Create or modify a login client
Creating an OIDC Login Client
Call the /config/clients operation using the POST method to create an OIDC client for your Hosted Login implementation. Two things to keep in mind when creating or modifying your OIDC login clients:
-
Although you can use either public clients or confidential clients for user logins and registrations, Akamai strongly recommends [you use public clients). That’s because public clients don’t require you to maintain and exchange client secrets.
-
You’ll need to add at least one redirect URI to your login clients. Each authorization request includes a redirect_uri parameter that specifies the URL of the page the user is sent to following a successful authentication. However, this URL must be included in the redirectURIs property of your OIDC login client. If it isn’t, your authorization request fails with an “invalid_redirect_uri” error.
When configuring Bearer token authorization for this call, use the configuration token you provisioned in Get an administrative access token.
Request template
curl -X POST \
https://v1.api.<region>.janrain.com/<customer-id>/config/clients \
-H 'Authorization: Bearer <token> \
-H 'Content-Type: application/json' \
-d '{
"loginPolicy": "<login-policy-id>",
"name": "<new-oidc-client-name>",
"redirectURIs": [
"<redirect-uri>"
],
"tokenPolicy": "<token-policy-id>",
"type": "<confidential-or-public>"
}'
Example request
curl -X POST \
https://v1.api.us.janrain.com/12345678-1234-1234-1234-123456789012/config/clients \
-H 'Authorization: Bearer 123abc456...def789ghi' \
-H 'Content-Type: application/json' \
-d '{
"loginPolicy": "1ab23c45-6789-0123-d4ef-5g678h90ijk1",
"name": "Property 1 OIDC Client",
"redirectURIs": [
"https://mydomain.com"
],
"tokenPolicy": "a123bcde-4f56-7890-gh12-i34j567k8l90",
"type": "public"
}'
Example response
{
"id": "1ab23456-7c8d-90ef-g123-45hij6789012",
"name": "Property 1 OIDC Client",
"redirectURIs": [
"https://mydomain.com"
],
"loginPolicy": "1ab23c45-6789-0123-d4ef-5g678h90ijk1",
"tokenPolicy": "a123bcde-4f56-7890-gh12-i34j567k8l90",
"type": "public",
"_links": {
"self": {
"href": "/config/12345678-1234-1234-1234-123456789012/clients/1ab23456-7c8d-90ef-g123-45hij6789012"
},
"application_client": {
"href": "/config/1abcdef2g3hijklmno4pqrs5tu/clients/abcdefghi12jkl3m4nopqr5stuvwxy67"
}
}
}
The response contains the ID of the OIDC client you just created. If you want to review this client configuration in the future, call the /config/clients/{oidcClientId} operation with the GET method.
The client secret is returned in the response when you create a new confidential client but is not returned if you view the properties of an existing client. If you need to access the secret in the future, call the /config/clients/{oidcClientId}/secret operation with the GET method.
Updated about 1 year ago