Manage Hosted Login clients and policies
Creating an OIDC Login Client
Manage the clients and policies that are integral parts of Hosted Login.
Manage Hosted Login clients and policies
-
Create an OIDC login client
You can't submit an authorization request without using an OpenID Connect login client. -
Create a Hosted Login configuration client
Configuration clients are used to obtain the administrative access tokens needed to call the Hosted Login APIs. -
Add a redirect URI to a login client
Each Hosted Login authorization request needs include a redirect URI, and that same redirect URI must be referenced by the login client. -
Add scopes to a token policy
Scopes specify the user profile information included in an identity token and/or made available from the userinfo endpoint following a successful authentication. -
Modify token lifetimes
Changing the time-to-live values for your access tokens and your refresh tokens. By default access tokens expire after 1 hour and refresh tokens expire after 90 days. -
Create custom claims
Return just about any user profile attribute following a successful authentication. -
List login policies
Return the title and ID for all your login policies. -
Create a login policy
Although a single login policy can be used by multiple OpenID Connect login clients, there will likely be times when you need additional policies. For example, you might want to direct certain users to a different login page, or store some user profiles in a different entity type. To do that, you need additional login policies. -
Modify a login policy
Although you should keep in mind that many of the property values in a login policy can’t be changed. -
Delete a login policy
This can be done, but only if the login policy isn’t currently associated with an OpenID Connect login client. -
List token policies
Token policies specify the time-to-live values for your access and refresh tokens, and determine the user profile scopes returned following a successful authentication. -
Create a token policy
You always have to have at least two token policies: one for user authorization requests, and one for use in obtaining configuration access tokens. Here’s what to do if you need more than two such policies. -
Modify a token policy
Especially useful if you want to make certain access or refresh tokens longer-lived (or shorter-lived) than others. -
Delete a token policy
Doable, as long as the token policy isn’t currently associated with an OpenID Connect client.
Related videos
Updated about 2 years ago