Update an OIDC Client - PUT /OIDCClients/{id}

Update the OIDC client details according to OIDC Client Id.

The ‘Manage Clients’ permission is required to execute this API.

Usage:

GET /OIDCClients/{id} and get details of an OIDC client
PUT /OIDCClients/{id} and update the OIDC client details

URL

/cxrestapi/auth/OIDCClients/{id}

Method:

PUT

Authorization: Bearer <access token value>
Content-Type: application/json;v=1.0

Parameters

Required:

id=[integer] - Unique Id of the OIDC client

updateClientModel=[body]: Specifies the OIDC client details to update
clientId=[string] – Client Id
clientName=[string] – Client display name
allowOfflineAccess=[boolean] - Whether this client can request refresh tokens (true, false)
clientSecrets=[string] - Credentials to access the token endpoint
allowedGrantTypes=[string] - Grant types the client is allowed to use ("client_credentials","implicit","authorization_code","hybrid", "password")
allowedScopes=[string] - Scopes the client is allowed to use (access_control_api)
enabled=[boolean] - Whether client is enabled (true, false)
requireClientSecret=[boolean] - Whether this client needs a secret to request tokens from the token endpoint (true, false)
redirectUris=[string] - Allowed URIs to return tokens or authorization codes to. This is a required field for “implict” and “authorization_code” grant types
postLogoutRedirectUris=[string] - Allowed URIs to redirect to after logout
frontChannelLogoutUri=[string] - Logout URI at client for HTTP based front-channel logout.
frontChannelLogoutSessionRequired=[boolean] - Whether the user’s session Id should be sent to the FrontChannelLogoutUri (true, false)
backChannelLogoutUri=[string] - Logout URI at client for HTTP based back-channel logout.
backChannelLogoutSessionRequired=[boolean] – Whether the user’s session Id should be sent in the request to the BackChannelLogoutUri (true, false)
identityTokenLifetime=[integer] - Timeframe to identity token (in seconds). Default: 300 seconds/5 minutes
accessTokenLifetime=[integer] – Timeframe of access token (in seconds). Default: 3600 seconds/1 hour
authorizationCodeLifetime=[integer] - Timeframe of authorization code (in seconds). Default: 300 seconds/5 minutes
absoluteRefreshTokenLifetime=[integer] - Maximum timeframe of a refresh token (in seconds). Default: 2592000 seconds/30 days
slidingRefreshTokenLifetime=[integer] - Sliding timeframe of a refresh token (in seconds). Defaults: 1296000 seconds/15 days
refreshTokenUsage=[integer] – Refresh token usage: ReUse = 0, the refresh token handle will stay the same when refreshing tokens, OneTime = 1, the refresh token handle will be updated when refreshing tokens
refreshTokenExpiration=[integer] – Refresh token expiration: Absolute = 0, the refresh token will expire on a fixed point in time (specified by the AbsoluteRefreshTokenLifetime), Sliding = 1, when refreshing the token, the lifetime of the refresh token will be renewed(by the amount specified in SlidingRefreshTokenLifetime). The timeframe will not exceed AbsoluteRefreshTokenLifetime
allowedCorsOrigins=[string] - If specified, will be used by the default CORS policy service implementations (In-Memory and EF) to build a CORS policy for JavaScript clients. This is a required field for “implict” grant type
allowAccessTokensViaBrowser=[string] - Whether this client is allowed to receive access tokens via the browser. This is useful to harden flows that allow multiple response types (e.g. by disallowing a hybrid flow client that is supposed to use code id_token to add the token response type and thus leaking the token to the browser (true/false).
claims=[uniqueItems]: type=[string], value=[string] - Allows settings claims for the client (true/false ). This will be included in the access token.
clientClaimsPrefix=[string] - The prefix of client claim types.

Success Response:

Code: 204 Success

Error Response:

Code: 400 Bad Request
Code: 401 Unauthorized
Code: 403 Forbidden
Code: 404 Not found

Sample Response:

no content

Notes:

Updates the OIDC client details according to OIDC client Id and defined parameters. Once the request is successful, it does not return any content. If the request fails, it returns an error response.