OIDC Service

Overview

Version information

Version : 1.0.0

URI scheme

Host : cloudentity.dev.cloudentity.com
BasePath : /api
Schemes : HTTPS

Consumes

application/json

Produces

application/json

Paths

GET /oauth/.well-known/openid-configuration

Description

https://openid.net/specs/openid-connect-discovery-1_0.html.

Responses

HTTP Code	Description	Schema
200	Openid Configuration response.	OpenidConfiguration

HTTP Code

Description

Schema

200

Openid Configuration response.

OpenidConfiguration

POST /oauth/authorize

Description

Authenticate user using OAuth 2.0 standard. User will be redirected to provider’s login page. For more details please find RFC: https://tools.ietf.org/html/rfc6749#section-3.1

Parameters

Type	Name	Description	Schema
Query	client_id required	OAuth Client Id	string
Query	redirect_uri optional	Client’s redirection endpoint	string
Query	response_type required	Response type * code -> server side flow * token -> client side flow	string
Query	scope optional	The scope of the access request	string
Query	state optional	An opaque value used by the client to maintain state between the request and callback	string

Type

Name

Description

Schema

Query

client_id
required

OAuth Client Id

string

Query

redirect_uri
optional

Client’s redirection endpoint

string

Query

response_type
required

Response type * code -> server side flow * token -> client side flow

string

Query

scope
optional

The scope of the access request

string

Query

state
optional

An opaque value used by the client to maintain state between the request and callback

string

Responses

HTTP Code	Description	Schema
302	Redirection to provider’s login page	No Content

HTTP Code

Description

Schema

302

Redirection to provider’s login page

No Content

Consumes

application/x-www-form-urlencoded

GET /oauth/authorize

Description

Authenticate user using OAuth 2.0 standard. User will be redirected to provider’s login page. For more details please find RFC: https://tools.ietf.org/html/rfc6749#section-3.1

Parameters

Type	Name	Description	Schema
Query	client_id required	OAuth Client Id	string
Query	redirect_uri optional	Client’s redirection endpoint	string
Query	response_type required	Response type * code -> server side flow * token -> client side flow	string
Query	scope optional	The scope of the access request	string
Query	state optional	An opaque value used by the client to maintain state between the request and callback	string

Type

Name

Description

Schema

Query

client_id
required

OAuth Client Id

string

Query

redirect_uri
optional

Client’s redirection endpoint

string

Query

response_type
required

Response type * code -> server side flow * token -> client side flow

string

Query

scope
optional

The scope of the access request

string

Query

state
optional

An opaque value used by the client to maintain state between the request and callback

string

Responses

HTTP Code	Description	Schema
302	Redirection to provider’s login page	No Content

HTTP Code

Description

Schema

302

Redirection to provider’s login page

No Content

Consumes

application/x-www-form-urlencoded

GET /oauth/consents/active

Description

List applications with approved consents used by a given user.

JWT must contain content.userUuid claim.

Responses

HTTP Code	Description	Schema
200	The results for an active consents associated with this user.	ActiveConsents
400	One of jwt claims is missing	ApiError

HTTP Code

Description

Schema

200

The results for an active consents associated with this user.

ActiveConsents

400

One of jwt claims is missing

ApiError

GET /oauth/consents/active/client/{clientId}

Description

Get active consent details.

Parameters

Type	Name	Description	Schema
Path	clientId required	Unique identifier of oauth client.	string

Type

Name

Description

Schema

Path

clientId
required

Unique identifier of oauth client.

string

Responses

HTTP Code	Description	Schema
200	Active application details	ConsentDetails
400	One of jwt claims is missing	ApiError
404	Consent has not been found	ApiError

HTTP Code

Description

Schema

200

Active application details

ConsentDetails

400

One of jwt claims is missing

ApiError

404

Consent has not been found

ApiError

DELETE /oauth/consents/active/client/{clientId}

Description

Remove consent (terminates access and refresh tokens).

Upon removal consent is stored in removed consents for historical purposes.

JWT must contain content.userUuid claim.

Parameters

Type	Name	Description	Schema
Path	clientId required	Unique identifier of oauth client.	string

Type

Name

Description

Schema

Path

clientId
required

Unique identifier of oauth client.

string

Responses

HTTP Code	Description	Schema
204	Consent removed.	No Content
400	One of jwt claims is missing	ApiError
404	Consent has not been found	ApiError

HTTP Code

Description

Schema

204

Consent removed.

No Content

400

One of jwt claims is missing

ApiError

404

Consent has not been found

ApiError

GET /oauth/consents/removed

Description

List consents which has been explicitly removed by user. This API is used for historical purposes. JWT must contain content.userUuid claim.

Responses

HTTP Code	Description	Schema
200	Removed consents	RemovedConsents
400	One of jwt claims is missing	ApiError

HTTP Code

Description

Schema

200

Removed consents

RemovedConsents

400

One of jwt claims is missing

ApiError

GET /oauth/consents/unused

Description

List consents for applications which hasn’t been used for some time. Time limit is defined in configuration. JWT must contain content.userUuid claim.

Responses

HTTP Code	Description	Schema
200	Removed consents	RemovedConsents
400	One of jwt claims is missing	ApiError

HTTP Code

Description

Schema

200

Removed consents

RemovedConsents

400

One of jwt claims is missing

ApiError

POST /oauth/introspect

Description

Returns meta information surrounding the token, including whether this token is currently active. For more details please find RFC: https://tools.ietf.org/html/rfc7662#section-2

Parameters

Type	Name	Description	Schema
FormData	token required	The string value of the token	string
FormData	token_type_hint optional	A hint about the type of the token submitted for introspection	string

Type

Name

Description

Schema

FormData

token
required

The string value of the token

string

FormData

token_type_hint
optional

A hint about the type of the token submitted for introspection

string

Responses

HTTP Code	Description	Schema
200	Meta information about token	Meta information about token
401	Invalid credentials	No Content

HTTP Code

Description

Schema

200

Meta information about token

401

Invalid credentials

No Content

Meta information about token

Name Description Schema

Name	Description	Schema
active required	Example : `true`	boolean
client_id optional	Example : `"e3445aa7-5ae9-41ba-8a34-28682e624129"`	string
exp optional	Example : `1419356238`	integer
expires_at optional	Example : `"email profile openid"`	string
scope optional	Example : `"2018-11-02T15:40:31+0000"`	string
token_type optional	Example : `"Bearer"`	string
user_id optional	Example : `"jdoe@cloudentity.com"`	string

active
required

Example : true

boolean

client_id
optional

Example : "e3445aa7-5ae9-41ba-8a34-28682e624129"

string

exp
optional

Example : 1419356238

integer

expires_at
optional

Example : "email profile openid"

string

scope
optional

Example : "2018-11-02T15:40:31+0000"

string

token_type
optional

Example : "Bearer"

string

user_id
optional

Example : "jdoe@cloudentity.com"

string

Consumes

application/x-www-form-urlencoded

Produces

application/json

GET /oauth/jwk

Description

JSON Web Key Set

For more details please find RFC: https://tools.ietf.org/html/rfc7517

Responses

HTTP Code	Description	Schema
200	Json Web Key Set.	JwkResponse

HTTP Code

Description

Schema

200

Json Web Key Set.

JwkResponse

Produces

application/json

POST /oauth/register

Description

Public endpoint to register oauth clients. Disabled by default. For more details please find RFC: https://tools.ietf.org/html/rfc7591

Parameters

Type	Name	Description	Schema
Body	requestBody required	Dynamic Client Registration Request	DynamicClientRegistration

Type

Name

Description

Schema

Body

requestBody
required

Dynamic Client Registration Request

DynamicClientRegistration

Responses

HTTP Code	Description	Schema
201	Dynamic Client Registration response.	DynamicClientRegistrationResponse
400	"error": "Bad Request" "error_description": "Dynamic client registration is disabled"	No Content

HTTP Code

Description

Schema

201

Dynamic Client Registration response.

DynamicClientRegistrationResponse

400

"error": "Bad Request" "error_description": "Dynamic client registration is disabled"

No Content

Consumes

application/json

POST /oauth/revoke

Description

Revokes token or ignores request if token is not valid For more details please find RFC: https://tools.ietf.org/html/rfc7009#section-2

Parameters

Type	Name	Description	Schema
FormData	token required	The string value of the token	string
FormData	token_type_hint optional	A hint about the type of the token submitted for introspection	string

Type

Name

Description

Schema

FormData

token
required

The string value of the token

string

FormData

token_type_hint
optional

A hint about the type of the token submitted for introspection

string

Responses

HTTP Code	Description	Schema
200	Done	No Content
400	OAuth Error	Error object

HTTP Code

Description

Schema

200

Done

No Content

400

OAuth Error

Error object

Error object

Name Description Schema

Name	Description	Schema
error required	Example : `"invalid_request"`	string
error_description optional	Example : `"missing parameter"`	string
error_uri optional	Example : `"http://uri-to-error-description"`	string

error
required

Example : "invalid_request"

string

error_description
optional

Example : "missing parameter"

string

error_uri
optional

Example : "http://uri-to-error-description"

string

Consumes

application/x-www-form-urlencoded

Produces

application/json

POST /oauth/token

Description

Obtain an access token by presenting its authorization grant or refresh token For more details please find RFC: https://tools.ietf.org/html/rfc6749#section-3.2 and https://tools.ietf.org/html/rfc6749#section-4.1.3

Parameters

Type	Name	Description	Schema
FormData	access_token optional	Access token (only applies to https://cloudentity.com/oauth/grant_type/refresh_token flow)	string
FormData	client_id optional	OAuth Client Id	string
FormData	client_secret optional	OAuth Client Secret	string
FormData	code optional	The authorization code received from the authorization server	string
FormData	grant_type required	Depending on oauth flow, one of: "authorization_code", "refresh_token", "client_credentials", "password", "https://cloudentity.com/oauth/grant_type/refresh_token"	string
FormData	password optional	User password (used only in Resource Owner Password Grant)	string
FormData	redirect_uri optional	Client’s redirection endpoint	string
FormData	refresh_token optional	Refresh token	string
FormData	scope optional	Comma separated scopes	string
FormData	username optional	Username (used only in Resource Owner Password Grant)	string

Type

Name

Description

Schema

FormData

access_token
optional

Access token (only applies to https://cloudentity.com/oauth/grant_type/refresh_token flow)

string

FormData

client_id
optional

OAuth Client Id

string

FormData

client_secret
optional

OAuth Client Secret

string

FormData

code
optional

The authorization code received from the authorization server

string

FormData

grant_type
required

Depending on oauth flow, one of: "authorization_code", "refresh_token", "client_credentials", "password", "https://cloudentity.com/oauth/grant_type/refresh_token"

string

FormData

password
optional

User password (used only in Resource Owner Password Grant)

string

FormData

redirect_uri
optional

Client’s redirection endpoint

string

FormData

refresh_token
optional

Refresh token

string

FormData

scope
optional

Comma separated scopes

string

FormData

username
optional

Username (used only in Resource Owner Password Grant)

string

Responses

HTTP Code	Description	Schema
200	Access Token	Access Token
400	OAuth Error	Error object

HTTP Code

Description

Schema

200

Access Token

400

OAuth Error

Error object

Access Token

Name Description Schema

Name	Description	Schema
access_token required	Example : `"2YotnFZFEjr1zCsicMWpAA"`	string
expires_in optional	Example : `3600`	integer
id_token optional	JWT with user information	string
refresh_token optional	Example : `"tGzv3JOkF0XG5Qx2TlKWIA"`	string
scope optional	space separated scopes Example : `"email profile"`	string
token_type optional	Example : `"example"`	string

access_token
required

Example : "2YotnFZFEjr1zCsicMWpAA"

string

expires_in
optional

Example : 3600

integer

id_token
optional

JWT with user information

string

refresh_token
optional

Example : "tGzv3JOkF0XG5Qx2TlKWIA"

string

scope
optional

space separated scopes
Example : "email profile"

string

token_type
optional

Example : "example"

string

Error object

Name Description Schema

Name	Description	Schema
error required	Example : `"invalid_request"`	string
error_description optional	Example : `"missing parameter"`	string
error_uri optional	Example : `"http://uri-to-error-description"`	string

error
required

Example : "invalid_request"

string

error_description
optional

Example : "missing parameter"

string

error_uri
optional

Example : "http://uri-to-error-description"

string

Consumes

application/x-www-form-urlencoded

Produces

application/json

GET /oauth/userinfo

Description

OAuth 2.0 Protected Resource that returns Claims about the authenticated End-User. For more details please find: http://openid.net/specs/openid-connect-core-1_0.html#UserInfo

Parameters

Type	Name	Description	Schema
Header	Authorization required	Access Token	string

Type

Name

Description

Schema

Header

Authorization
required

Access Token

string

Responses

HTTP Code	Description	Schema
200	User Info	User Info
401	Unauthorized	No Content

HTTP Code

Description

Schema

200

User Info

401

Unauthorized

No Content

User Info

Name Description Schema

Name	Description	Schema
example_parameter optional	Example : `"example_value"`	string
sub required	Example : `"248289761001"`	string

example_parameter
optional

Example : "example_value"

string

sub
required

Example : "248289761001"

string

Produces

application/json

Definitions

ActiveApplicationDetails

Active consent details

Name	Description	Schema
appDescription optional	Application description	string
appName optional	Application name	string
clientId optional	OAuth client id	string
firstUsed optional	First used	string
lastUsed optional	Last used	string
resourceServers optional		< resourceServers > array

Name

Description

Schema

appDescription
optional

Application description

string

appName
optional

Application name

string

clientId
optional

OAuth client id

string

firstUsed
optional

First used

string

lastUsed
optional

Last used

string

resourceServers
optional

< resourceServers > array

resourceServers

Name	Description	Schema
description optional	resource server description	string
name optional	resource server name	string
scopes optional		< scopes > array

Name

Description

Schema

description
optional

resource server description

string

name
optional

resource server name

string

scopes
optional

< scopes > array

scopes

Name	Description	Schema
description optional	scope description	string
name optional	scope name	string

Name

Description

Schema

description
optional

scope description

string

name
optional

scope name

string

ActiveConsents

Active consents

Name	Description	Schema
consents optional	Active consents list	< consents > array

Name

Description

Schema

consents
optional

Active consents list

< consents > array

consents

Name	Description	Schema
appDescription optional	Application description	string
appName optional	Application name	string
clientId optional	OAuth client id	string
firstUsed optional	First used	string
lastUsed optional	Last used	string
resourceServers optional		< resourceServers > array

Name

Description

Schema

appDescription
optional

Application description

string

appName
optional

Application name

string

clientId
optional

OAuth client id

string

firstUsed
optional

First used

string

lastUsed
optional

Last used

string

resourceServers
optional

< resourceServers > array

resourceServers

Name	Description	Schema
description optional	resource server description	string
name optional	resource server name	string
scopes optional		< scopes > array

Name

Description

Schema

description
optional

resource server description

string

name
optional

resource server name

string

scopes
optional

< scopes > array

scopes

Name	Description	Schema
description optional	scope description	string
name optional	scope name	string

Name

Description

Schema

description
optional

scope description

string

name
optional

scope name

string

ApiError

Api error

Name	Description	Schema
code optional	Error code	string
details optional	Error details	object
message optional	Error message	string

Name

Description

Schema

code
optional

Error code

string

details
optional

Error details

object

message
optional

Error message

string

ClientDetails

Name Description Schema

Name	Description	Schema
accessTokenValiditySeconds optional	access token validity in seconds	integer
additionalInformation optional	additional information map	object
allowIntrospection optional	allow call to introspection endpoint	boolean
applicationType optional	application type Example : `"web \| native"`	string
authorities optional	authorities	< string > array
claimsRedirectUris optional	claimsRedirectUris	< string > array
clearAccessTokensOnRefresh optional	clear access token on refresh	boolean
clientDescription optional	client description	string
clientId optional	client id	string
clientName optional	client name	string
clientSecret optional	client secret	string
clientUri optional	client uri	string
codeChallengeMethod optional	code challenge method	string
contacts optional	contacts	< string > array
createdAt optional	created time	string (date-time)
customer optional	customer	string
defaultACRvalues optional		< string > array
defaultMaxAge optional	defaultMaxAge	integer
deviceCodeValiditySeconds optional	device code validity in seconds	integer
dynamicallyRegistered optional	is client dynamically registered	boolean
grantTypes optional	grant types	< string > array
id optional	internal id	string
idTokenEncryptedResponseAlg optional	idTokenEncryptedResponseAlg	string
idTokenEncryptedResponseEnc optional	idTokenEncryptedResponseEnc	string
idTokenSignedResponseAlg optional	idTokenSignedResponseAlg	string
idTokenValiditySeconds optional	id token validity in seconds	integer
initiateLoginUri optional	initiateLoginUri	string
jwks optional	JSON Web Key Set	string
jwksUri optional	jwks uri	string
logoUri optional	logo uri	string
policyUri optional	policy uri	string
postLogoutRedirectUris optional	postLogoutRedirectUris	< string > array
redirectUris optional		< string > array
refreshTokenValiditySeconds optional	refresh token validity in seconds	integer
requestObjectSigningAlg optional	request object signing alg	string
requestUris optional	requestUris	< string > array
requireAuthTime optional	requireAuthTime	boolean
resourceIds optional	resourceIds	< string > array
responseTypes optional	response types	< string > array
reuseRefreshToken optional	reuse refresh token	boolean
scope optional	scopes	< string > array
sectorIdentifierUri optional	sector identifier uri	string
softwareId optional	software id	string
softwareStatement optional	software statement	string
softwareVersion optional	software version	string
subjectType optional	subject type Example : `"pairwise \| public"`	string
tokenEndpointAuthMethod optional	token endpoint method Example : `"client_secret_post \| client_secret_basic (default) \| client_secret_jwt \| client_secret_jwt \| none."`	string
tokenEndpointAuthSigningAlg optional	tokenEndpointAuthSigningAlg	string
tosUri optional	terms of service uri	string
userInfoEncryptedResponseAlg optional	userInfoEncryptedResponseAlg	string
userInfoEncryptedResponseEnc optional	userInfoEncryptedResponseEnc	string
userInfoSignedResponseAlg optional	userInfoSignedResponseAlg	string

accessTokenValiditySeconds
optional

access token validity in seconds

integer

additionalInformation
optional

additional information map

object

allowIntrospection
optional

allow call to introspection endpoint

boolean

applicationType
optional

application type
Example : "web | native"

string

authorities
optional

authorities

< string > array

claimsRedirectUris
optional

claimsRedirectUris

< string > array

clearAccessTokensOnRefresh
optional

clear access token on refresh

boolean

clientDescription
optional

client description

string

clientId
optional

client id

string

clientName
optional

client name

string

clientSecret
optional

client secret

string

clientUri
optional

client uri

string

codeChallengeMethod
optional

code challenge method

string

contacts
optional

contacts

< string > array

createdAt
optional

created time

string (date-time)

customer
optional

customer

string

defaultACRvalues
optional

< string > array

defaultMaxAge
optional

defaultMaxAge

integer

deviceCodeValiditySeconds
optional

device code validity in seconds

integer

dynamicallyRegistered
optional

is client dynamically registered

boolean

grantTypes
optional

grant types

< string > array

id
optional

internal id

string

idTokenEncryptedResponseAlg
optional

idTokenEncryptedResponseAlg

string

idTokenEncryptedResponseEnc
optional

idTokenEncryptedResponseEnc

string

idTokenSignedResponseAlg
optional

idTokenSignedResponseAlg

string

idTokenValiditySeconds
optional

id token validity in seconds

integer

initiateLoginUri
optional

initiateLoginUri

string

jwks
optional

JSON Web Key Set

string

jwksUri
optional

jwks uri

string

logoUri
optional

logo uri

string

policyUri
optional

policy uri

string

postLogoutRedirectUris
optional

postLogoutRedirectUris

< string > array

redirectUris
optional

< string > array

refreshTokenValiditySeconds
optional

refresh token validity in seconds

integer

requestObjectSigningAlg
optional

request object signing alg

string

requestUris
optional

requestUris

< string > array

requireAuthTime
optional

requireAuthTime

boolean

resourceIds
optional

resourceIds

< string > array

responseTypes
optional

response types

< string > array

reuseRefreshToken
optional

reuse refresh token

boolean

scope
optional

scopes

< string > array

sectorIdentifierUri
optional

sector identifier uri

string

softwareId
optional

software id

string

softwareStatement
optional

software statement

string

softwareVersion
optional

software version

string

subjectType
optional

subject type
Example : "pairwise | public"

string

tokenEndpointAuthMethod
optional

token endpoint method
Example : "client_secret_post | client_secret_basic (default) | client_secret_jwt | client_secret_jwt | none."

string

tokenEndpointAuthSigningAlg
optional

tokenEndpointAuthSigningAlg

string

tosUri
optional

string

userInfoEncryptedResponseAlg
optional

userInfoEncryptedResponseAlg

string

userInfoEncryptedResponseEnc
optional

userInfoEncryptedResponseEnc

string

userInfoSignedResponseAlg
optional

userInfoSignedResponseAlg

string

ConsentDetails

Active application details

Name	Description	Schema
appDescription optional	Application description	string
appName optional	Application name	string
clientId optional	OAuth client id (appId??)	string
firstUsed optional	First used	string
lastUsed optional	Last used	string
resourceServers optional		< resourceServers > array

Name

Description

Schema

appDescription
optional

Application description

string

appName
optional

Application name

string

clientId
optional

OAuth client id (appId??)

string

firstUsed
optional

First used

string

lastUsed
optional

Last used

string

resourceServers
optional

< resourceServers > array

resourceServers

Name	Description	Schema
description optional	resource server description	string
name optional	resource server name	string
scopes optional		< scopes > array

Name

Description

Schema

description
optional

resource server description

string

name
optional

resource server name

string

scopes
optional

< scopes > array

scopes

Name	Description	Schema
description optional	scope description	string
name optional	scope name	string

Name

Description

Schema

description
optional

scope description

string

name
optional

scope name

string

CreateClient

Name Description Schema

Name	Description	Schema
accessTokenValiditySeconds optional	access token validity in seconds	integer
allowIntrospection optional	allow call to introspection endpoint	boolean
applicationType optional	application type Example : `"web \| native"`	string
authorities optional	authorities	< string > array
claimsRedirectUris optional	claimsRedirectUris	< string > array
clearAccessTokensOnRefresh optional	clear access token on refresh	boolean
clientDescription optional	client description	string
clientId optional	client id	string
clientName optional	client name	string
clientSecret optional	client secret	string
clientUri optional	client uri	string
codeChallengeMethod optional	code challenge method	string
contacts optional	contacts	< string > array
createdAt optional	created time	string (date-time)
customer optional	customer	string
defaultACRvalues optional		< string > array
defaultMaxAge optional	defaultMaxAge	integer
deviceCodeValiditySeconds optional	device code validity in seconds	integer
dynamicallyRegistered optional	is client dynamically registered	boolean
grantTypes optional	grant types	< string > array
idTokenEncryptedResponseAlg optional	idTokenEncryptedResponseAlg	string
idTokenEncryptedResponseEnc optional	idTokenEncryptedResponseEnc	string
idTokenSignedResponseAlg optional	idTokenSignedResponseAlg	string
idTokenValiditySeconds optional	id token validity in seconds	integer
initiateLoginUri optional	initiateLoginUri	string
jwks optional	JSON Web Key Set	string
jwksUri optional	jwks uri	string
logoUri optional	logo uri	string
policyUri optional	policy uri	string
postLogoutRedirectUris optional	postLogoutRedirectUris	< string > array
redirectUris optional		< string > array
refreshTokenValiditySeconds optional	refresh token validity in seconds	integer
requestObjectSigningAlg optional	request object signing alg	string
requestUris optional	requestUris	< string > array
requireAuthTime optional	requireAuthTime	boolean
resourceIds optional	resourceIds	< string > array
responseTypes optional	response types	< string > array
reuseRefreshToken optional	reuse refresh token	boolean
scope optional	scopes	< string > array
sectorIdentifierUri optional	sector identifier uri	string
softwareId optional	software id	string
softwareStatement optional	software statement	string
softwareVersion optional	software version	string
subjectType optional	subject type Example : `"pairwise \| public"`	string
tokenEndpointAuthMethod optional	token endpoint method Example : `"client_secret_post \| client_secret_basic (default) \| client_secret_jwt \| client_secret_jwt \| none."`	string
tokenEndpointAuthSigningAlg optional	tokenEndpointAuthSigningAlg	string
tosUri optional	terms of service uri	string
userInfoEncryptedResponseAlg optional	userInfoEncryptedResponseAlg	string
userInfoEncryptedResponseEnc optional	userInfoEncryptedResponseEnc	string
userInfoSignedResponseAlg optional	userInfoSignedResponseAlg	string

accessTokenValiditySeconds
optional

access token validity in seconds

integer

allowIntrospection
optional

allow call to introspection endpoint

boolean

applicationType
optional

application type
Example : "web | native"

string

authorities
optional

authorities

< string > array

claimsRedirectUris
optional

claimsRedirectUris

< string > array

clearAccessTokensOnRefresh
optional

clear access token on refresh

boolean

clientDescription
optional

client description

string

clientId
optional

client id

string

clientName
optional

client name

string

clientSecret
optional

client secret

string

clientUri
optional

client uri

string

codeChallengeMethod
optional

code challenge method

string

contacts
optional

contacts

< string > array

createdAt
optional

created time

string (date-time)

customer
optional

customer

string

defaultACRvalues
optional

< string > array

defaultMaxAge
optional

defaultMaxAge

integer

deviceCodeValiditySeconds
optional

device code validity in seconds

integer

dynamicallyRegistered
optional

is client dynamically registered

boolean

grantTypes
optional

grant types

< string > array

idTokenEncryptedResponseAlg
optional

idTokenEncryptedResponseAlg

string

idTokenEncryptedResponseEnc
optional

idTokenEncryptedResponseEnc

string

idTokenSignedResponseAlg
optional

idTokenSignedResponseAlg

string

idTokenValiditySeconds
optional

id token validity in seconds

integer

initiateLoginUri
optional

initiateLoginUri

string

jwks
optional

JSON Web Key Set

string

jwksUri
optional

jwks uri

string

logoUri
optional

logo uri

string

policyUri
optional

policy uri

string

postLogoutRedirectUris
optional

postLogoutRedirectUris

< string > array

redirectUris
optional

< string > array

refreshTokenValiditySeconds
optional

refresh token validity in seconds

integer

requestObjectSigningAlg
optional

request object signing alg

string

requestUris
optional

requestUris

< string > array

requireAuthTime
optional

requireAuthTime

boolean

resourceIds
optional

resourceIds

< string > array

responseTypes
optional

response types

< string > array

reuseRefreshToken
optional

reuse refresh token

boolean

scope
optional

scopes

< string > array

sectorIdentifierUri
optional

sector identifier uri

string

softwareId
optional

software id

string

softwareStatement
optional

software statement

string

softwareVersion
optional

software version

string

subjectType
optional

subject type
Example : "pairwise | public"

string

tokenEndpointAuthMethod
optional

token endpoint method
Example : "client_secret_post | client_secret_basic (default) | client_secret_jwt | client_secret_jwt | none."

string

tokenEndpointAuthSigningAlg
optional

tokenEndpointAuthSigningAlg

string

tosUri
optional

string

userInfoEncryptedResponseAlg
optional

userInfoEncryptedResponseAlg

string

userInfoEncryptedResponseEnc
optional

userInfoEncryptedResponseEnc

string

userInfoSignedResponseAlg
optional

userInfoSignedResponseAlg

string

CreateScope

Name	Description	Schema
defaultScope optional	is this a default scope for newly-registered clients	boolean
description optional	scope description	string
icon optional	class of the icon to display on the consent page	string
restricted optional	is this scope restricted to admin-only registration access	boolean
value optional	scope name	string

Name

Description

Schema

defaultScope
optional

is this a default scope for newly-registered clients

boolean

description
optional

scope description

string

icon
optional

class of the icon to display on the consent page

string

restricted
optional

is this scope restricted to admin-only registration access

boolean

value
optional

scope name

string

DynamicClientRegistration

Dynamic Client Registration Request

Name	Schema
client_name optional	string
jwks_uri optional	string
logo_uri optional	string
redirect_uris optional	< string > array
token_endpoint_auth_method optional	string

Name

Schema

client_name
optional

string

jwks_uri
optional

string

logo_uri
optional

string

redirect_uris
optional

< string > array

token_endpoint_auth_method
optional

string

DynamicClientRegistrationResponse

Dynamic Client Registration Request

Name	Schema
client_id required	string
client_id_issued_at optional	string
client_secret required	string
client_secret_expires_at optional	string

Name

Schema

client_id
required

string

client_id_issued_at
optional

string

client_secret
required

string

client_secret_expires_at
optional

string

IntrospectionResponse

Introspection response details

Name	Description	Schema
active required	true if access token is active, false otherwise	boolean
clientId optional	OAuth client id	string
organizationId optional	Organization identifier	string
scope optional	space separated list of scopes granted to access token	string
sub optional	User uuid or oauth client id	string
tokenType optional	Token type	string
userId optional	User uuid	string

Name

Description

Schema

active
required

true if access token is active, false otherwise

boolean

clientId
optional

OAuth client id

string

organizationId
optional

Organization identifier

string

scope
optional

space separated list of scopes granted to access token

string

sub
optional

User uuid or oauth client id

string

tokenType
optional

Token type

string

userId
optional

User uuid

string

IsAlive

Active consents

Name Description Schema

Name	Description	Schema
message optional	alive message Example : `"Oidc is alive"`	string

message
optional

alive message
Example : "Oidc is alive"

string

JwkResponse

Name	Schema
keys optional	< keys > array

Name

Schema

keys
optional

< keys > array

keys

Name	Schema
alg optional	string
e optional	string
kid optional	string
kty optional	string
n optional	string

Name

Schema

alg
optional

string

e
optional

string

kid
optional

string

kty
optional

string

n
optional

string

OpenidConfiguration

Name	Schema
authorization_endpoint optional	string
claim_types_supported optional	< string > array
claims_parameter_supported optional	boolean
claims_supported optional	< string > array
code_challenge_methods_supported optional	< string > array
device_authorization_endpoint optional	string
end_session_endpoint optional	string
grant_types_supported optional	< string > array
id_token_encryption_alg_values_supported optional	< string > array
id_token_encryption_enc_values_supported optional	< string > array
id_token_signing_alg_values_supported optional	< string > array
introspection_endpoint optional	string
issuer optional	string
jwks_uri optional	string
op_policy_uri optional	string
op_tos_uri optional	string
registration_endpoint optional	string
request_object_encryption_alg_values_supported optional	< string > array
request_object_encryption_enc_values_supported optional	< string > array
request_object_signing_alg_values_supported optional	< string > array
request_parameter_supported optional	boolean
request_uri_parameter_supported optional	boolean
require_request_uri_registration optional	boolean
response_types_supported optional	< string > array
revocation_endpoint optional	string
scopes_supported optional	< string > array
service_documentation optional	string
subject_types_supported optional	< string > array
token_endpoint optional	string
token_endpoint_auth_methods_supported optional	< string > array
token_endpoint_auth_signing_alg_values_supported optional	< string > array
userinfo_encryption_alg_values_supported optional	< string > array
userinfo_encryption_enc_values_supported optional	< string > array
userinfo_endpoint optional	string
userinfo_signing_alg_values_supported optional	< string > array

Name

Schema

authorization_endpoint
optional

string

claim_types_supported
optional

< string > array

claims_parameter_supported
optional

boolean

claims_supported
optional

< string > array

code_challenge_methods_supported
optional

< string > array

device_authorization_endpoint
optional

string

end_session_endpoint
optional

string

grant_types_supported
optional

< string > array

id_token_encryption_alg_values_supported
optional

< string > array

id_token_encryption_enc_values_supported
optional

< string > array

id_token_signing_alg_values_supported
optional

< string > array

introspection_endpoint
optional

string

issuer
optional

string

jwks_uri
optional

string

op_policy_uri
optional

string

op_tos_uri
optional

string

registration_endpoint
optional

string

request_object_encryption_alg_values_supported
optional

< string > array

request_object_encryption_enc_values_supported
optional

< string > array

request_object_signing_alg_values_supported
optional

< string > array

request_parameter_supported
optional

boolean

request_uri_parameter_supported
optional

boolean

require_request_uri_registration
optional

boolean

response_types_supported
optional

< string > array

revocation_endpoint
optional

string

scopes_supported
optional

< string > array

service_documentation
optional

string

subject_types_supported
optional

< string > array

token_endpoint
optional

string

token_endpoint_auth_methods_supported
optional

< string > array

token_endpoint_auth_signing_alg_values_supported
optional

< string > array

userinfo_encryption_alg_values_supported
optional

< string > array

userinfo_encryption_enc_values_supported
optional

< string > array

userinfo_endpoint
optional

string

userinfo_signing_alg_values_supported
optional

< string > array

RemovedConsent

Name	Description	Schema
appDescription optional	Application description	string
appName optional	Application name	string
clientId optional	OAuth client id (appId??)	string
firstUsed optional	First used	string
lastUsed optional	Last used	string
removalDate optional	Consent removal date	string
resourceServers optional		< resourceServers > array

Name

Description

Schema

appDescription
optional

Application description

string

appName
optional

Application name

string

clientId
optional

OAuth client id (appId??)

string

firstUsed
optional

First used

string

lastUsed
optional

Last used

string

removalDate
optional

Consent removal date

string

resourceServers
optional

< resourceServers > array

resourceServers

Name

Description

Schema

description
optional

resource server description

string

name
optional

resource server name

string

scopes
optional

< scopes > array

scopes

Name

Description

Schema

description
optional

scope description

string

name
optional

scope name

string

RemovedConsents

Removed consents

Name

Description

Schema

consents
optional

Removed consents list

< consents > array

consents

Name

Description

Schema

appDescription
optional

Application description

string

appName
optional

Application name

string

clientId
optional

OAuth client id (appId??)

string

firstUsed
optional

First used

string

lastUsed
optional

Last used

string

removalDate
optional

Consent removal date

string

resourceServers
optional

< resourceServers > array

resourceServers

Name

Description

Schema

description
optional

resource server description

string

name
optional

resource server name

string

scopes
optional

< scopes > array

scopes

Name

Description

Schema

description
optional

scope description

string

name
optional

scope name

string

ScopeDetails

Name

Description

Schema

defaultScope
optional

is this a default scope for newly-registered clients

boolean

description
optional

scope description

string

icon
optional

class of the icon to display on the consent page

string

id
optional

internal id

string

restricted
optional

is this scope restricted to admin-only registration access

boolean

value
optional

scope name

string

UnusedConsents

Unused consents

Name

Description

Schema

consents
optional

Unused consents list

< consents > array

consents

Name

Description

Schema

appDescription
optional

Application description

string

appName
optional

Application name

string

clientId
optional

OAuth client id (appId??)

string

firstUsed
optional

First used

string

lastUsed
optional

Last used

string

resourceServers
optional

< resourceServers > array

resourceServers

Name

Description

Schema

description
optional

resource server description

string

name
optional

resource server name

string

scopes
optional

< scopes > array

scopes

Name

Description

Schema

description
optional

scope description

string

name
optional

scope name

string

UpdateClientDetails

Name Description Schema

accessTokenValiditySeconds
optional

access token validity in seconds

integer

additionalInformation
optional

additional information map

object

allowIntrospection
optional

allow call to introspection endpoint

boolean

applicationType
optional

application type
Example : "web | native"

string

authorities
optional

authorities

< string > array

claimsRedirectUris
optional

claimsRedirectUris

< string > array

clearAccessTokensOnRefresh
optional

clear access token on refresh

boolean

clientDescription
optional

client description

string

clientId
optional

client id

string

clientName
optional

client name

string

clientSecret
optional

client secret

string

clientUri
optional

client uri

string

codeChallengeMethod
optional

code challenge method

string

contacts
optional

contacts

< string > array

createdAt
optional

created time

string (date-time)

customer
optional

customer

string

defaultACRvalues
optional

< string > array

defaultMaxAge
optional

defaultMaxAge

integer

deviceCodeValiditySeconds
optional

device code validity in seconds

integer

dynamicallyRegistered
optional

is client dynamically registered

boolean

grantTypes
optional

grant types

< string > array

id
optional

internal id

string

idTokenEncryptedResponseAlg
optional

idTokenEncryptedResponseAlg

string

idTokenEncryptedResponseEnc
optional

idTokenEncryptedResponseEnc

string

idTokenSignedResponseAlg
optional

idTokenSignedResponseAlg

string

idTokenValiditySeconds
optional

id token validity in seconds

integer

initiateLoginUri
optional

initiateLoginUri

string

jwks
optional

JSON Web Key Set

string

jwksUri
optional

jwks uri

string

logoUri
optional

logo uri

string

policyUri
optional

policy uri

string

postLogoutRedirectUris
optional

postLogoutRedirectUris

< string > array

redirectUris
optional

< string > array

refreshTokenValiditySeconds
optional

refresh token validity in seconds

integer

requestObjectSigningAlg
optional

request object signing alg

string

requestUris
optional

requestUris

< string > array

requireAuthTime
optional

requireAuthTime

boolean

resourceIds
optional

resourceIds

< string > array

responseTypes
optional

response types

< string > array

reuseRefreshToken
optional

reuse refresh token

boolean

scope
optional

scopes

< string > array

sectorIdentifierUri
optional

sector identifier uri

string

softwareId
optional

software id

string

softwareStatement
optional

software statement

string

softwareVersion
optional

software version

string

subjectType
optional

subject type
Example : "pairwise | public"

string

tokenEndpointAuthMethod
optional

token endpoint method
Example : "client_secret_post | client_secret_basic (default) | client_secret_jwt | client_secret_jwt | none."

string

tokenEndpointAuthSigningAlg
optional

tokenEndpointAuthSigningAlg

string

tosUri
optional

string

userInfoEncryptedResponseAlg
optional

userInfoEncryptedResponseAlg

string

userInfoEncryptedResponseEnc
optional

userInfoEncryptedResponseEnc

string

userInfoSignedResponseAlg
optional

userInfoSignedResponseAlg

string

UpdateScope

Name

Description

Schema

defaultScope
optional

is this a default scope for newly-registered clients

boolean

description
optional

scope description

string

icon
optional

class of the icon to display on the consent page

string

restricted
optional

is this scope restricted to admin-only registration access

boolean

value
optional

scope name

string

OIDC Service

Overview

Version information

URI scheme

Consumes

Produces

Paths

GET /oauth/.well-known/openid-configuration

Description

Responses

Tags

POST /oauth/authorize

Description

Parameters

Responses

Consumes

Tags

GET /oauth/authorize

Description

Parameters

Responses

Consumes

Tags

GET /oauth/consents/active

Description

Responses

Tags

GET /oauth/consents/active/client/{clientId}

Description

Parameters

Responses

Tags

DELETE /oauth/consents/active/client/{clientId}

Description

Parameters

Responses

Tags

GET /oauth/consents/removed

Description

Responses

Tags

GET /oauth/consents/unused

Description

Responses

Tags

POST /oauth/introspect

Description

Parameters

Responses

Consumes

Produces

Tags

GET /oauth/jwk

Description

Responses

Produces

Tags

POST /oauth/register

Description

Parameters

Responses

Consumes

Tags

POST /oauth/revoke

Description

Parameters

Responses

Consumes

Produces

Tags

POST /oauth/token

Description

Parameters

Responses

Consumes

Produces

Tags

GET /oauth/userinfo

Description

Parameters