OIDC Dynamic Clients

OpenID Connect (OIDC) publishes a specification that allows registration of a client to an OpenID Connect Provider.

This enables someone to onboard their application to an OpenID Connect provider through a standard well-formed API. See the specification https://openid.net/specs/openid-connect-registration-1_0.html.

The primary information that an application administrator is required to provide is the redirect URI the application uses when requesting an identity.

To use dynamic client registration, we must be using an OIDC-enabled definition and have the option Enable Client Registration set to true. See Create an API protection definition.

• OIDC Dynamic Clients- Authentication and deployment
  There are considerations to take when we are deploying a definition that allows the registration of clients through a public API.
• OIDC Dynamic Clients- Register a client
  To register a client, issue a HTTP POST to the Client Registration Endpoint.
• OIDC Dynamic Clients- Retrieve a dynamic client
  When a client is registered, a registration_client_uri is returned in the payload.
• OIDC Dynamic Clients- Custom Identifiers
  We can customize the value of the client_id, client_secret and registration_access_token issued to the application.
• OIDC Dynamic Clients- Update a client
  To update a client, issue a HTTP PUT to the clients management endpoint.
• OIDC Dynamic Clients- Delete a client
  To delete a dynamic client, issue a HTTP DELETE to the client management endpoint.

Parent topic: OAuth 2.0 and OIDC support