See openid-connect Menu

Dynamic Client Registration


This endpoint is based on the OpenId Connect Dynamic Client Registration specification.

Use this endpoint to dynamically create OpenId Connect clients within a OneLogin account.

Upon registration of a new OIDC application the client metadata for the application is returned including the client_id and client_secret.

Dynamic Client Registration is often used by API Gateways such as Mulesoft to allow developers to create clients that will be used for authorizing API requests.

Note that after a new client is registered you will still need to assign access to relevant users before they will be able to authenticate and generate access tokens.

API Authorization Servers

By linking the the newly registered client to an API Authorization Server it’s possible to generate JWT Access Tokens with custom scopes and claims.

Resource URL

https://<subdomain>.onelogin.com/oidc/2/register

Resource Parameter

subdomain

required

string

Set to the subdomain of your OneLogin instance.

e.g. oidc-sample where the instance is https://oidc-sample.onelogin.com

Header Parameters

Authorization

required

string

Set to bearer <access_token>.

Set <access_token> to the access token you generated using the Generate Token API.

The access token must have been generated using an API credential pair created using the scope required to call this API. This API can be called using any one of the following scopes: Manage All.

Content-Type

required

string

Set to application/json.

Request Parameter

client_name

required

string

The name of the OIDC app that will get created.

application_type

string

Optional. Defaults to web.

For native app set this to native.

redirect_uris

array

A whitelist of callback uris for the client application.

token_endpoint_auth_method

string

One of “client_secret_basic”, “client_secret_post”, or “none”

Sample Request Body

  {
  "application_type": "web",
  "redirect_uris": [
    "https://client.example.org/callback",
    "https://client.example.org/callback2"
  ],
  "client_name": "My Example Web",
  "token_endpoint_auth_method": "client_secret_basic"
}

Sample Response

{
    "application_type": "web",
    "grant_types": [
        "authorization_code",
        "implicit",
        "password",
        "refresh_token",
        "client_credentials"
    ],
    "id_token_signed_response_alg": "RS256",
    "require_auth_time": false,
    "response_types": [
        "code",
        "id_token token",
        "id_token"
    ],
    "subject_type": "public",
    "token_endpoint_auth_method": "client_secret_basic",
    "post_logout_redirect_uris": [],
    "client_id_issued_at": 1621568316,
    "client_id": "f2ee8ba0-9c13-0139-64c9-062676ef80ab118462",
    "client_name": "My Example App",
    "client_secret_expires_at": 0,
    "client_secret": "c8162742axxxxxb79838c884cbxxxxxx9baa250c9545",
    "initiate_login_uri": "https://acme.onelogin.com",
    "logo_uri": "https://acme.onelogin.com/images/missing_connector_icon/square/original.png",
    "redirect_uris": [
        "https://client.example.org/callback",
        "https://client.example.org/callback2"
    ],
    "introspection_endpoint_auth_method": "client_secret_basic",
    "revocation_endpoint_auth_method": "client_secret_basic",
    "login_url": "https://acme.onelogin.com",
    "app_id": 000000,
    "account_id": 000000
}
{
    "error": "invalid_redirect_uri",
    "error_description": "redirect_uris is mandatory property"
}
{
    "error": "UnauthorizedError",
    "error_description": "Unauthorized"
}

Sample Code

Replace sample values indicated by < > with your actual values then paste into your browser window.

curl 'https://<api-domain>/oidc/2/register' \
-X POST \
-H "Authorization: bearer <access_token>" \
-H "Content-Type: application/json" \
-d '{
    "application_type": "web",
    "redirect_uris": [
      "https://client.example.org/callback",
      "https://client.example.org/callback2"
    ],
    "client_name": "My Example Web 23",
    "subject_type": "public",
    "token_endpoint_auth_method": "client_secret_basic"
  }'

Postman Collection

Replace sample variables indicated by {{ }} with your actual values.

Download for the OpenId Connect API


Have a Question?

Have a how-to question? Seeing a weird error? Ask us about it on StackOverflow.

Found a bug? Submit a support ticket.

Have a product idea or request? Share it with us in our Ideas Portal.