Client configuration

The tables below describe mandatory and common parameters on the client model used in Web API (and cmdlets).

Client properties

Parameter name Parameter type Description
ClientId String Unique identifier of the client. Required
ClientName String User friendly name of the client - Client display name (used for logging and consent screen) Required
ClientUri String Uri to further information about client.
ClientSecrets List\<Secret> Client secrets - only relevant for flows that require a secret Note When registering client with secret(s) leave the Value and Type of the secret unset. IDS will automatically generate them. See more about secret registration
Flow enum Flows Flows defines the following possible values: (Defaults to Implicit.):
- AuthorizationCode (0),
- Implicit (1),
- Hybrid (2),
- ClientCredentials (3),
- Custom (5),
- AuthorizationCodeWithProofKey (6),
- HybridWithProofKey (7).

Note: When ClientCredentials flow is used, IDS-Admin will generate a ClientSecret (even if it is not provided in the request); in such case "SharedSecret" secret type without expiration date will be generated.

Claims List\<Claims> Allows settings claims for the client (will be included in the access token)
AccessTokenType AccessTokenType Specifies whether the access token is a reference token or a self contained JWT token (defaults to Jwt)
AccessTokenLifetime int Lifetime of access token in seconds (defaults to 3600 seconds / 1 hour)
AllowedScopes List\<string> Specifies the scopes that the client is allowed to request. If empty, the client can't access any scope
Enabled boolean default = true
RequireConsent boolean Specifies whether a consent screen is required. Defaults to true. If anything to consent the consent screen will be shown after login. Only valid for implicit, hybrid and authorization code flow.
RedirectUris List\<string> Specifies allowed URIs to return tokens or authorization codes to
PostLogoutRedirectUris List\<string> Specifies allowed URIs to redirect to after logout
IdentityTokenLifetime int Lifetime of identity token in seconds (defaults to 300 seconds / 5 minutes)
RefreshTokenExpiration enum Allowed values:
- Absolute(0): the refresh token will expire on a fixed point in time (specified by the AbsoluteRefreshTokenLifetime)
-Sliding(1): when refreshing the token, the lifetime of the refresh token will be renewed (by the amount specified in SlidingRefreshTokenLifetime). The lifetime will not exceed AbsoluteRefreshTokenLifetime.
AbsoluteRefreshTokenLifetime int Maximum lifetime of a refresh token in seconds. Defaults to 2592000 seconds / 30 days
SlidingRefreshTokenLifetime int Sliding lifetime of a refresh token in seconds. Defaults to 1296000 seconds / 15 days
RefreshTokenUsage enum - ReUse(0): the refresh token handle will stay the same when refreshing tokens;
-OneTime(1): the refresh token handle will be updated when refreshing tokens
UserId string - To be used internally for auditing :
UserName string - To be used internally for auditing :
AuthorizationCodeLifetime int Lifetime of authorization code in seconds
AllowAccessToAllScopes boolean By default a client has no access to any scopes - either set to true or specify the supported scopes explicitly via the AllowedScopes property.
AlwaysSendClientClaims boolean If set, the client claims will be sent for every flow. If not, only for client credentials flow. Default is false.
PrefixClientClaims boolean If set, all client claims will be prefixed with client_ to make sure they don't accidentally collide with user claims. Default is true.
IncludeJwtId boolean Specifies whether JWT access tokens should have an embedded unique ID (via the jti claim)

Se also client registration.

ClientSecret properties

Parameter name Parameter type Description
Description string Description of the secret
Expiration DateTimeOffset Expiration time of the secret nullable if never expires
Type string Secret type
Value string Secret value Note: the value of the secret must not be provided by the user in the request. It is always generated on the IDS-Admin side. See secret registration.
## Claim properties
Parameter name Parameter type Description
-------------- -------------- -----------
Issuer string issuer of the claim
OriginalIssuer string original issuer of the claim
Type string claim type
Value string claim value