Create a new OAuth2 client

Create a new client ID/secret pair that can be used with the client credentials grant type. A valid SlashID organization ID and API key must be used to authenticate and authorize the request. The client credentials can be configured.

SlashID currently supports the following OAuth 2.0 grants:

• client credentials
• authorization code
• refresh token The grant_types field may contain only the values client_credentials and authorization_code. Other values will return a 400 error code.

The client credentials grant requires a client secret, and so all clients allowing that grant should be regarded as confidential, as defined in the OAuth 2.0 specification (https://oauth.net/2/client-types/).

The response body will include the client ID and client secret. For the client credentials grant, these can be used with the /oauth2/tokens endpoints to obtain an access token. For the authorization code grant, these can be used as described in the OAuth 2.0 specification. The client secret must be stored securely, and cannot be retrieved in subsequent API calls. If you lose the client secret, a new secret can be generated using the PUT /oauth2/clients/{oauth_client_id}/secret endpoint.

Header Parameters

• SlashID-OrgID string required

  The organization ID

  Example: af5fbd30-7ce7-4548-8b30-4cd59cb2aba1
• SlashID-Required-Consistency string

  Possible values: [local_region, all_regions]

  Default value: local_region

  The consistency level required for this request. If the consistency level is not achieved within the timeout, the request will fail with a 408 Request Timeout error. 408 Request Timeout error indicates that request was not handled within the timeout, but it may still be handled after request timeout. Allowed values: * local_region: Wait while the request executes in the local region. * all_regions: Wait while the request executes across all regions. You can learn more about our replication model on our Cross-region Replication Model page.

• SlashID-Required-Consistency-Timeout integer

  Possible values: >= 1 and <= 120

  Default value: 30

  The maximum amount of seconds to wait for the requested consistency level to be achieved. If the consistency level is not achieved within this time, the request will fail with a 408 Request Timeout error. 408 Request Timeout error indicates that request was not handled within the timeout, but it may still be handled after request timeout. You can learn more about our replication model on our Cross-region Replication Model page.

application/json

Request Body

• client_name string required

  Human-friendly name to identify this client.

• scopes string[] required

  The scopes this client is allowed to request.

• grant_types string[] required

  Possible values: [client_credentials, authorization_code, refresh_token]

  The client's allowed grant types.

• access_token_duration integer

  How long (in seconds) access tokens should be valid for. If unspecified, this defaults to 24 hours (86,400 seconds). For OIDC flows, this value is also used as the ID token duration.

• refresh_token_duration integer

  How long (in seconds) refresh tokens should be valid for. If unspecified, this defaults to 10 days (864,000 seconds).

• redirect_uris uri[]

  The client's allowed redirect URIs.

• public boolean

  Indicates if this client is marked as public. Public clients are unable to use registered client secrets, such as applications running in a browser or on a mobile device. Defaults to false.

Responses

• 201
• 400

---

Created

application/json

• Schema
• Example (from schema)

---

Schema

• meta object

  pagination object

  limit integer

  offset integer

  total_count int64
• errors object[]

  httpcode integer

  message string
• result object

  client_id string

  The client identifier.

  client_name string

  Human-friendly name to identify this client.

  grant_types string[]

  Possible values: [client_credentials, authorization_code, refresh_token]

  The client's allowed grant types.

  response_types array[]

  Possible values: [code, id_token, token]

  The client's allowed response types. All allowed combinations of response types have to be listed.

  scopes string[]

  The scopes this client is allowed to request.

  access_token_duration integer

  How long (in seconds) access tokens should be valid for. If unspecified, this defaults to 24 hours (86,400 seconds). For OIDC flows, this value is also used as the ID token duration.

  refresh_token_duration integer

  How long (in seconds) refresh tokens should be valid for. If unspecified, this defaults to 10 days (864,000 seconds).

  public boolean

  Indicates if this client is marked as public. Public clients are unable to use registered client secrets, such as applications running in a browser or on a mobile device. Defaults to false.

  redirect_uris uri[]

  The client's allowed redirect URIs.

  created_at date-time

  last_used date-time

  client_secret string

  The client secret key.

{
  "meta": {
    "pagination": {
      "limit": 0,
      "offset": 0,
      "total_count": 0
    }
  },
  "errors": [
    {
      "httpcode": 0,
      "message": "string"
    }
  ],
  "result": {
    "client_id": "string",
    "client_name": "string",
    "grant_types": [
      "client_credentials"
    ],
    "response_types": [
      [
        "code"
      ]
    ],
    "scopes": [
      "string"
    ],
    "access_token_duration": 0,
    "refresh_token_duration": 0,
    "public": true,
    "redirect_uris": [
      "string"
    ],
    "created_at": "2005-12-24T18:29:30.033157Z",
    "last_used": "2005-12-24T18:29:30.033157Z",
    "client_secret": "string"
  }
}

Bad Request

application/json

• Schema
• Example (from schema)

---

Schema

• meta object

  pagination object

  limit integer

  offset integer

  total_count int64
• errors object[]

  httpcode integer

  message string

{
  "meta": {
    "pagination": {
      "limit": 0,
      "offset": 0,
      "total_count": 0
    }
  },
  "errors": [
    {
      "httpcode": 0,
      "message": "string"
    }
  ]
}