Dynamic Client Registration
This endpoint is based on the OpenId Connect Dynamic Client Registration specification.
Use this endpoint to dynamically create OpenId Connect clients within a OneLogin account.
Upon registration of a new OIDC application the client metadata for the application is returned including the client_id and client_secret.
Dynamic Client Registration is often used by API Gateways such as Mulesoft to allow developers to create clients that will be used for authorizing API requests.
Note that after a new client is registered you will still need to assign access to relevant users before they will be able to authenticate and generate access tokens.
API Authorization Servers
By linking the the newly registered client to an API Authorization Server it’s possible to generate JWT Access Tokens with custom scopes and claims.
Resource URL
https://<subdomain>.onelogin.com/oidc/2/registerResource Parameter
subdomain required string |
Set to the e.g. |
Header Parameters
Authorization required string | Set to Set The access token must have been generated using an API credential pair created using the scope required to call this API. This API can be called using any one of the following scopes: |
Content-Type required string |
Set to application/json. |
Request Parameter
client_name required string |
The name of the OIDC app that will get created. |
application_type string |
Optional. Defaults to web. For native app set this to native. |
redirect_uris array |
An allow-list of callback uris for the client application. |
token_endpoint_auth_method string |
One of “client_secret_basic”, “client_secret_post”, or “none” |
Sample Request Body
{
"application_type": "web",
"redirect_uris": [
"https://client.example.org/callback",
"https://client.example.org/callback2"
],
"client_name": "My Example Web",
"token_endpoint_auth_method": "client_secret_basic"
}
Sample Response
- 200 OK
- 400 Bad Request
- 401 Unauthorized
{
"application_type": "web",
"grant_types": [
"authorization_code",
"implicit",
"password",
"refresh_token",
"client_credentials"
],
"id_token_signed_response_alg": "RS256",
"require_auth_time": false,
"response_types": [
"code",
"id_token token",
"id_token"
],
"subject_type": "public",
"token_endpoint_auth_method": "client_secret_basic",
"post_logout_redirect_uris": [],
"client_id_issued_at": 1621568316,
"client_id": "f2ee8ba0-9c13-0139-64c9-062676ef80ab118462",
"client_name": "My Example App",
"client_secret_expires_at": 0,
"client_secret": "c8162742axxxxxb79838c884cbxxxxxx9baa250c9545",
"initiate_login_uri": "https://acme.onelogin.com",
"logo_uri": "https://acme.onelogin.com/images/missing_connector_icon/square/original.png",
"redirect_uris": [
"https://client.example.org/callback",
"https://client.example.org/callback2"
],
"introspection_endpoint_auth_method": "client_secret_basic",
"revocation_endpoint_auth_method": "client_secret_basic",
"login_url": "https://acme.onelogin.com",
"app_id": 000000,
"account_id": 000000
}{
"error": "invalid_redirect_uri",
"error_description": "redirect_uris is mandatory property"
}{
"error": "UnauthorizedError",
"error_description": "Unauthorized"
}Sample Code
Replace sample values indicated by < > with your actual values then paste into your browser window.
curl 'https://<api-domain>/oidc/2/register' \
-X POST \
-H "Authorization: bearer <access_token>" \
-H "Content-Type: application/json" \
-d '{
"application_type": "web",
"redirect_uris": [
"https://client.example.org/callback",
"https://client.example.org/callback2"
],
"client_name": "My Example Web 23",
"subject_type": "public",
"token_endpoint_auth_method": "client_secret_basic"
}'Postman Collection
Replace sample variables indicated by {{ }} with your actual values.
Download for the OpenId Connect API
Have a Question?
Found a problem or a bug? Submit a support ticket.
Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.
Have a product idea or request? Share it with us in our Ideas Portal.