Manage Hosted Login clients and policies

Creating an OIDC Login Client


Manage the clients and policies that are integral parts of Hosted Login.


Manage Hosted Login clients and policies

  • Create an OIDC login client
    You can't submit an authorization request without using an OpenID Connect login client.

  • Create a Hosted Login configuration client
    Configuration clients are used to obtain the administrative access tokens needed to call the Hosted Login APIs.

  • Add a redirect URI to a login client
    Each Hosted Login authorization request needs include a redirect URI, and that same redirect URI must be referenced by the login client.

  • Add scopes to a token policy
    Scopes specify the user profile information included in an identity token and/or made available from the userinfo endpoint following a successful authentication.

  • Modify token lifetimes
    Changing the time-to-live values for your access tokens and your refresh tokens. By default access tokens expire after 1 hour and refresh tokens expire after 90 days.

  • Create custom claims
    Return just about any user profile attribute following a successful authentication.

  • List login policies
    Return the title and ID for all your login policies.

  • Create a login policy
    Although a single login policy can be used by multiple OpenID Connect login clients, there will likely be times when you need additional policies. For example, you might want to direct certain users to a different login page, or store some user profiles in a different entity type. To do that, you need additional login policies.

  • Modify a login policy
    Although you should keep in mind that many of the property values in a login policy can’t be changed.

  • Delete a login policy
    This can be done, but only if the login policy isn’t currently associated with an OpenID Connect login client.

  • List token policies
    Token policies specify the time-to-live values for your access and refresh tokens, and determine the user profile scopes returned following a successful authentication.

  • Create a token policy
    You always have to have at least two token policies: one for user authorization requests, and one for use in obtaining configuration access tokens. Here’s what to do if you need more than two such policies.

  • Modify a token policy
    Especially useful if you want to make certain access or refresh tokens longer-lived (or shorter-lived) than others.

  • Delete a token policy
    Doable, as long as the token policy isn’t currently associated with an OpenID Connect client.


Related videos