms of service document for the client | ||||||||||||||||||||
| jwks_uri | string | The URL referencing the client's JSON Web Key Set document representing the client's public keys. | ||||||||||||||||||||
| application_type | string | The URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OpenID Connect provider. | ||||||||||||||||||||
| jwks | string | The client's JSON Web Key Set document representing the client's public keys. | ||||||||||||||||||||
| subject_type | string | The subject_type requested for responses to this Client. Valid values: pairwise or public. | ||||||||||||||||||||
| sector_identifier_uri | string | The URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OpenID Connect provider. | ||||||||||||||||||||
| id_token_signed_response_alg | string | The JWS algorithm required for signing the ID Token issued to this client. | ||||||||||||||||||||
| id_token_encrypted_response_alg | string | The JWE alg algorithm required for encrypting the ID Token issued to this client. | ||||||||||||||||||||
| id_token_encrypted_response_enc | string | The JWE enc algorithm required for encrypting the ID Token issued to this Client | ||||||||||||||||||||
| userinfo_signed_response_alg | string | The JWS alg algorithm required for signing UserInfo Responses. | ||||||||||||||||||||
| userinfo_encrypted_response_alg | string | The JWE alg algorithm required for encrypting UserInfo Responses. | ||||||||||||||||||||
| userinfo_encrypted_response_enc | string | JWE enc algorithm required for encrypting UserInfo Responses. | ||||||||||||||||||||
| request_object_signing_alg | string |
The JWS algorithm that must be used for signing Request Objects sent to the OpenID Connect provider. Corresponds to Request Object Signing Algorithm in the user interface. Supported values 2020.2.8 and later:
|
||||||||||||||||||||
| request_object_encryption_alg | string | The JWE algorithm the Relying Party is declaring that it may use for encrypting Request Objects sent to the OpenID Connect provider. | ||||||||||||||||||||
| request_object_encryption_enc | string | The JWE algorithm the Relying Party is declaring that it may use for encrypting Request Objects sent to the OpenID Connect provider. | ||||||||||||||||||||
| token_endpoint_auth_method_supported_setting | string | Indicates whether authentication at the token endpoint is supported. | ||||||||||||||||||||
| token_endpoint_auth_method | string[ ] |
The authentication method to be used at the token endpoint. Possible values (one or more):
Note: If the platform is using PingFederate 9.0x, the app certificate is available and private_key_jwt is specified, the platform uses the app's Client Registration JWKS URL in place of the app's certificate/shared secret when synchronizing the app with PingFederate. This depends on the platform's domain setup. |
||||||||||||||||||||
| token_endpoint_auth_methods | string | The token encryption authentication methods that are supported. Oone or more token_endpoint_auth_method values. | ||||||||||||||||||||
| token_endpoint_auth_signing_alg | string |
JWS alg algorithm that MUST be used for signing the JWT used to authenticate the Client at the Token Endpoint for the private_key_jwt and client_secret_jwt authentication methods. Corresponds to Private Key JWT Signing Algorithm in the user interface. Supported values 2020.2.8 and later:
|
||||||||||||||||||||
| grant_expiration_setting | string | The grant expiration setting. | ||||||||||||||||||||
| grant_types_setting | string | The grant types setting. | ||||||||||||||||||||
| access_token_expiry_setting | string | The expiration setting for access token expiration. | ||||||||||||||||||||
| grant_expiration_hours | integer | Grant expiration time, in hours. | ||||||||||||||||||||
| access_token_expiry | long | The access token expiration setting. | ||||||||||||||||||||
| bypass_authorization | Boolean | Indicates whether it is OK to bypass the Authorization step in the OAuth process. Boolean; default = false. Optional in request. | ||||||||||||||||||||
| default_max_age | integer | Default maximum grant age. | ||||||||||||||||||||
| default_acr_values | string | Default requested Authentication Context Class Reference values | ||||||||||||||||||||
| initiate_login_uri | string | URI using the https scheme that a third party can use to initiate a login by the Relying Party. | ||||||||||||||||||||
| request_uris | string | Array of request_uri values that are pre-registered by the Relying Party for use at the OpenID Connect provider. | ||||||||||||||||||||
| post_logout_redirect_uris | string | One or more redirect URLs. Required in the request when adding or changing OAuth client properties. | ||||||||||||||||||||
| enforceReplayPrevention | Boolean | Optional. Choose this option if the client uses signed JWTs for client authentication or transmission of request parameters, or both, and the JWT should be unique for each request. | ||||||||||||||||||||
| requireSignedRequests | Boolean | Optional. | ||||||||||||||||||||
| restrictedScopes | string | Optional. One or more.
If you want to restrict the client's use of scopes to only allow specified common scopes, choose one or more scopes that the app can use, from the following:
Note: You cannot restrict openid and profile scopes. All apps have access to these scopes. |
||||||||||||||||||||
| restrictedResponseTypes | string | Optional. One or more.
If you want to restrict app/API interactions to only allow specified response types, choose one or more response types that are valid for the app:
Note: You cannot restrict code and id_token token. These response types are valid for all apps. |