Guide

Create or modify a login client

Suggest Edits

Creating an OIDC Login Client


Call the /config/clients operation using the POST method to create an OIDC client for your Hosted Login implementation. Two things to keep in mind when creating or modifying your OIDC login clients:

  • Although you can use either public clients or confidential clients for user logins and registrations, ​Akamai​ strongly recommends [you use public clients). That’s because public clients don’t require you to maintain and exchange client secrets.

  • You’ll need to add at least one redirect URI to your login clients. Each authorization request includes a redirect_uri parameter that specifies the URL of the page the user is sent to following a successful authentication. However, this URL must be included in the redirectURIs property of your OIDC login client. If it isn’t, your authorization request fails with an “invalid_redirect_uri” error.

When configuring Bearer token authorization for this call, use the configuration token you provisioned in Get an administrative access token.


Request template

curl -X POST \
https://v1.api.<region>.janrain.com/<customer-id>/config/clients \
  -H 'Authorization: Bearer <token> \
  -H 'Content-Type: application/json' \
  -d '{
  "loginPolicy": "<login-policy-id>",
  "name": "<new-oidc-client-name>",
  "redirectURIs": [
    "<redirect-uri>"
  ],
  "tokenPolicy": "<token-policy-id>",
  "type": "<confidential-or-public>"
}'

Example request

curl -X POST \
https://v1.api.us.janrain.com/12345678-1234-1234-1234-123456789012/config/clients \
  -H 'Authorization: Bearer 123abc456...def789ghi' \
  -H 'Content-Type: application/json' \
  -d '{
  "loginPolicy": "1ab23c45-6789-0123-d4ef-5g678h90ijk1",
  "name": "Property 1 OIDC Client",
  "redirectURIs": [
    "https://mydomain.com"
  ],
  "tokenPolicy": "a123bcde-4f56-7890-gh12-i34j567k8l90",
  "type": "public"
}'

Example response

{
"id": "1ab23456-7c8d-90ef-g123-45hij6789012",
"name": "Property 1 OIDC Client",
    "redirectURIs": [
"https://mydomain.com"
    ],
    "loginPolicy": "1ab23c45-6789-0123-d4ef-5g678h90ijk1",
"tokenPolicy": "a123bcde-4f56-7890-gh12-i34j567k8l90",
    "type": "public",
    "_links": {
        "self": {
            "href": "/config/12345678-1234-1234-1234-123456789012/clients/1ab23456-7c8d-90ef-g123-45hij6789012"
        },
        "application_client": {
            "href": "/config/1abcdef2g3hijklmno4pqrs5tu/clients/abcdefghi12jkl3m4nopqr5stuvwxy67"
        }
    }
}

The response contains the ID of the OIDC client you just created. If you want to review this client configuration in the future, call the /config/clients/{oidcClientId} operation with the GET method.


📘

The client secret is returned in the response when you create a new confidential client but is not returned if you view the properties of an existing client. If you need to access the secret in the future, call the /config/clients/{oidcClientId}/secret operation with the GET method.

Updated almost 3 years ago