Register Client - Authlete Documentation

Typescript (SDK)

import { Authlete } from "@authlete/typescript-sdk";

const authlete = new Authlete({
  bearer: process.env["AUTHLETE_BEARER"] ?? "",
});

async function run() {
  const result = await authlete.dynamicClientRegistration.register({
    serviceId: "<id>",
    requestBody: {
      json: "{ \"client_name\": \"My Dynamic Client\" }",
    },
  });

  console.log(result);
}

run();

{
  "resultCode": "A202001",
  "resultMessage": "[A202001] The client was created with id 26837717140341.",
  "action": "CREATED",
  "client": {
    "authTimeRequired": false,
    "bcUserCodeRequired": false,
    "clientId": 26837717140341,
    "clientIdAliasEnabled": false,
    "clientName": "My Dynamic Client",
    "clientSecret": "bMsjvZm2FE1_mqJgxhmYj_Wr8rA0Pia_A_j-V076qQm6-P1edKB055W579GBe7MSbOdxZ3dJKsKinCtdIFwxpw",
    "clientType": "CONFIDENTIAL",
    "createdAt": 1641735467000,
    "defaultMaxAge": 0,
    "developer": "authlete_21653835348762",
    "dynamicallyRegistered": true,
    "frontChannelRequestObjectEncryptionRequired": false,
    "idTokenSignAlg": "RS256",
    "modifiedAt": 1641735467013,
    "number": 6248,
    "parRequired": false,
    "requestObjectEncryptionAlgMatchRequired": false,
    "requestObjectEncryptionEncMatchRequired": false,
    "requestObjectRequired": false,
    "serviceNumber": 5041,
    "subjectType": "PUBLIC",
    "tlsClientCertificateBoundAccessTokens": false,
    "tokenAuthMethod": "CLIENT_SECRET_BASIC"
  },
  "responseContent": "{\\\"default_max_age\\\":0,\\\"registration_client_uri\\\":\\\"https://my-service.example.com/dcr/register/26837717140341\\\",\\\"registration_access_token\\\":\\\"qs4Tu5TV7qqDYT93bFs6ISyhTByMF9o-54GY4JU5vTA\\\",\\\"client_id\\\":\\\"26837717140341\\\",\\\"token_endpoint_auth_method\\\":\\\"client_secret_basic\\\",\\\"require_pushed_authorization_requests\\\":false,\\\"backchannel_user_code_parameter\\\":false,\\\"client_secret\\\":\\\"bMsjvZm2FE1_mqJgxhmYj_Wr8rA0Pia_A_j-V076qQm6-P1edKB055W579GBe7MSbOdxZ3dJKsKinCtdIFwxpw\\\",\\\"client_id_issued_at\\\":1641735467,\\\"tls_client_certificate_bound_access_tokens\\\":false,\\\"client_name\\\":\\\"My Dynamic Client\\\",\\\"id_token_signed_response_alg\\\":\\\"RS256\\\",\\\"subject_type\\\":\\\"public\\\",\\\"client_secret_expires_at\\\":0,\\\"require_signed_request_object\\\":false}"
}

POST

api

{serviceId}

client

registration

Typescript (SDK)

import { Authlete } from "@authlete/typescript-sdk";

const authlete = new Authlete({
  bearer: process.env["AUTHLETE_BEARER"] ?? "",
});

async function run() {
  const result = await authlete.dynamicClientRegistration.register({
    serviceId: "<id>",
    requestBody: {
      json: "{ \"client_name\": \"My Dynamic Client\" }",
    },
  });

  console.log(result);
}

run();

{
  "resultCode": "A202001",
  "resultMessage": "[A202001] The client was created with id 26837717140341.",
  "action": "CREATED",
  "client": {
    "authTimeRequired": false,
    "bcUserCodeRequired": false,
    "clientId": 26837717140341,
    "clientIdAliasEnabled": false,
    "clientName": "My Dynamic Client",
    "clientSecret": "bMsjvZm2FE1_mqJgxhmYj_Wr8rA0Pia_A_j-V076qQm6-P1edKB055W579GBe7MSbOdxZ3dJKsKinCtdIFwxpw",
    "clientType": "CONFIDENTIAL",
    "createdAt": 1641735467000,
    "defaultMaxAge": 0,
    "developer": "authlete_21653835348762",
    "dynamicallyRegistered": true,
    "frontChannelRequestObjectEncryptionRequired": false,
    "idTokenSignAlg": "RS256",
    "modifiedAt": 1641735467013,
    "number": 6248,
    "parRequired": false,
    "requestObjectEncryptionAlgMatchRequired": false,
    "requestObjectEncryptionEncMatchRequired": false,
    "requestObjectRequired": false,
    "serviceNumber": 5041,
    "subjectType": "PUBLIC",
    "tlsClientCertificateBoundAccessTokens": false,
    "tokenAuthMethod": "CLIENT_SECRET_BASIC"
  },
  "responseContent": "{\\\"default_max_age\\\":0,\\\"registration_client_uri\\\":\\\"https://my-service.example.com/dcr/register/26837717140341\\\",\\\"registration_access_token\\\":\\\"qs4Tu5TV7qqDYT93bFs6ISyhTByMF9o-54GY4JU5vTA\\\",\\\"client_id\\\":\\\"26837717140341\\\",\\\"token_endpoint_auth_method\\\":\\\"client_secret_basic\\\",\\\"require_pushed_authorization_requests\\\":false,\\\"backchannel_user_code_parameter\\\":false,\\\"client_secret\\\":\\\"bMsjvZm2FE1_mqJgxhmYj_Wr8rA0Pia_A_j-V076qQm6-P1edKB055W579GBe7MSbOdxZ3dJKsKinCtdIFwxpw\\\",\\\"client_id_issued_at\\\":1641735467,\\\"tls_client_certificate_bound_access_tokens\\\":false,\\\"client_name\\\":\\\"My Dynamic Client\\\",\\\"id_token_signed_response_alg\\\":\\\"RS256\\\",\\\"subject_type\\\":\\\"public\\\",\\\"client_secret_expires_at\\\":0,\\\"require_signed_request_object\\\":false}"
}

Full description

This API is supposed to be called from the within the implementation of the client registration endpoint of the authorization server. The authorization server implementation should retrieve the value of action from the response and take the following steps according to the value.

INTERNAL_SERVER_ERROR

When the value of action is INTERNAL_SERVER_ERROR, it means that the API call from the authorization server implementation was wrong or that an error occurred in Authlete. In either case, from a viewpoint of the client or developer, it is an error on the server side. Therefore, the authorization server implementation should generate a response with “500 Internal Server Error”s and application/json. The value of responseContent is a JSON string which describes the error, so it can be used as the entity body of the response.

The following illustrates the response which the authorization server implementation should generate and return to the client or developer.

HTTP/1.1 500 Internal Server Error
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
&#123;responseContent&#125;

The endpoint implementation may return another different response to the client or developer since “500 Internal Server Error” is not required by the specification.

BAD_REQUEST

When the value of action is BAD_REQUEST, it means that the request from the client or developer was wrong. The authorization server implementation should generate a response with “400 Bad Request” and application/json. The value of responseContent is a JSON string which describes the error, so it can be used as the entity body of the response.

The following illustrates the response which the authorization server implementation should generate and return to the client or developer.

HTTP/1.1 400 Bad Request
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
&#123;responseContent&#125;

CREATED

When the value of action is CREATED, it means that the request from the client or developer is valid. The authorization server implementation should generate a response to the client or developer with “201 CREATED” and application/json. The responseContent a JSON string which can be used as the entity body of the response.

The following illustrates the response which the authorization server implementation should generate and return to the client or developer.

HTTP/1.1 201 CREATED
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
&#123;responseContent&#125;

Authorizations

Authorization

string

header

required

Authenticate every request with a Service Access Token or Organization Token. Set the token value in the Authorization: Bearer <token> header.

Service Access Token: Scoped to a single service. Use when automating service-level configuration or runtime flows.

Organization Token: Scoped to the organization; inherits permissions across services. Use for org-wide automation or when managing multiple services programmatically.

Both token types are issued by the Authlete console or provisioning APIs.

Path Parameters

serviceId

string

required

A service ID.

Body

application/json

json

string

required

Client metadata in JSON format that complies with RFC 7591 (OAuth 2.0 Dynamic Client Registration Protocol).

token

string

The client registration access token. Used only for GET, UPDATE, and DELETE requests.

clientId

string

The client's identifier. Used for GET, UPDATE, and DELETE requests

Response

Client registration completed successfully

resultCode

string

The code which represents the result of the API call.

resultMessage

string

A short message which explains the result of the API call.

action

enum<string>

The next action that the authorization server implementation should take.

Available options:

BAD_REQUEST,

CREATED,

DELETED,

INTERNAL_SERVER_ERROR,

OK,

UNAUTHORIZED,

UPDATED

responseContent

string

The content that the authorization server implementation is to return to the client application. Its format varies depending on the value of action parameter.

client

object

Show child attributes

Example:

{
  "number": 1140735077,
  "serviceNumber": 715948317,
  "clientName": "My Test Client",
  "clientId": "1140735077",
  "clientSecret": "gXz97ISgLs4HuXwOZWch8GEmgL4YMvUJwu3er_kDVVGcA0UOhA9avLPbEmoeZdagi9yC_-tEiT2BdRyH9dbrQQ",
  "clientType": "PUBLIC",
  "redirectUris": ["https://example.com/callback"],
  "responseTypes": ["CODE"],
  "grantTypes": ["AUTHORIZATION_CODE"]
}

Get JWK Set Get Client

Authlete

​INTERNAL_SERVER_ERROR

​BAD_REQUEST

​CREATED

Authorizations

Path Parameters

Body

Response

INTERNAL_SERVER_ERROR

BAD_REQUEST

CREATED