Update Client - Authlete Documentation

Typescript (SDK)

import { Authlete } from "@authlete/typescript-sdk";

const authlete = new Authlete({
  bearer: process.env["AUTHLETE_BEARER"] ?? "",
});

async function run() {
  const result = await authlete.dynamicClientRegistration.update({
    serviceId: "<id>",
    requestBody: {
      json: "{\"client_name\":\"My Updated Dynamic Client\",\"default_max_age\":0,\"registration_client_uri\":\"https://my-service.example.com/dcr/register/26837717140341\",\"client_id\":\"26837717140341\",\"token_endpoint_auth_method\":\"client_secret_basic\",\"require_pushed_authorization_requests\":false,\"backchannel_user_code_parameter\":false,\"client_secret\":\"bMsjvZm2FE1_mqJgxhmYj_Wr8rA0Pia_A_j-V076qQm6-P1edKB055W579GBe7MSbOdxZ3dJKsKinCtdIFwxpw\",\"tls_client_certificate_bound_access_tokens\":false,\"id_token_signed_response_alg\":\"RS256\",\"subject_type\":\"public\",\"require_signed_request_object\":false}",
      token: "qs4Tu5TV7qqDYT93bFs6ISyhTByMF9o-54GY4JU5vTA",
      clientId: "26837717140341",
    },
  });

  console.log(result);
}

run();

{
  "resultCode": "A213001",
  "resultMessage": "[A213001] The client has been updated.",
  "action": "UPDATED",
  "client": {
    "authTimeRequired": false,
    "bcUserCodeRequired": false,
    "clientId": 26837717140341,
    "clientIdAliasEnabled": false,
    "clientName": "My Updated Dynamic Client",
    "clientSecret": "bMsjvZm2FE1_mqJgxhmYj_Wr8rA0Pia_A_j-V076qQm6-P1edKB055W579GBe7MSbOdxZ3dJKsKinCtdIFwxpw",
    "clientType": "CONFIDENTIAL",
    "createdAt": 1641735467000,
    "defaultMaxAge": 0,
    "developer": "authlete_21653835348762",
    "dynamicallyRegistered": true,
    "frontChannelRequestObjectEncryptionRequired": false,
    "idTokenSignAlg": "RS256",
    "modifiedAt": 1641826276936,
    "number": 6248,
    "parRequired": false,
    "requestObjectEncryptionAlgMatchRequired": false,
    "requestObjectEncryptionEncMatchRequired": false,
    "requestObjectRequired": false,
    "serviceNumber": 5041,
    "subjectType": "PUBLIC",
    "tlsClientCertificateBoundAccessTokens": false,
    "tokenAuthMethod": "CLIENT_SECRET_BASIC"
  },
  "responseContent": "{\\\"default_max_age\\\":0,\\\"registration_client_uri\\\":\\\"https://my-service.example.com/dcr/register/26837717140341\\\",\\\"registration_access_token\\\":\\\"qs4Tu5TV7qqDYT93bFs6ISyhTByMF9o-54GY4JU5vTA\\\",\\\"client_id\\\":\\\"26837717140341\\\",\\\"token_endpoint_auth_method\\\":\\\"client_secret_basic\\\",\\\"require_pushed_authorization_requests\\\":false,\\\"backchannel_user_code_parameter\\\":false,\\\"client_secret\\\":\\\"bMsjvZm2FE1_mqJgxhmYj_Wr8rA0Pia_A_j-V076qQm6-P1edKB055W579GBe7MSbOdxZ3dJKsKinCtdIFwxpw\\\",\\\"client_id_issued_at\\\":1641735467,\\\"tls_client_certificate_bound_access_tokens\\\":false,\\\"client_name\\\":\\\"My Updated Dynamic Client\\\",\\\"id_token_signed_response_alg\\\":\\\"RS256\\\",\\\"subject_type\\\":\\\"public\\\",\\\"client_secret_expires_at\\\":0,\\\"require_signed_request_object\\\":false}"
}

POST

api

{serviceId}

client

registration

update

Typescript (SDK)

import { Authlete } from "@authlete/typescript-sdk";

const authlete = new Authlete({
  bearer: process.env["AUTHLETE_BEARER"] ?? "",
});

async function run() {
  const result = await authlete.dynamicClientRegistration.update({
    serviceId: "<id>",
    requestBody: {
      json: "{\"client_name\":\"My Updated Dynamic Client\",\"default_max_age\":0,\"registration_client_uri\":\"https://my-service.example.com/dcr/register/26837717140341\",\"client_id\":\"26837717140341\",\"token_endpoint_auth_method\":\"client_secret_basic\",\"require_pushed_authorization_requests\":false,\"backchannel_user_code_parameter\":false,\"client_secret\":\"bMsjvZm2FE1_mqJgxhmYj_Wr8rA0Pia_A_j-V076qQm6-P1edKB055W579GBe7MSbOdxZ3dJKsKinCtdIFwxpw\",\"tls_client_certificate_bound_access_tokens\":false,\"id_token_signed_response_alg\":\"RS256\",\"subject_type\":\"public\",\"require_signed_request_object\":false}",
      token: "qs4Tu5TV7qqDYT93bFs6ISyhTByMF9o-54GY4JU5vTA",
      clientId: "26837717140341",
    },
  });

  console.log(result);
}

run();

{
  "resultCode": "A213001",
  "resultMessage": "[A213001] The client has been updated.",
  "action": "UPDATED",
  "client": {
    "authTimeRequired": false,
    "bcUserCodeRequired": false,
    "clientId": 26837717140341,
    "clientIdAliasEnabled": false,
    "clientName": "My Updated Dynamic Client",
    "clientSecret": "bMsjvZm2FE1_mqJgxhmYj_Wr8rA0Pia_A_j-V076qQm6-P1edKB055W579GBe7MSbOdxZ3dJKsKinCtdIFwxpw",
    "clientType": "CONFIDENTIAL",
    "createdAt": 1641735467000,
    "defaultMaxAge": 0,
    "developer": "authlete_21653835348762",
    "dynamicallyRegistered": true,
    "frontChannelRequestObjectEncryptionRequired": false,
    "idTokenSignAlg": "RS256",
    "modifiedAt": 1641826276936,
    "number": 6248,
    "parRequired": false,
    "requestObjectEncryptionAlgMatchRequired": false,
    "requestObjectEncryptionEncMatchRequired": false,
    "requestObjectRequired": false,
    "serviceNumber": 5041,
    "subjectType": "PUBLIC",
    "tlsClientCertificateBoundAccessTokens": false,
    "tokenAuthMethod": "CLIENT_SECRET_BASIC"
  },
  "responseContent": "{\\\"default_max_age\\\":0,\\\"registration_client_uri\\\":\\\"https://my-service.example.com/dcr/register/26837717140341\\\",\\\"registration_access_token\\\":\\\"qs4Tu5TV7qqDYT93bFs6ISyhTByMF9o-54GY4JU5vTA\\\",\\\"client_id\\\":\\\"26837717140341\\\",\\\"token_endpoint_auth_method\\\":\\\"client_secret_basic\\\",\\\"require_pushed_authorization_requests\\\":false,\\\"backchannel_user_code_parameter\\\":false,\\\"client_secret\\\":\\\"bMsjvZm2FE1_mqJgxhmYj_Wr8rA0Pia_A_j-V076qQm6-P1edKB055W579GBe7MSbOdxZ3dJKsKinCtdIFwxpw\\\",\\\"client_id_issued_at\\\":1641735467,\\\"tls_client_certificate_bound_access_tokens\\\":false,\\\"client_name\\\":\\\"My Updated Dynamic Client\\\",\\\"id_token_signed_response_alg\\\":\\\"RS256\\\",\\\"subject_type\\\":\\\"public\\\",\\\"client_secret_expires_at\\\":0,\\\"require_signed_request_object\\\":false}"
}

Full description

This API is supposed to be called from the within the implementation of the client registration management endpoint of the authorization server. The authorization server implementation should retrieve the value of action from the response and take the following steps according to the value.

INTERNAL_SERVER_ERROR

When the value of action is INTERNAL_SERVER_ERROR, it means that the API call from the authorization server implementation was wrong or that an error occurred in Authlete. In either case, from a viewpoint of the client or developer, it is an error on the server side. Therefore, the authorization server implementation should generate a response with “500 Internal Server Error”s and application/json. The value of responseContent is a JSON string which describes the error, so it can be used as the entity body of the response.

The following illustrates the response which the authorization server implementation should generate and return to the client or developer.

HTTP/1.1 500 Internal Server Error
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
&#123;responseContent&#125;

The endpoint implementation may return another different response to the client or developer since “500 Internal Server Error” is not required by the specification.

BAD_REQUEST

When the value of action is BAD_REQUEST, it means that the request from the client or developer was wrong. The authorization server implementation should generate a response with “400 Bad Request” and application/json. The value of responseContent is a JSON string which describes the error, so it can be used as the entity body of the response.

The following illustrates the response which the authorization server implementation should generate and return to the client or developer.

HTTP/1.1 400 Bad Request
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
&#123;responseContent&#125;

UNAUTHORIZED

When the value of action is UNAUTHORIZED, it means that the registration access token used by the client configuration request (RFC 7592) is invalid, or the client application which the token is tied to does not exist any longer or is invalid. The HTTP status of the response returned to the client application must be “401 Unauthorized” and the content type must be application/json. The value of responseContent is a JSON string which describes the error, so it can be used as the entity body of the response.

The following illustrates the response which the endpoint implementation should generate and return to the client application.

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
&#123;responseContent&#125;

NOTE: The UNAUTHORIZED value was added in October, 2021. See the description of Service.unauthorizedOnClientConfigSupported for details.

UPDATED

When the value of action is UPDATED, it means that the request from the client or developer is valid. The authorization server implementation should generate a response to the client or developer with “200 OK” and application/json. The responseContent a JSON string which can be used as the entity body of the response.

The following illustrates the response which the authorization server implementation should generate and return to the client or developer.

HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
&#123;responseContent&#125;

Authorizations

Authorization

string

header

required

Authenticate every request with a Service Access Token or Organization Token. Set the token value in the Authorization: Bearer <token> header.

Service Access Token: Scoped to a single service. Use when automating service-level configuration or runtime flows.

Organization Token: Scoped to the organization; inherits permissions across services. Use for org-wide automation or when managing multiple services programmatically.

Both token types are issued by the Authlete console or provisioning APIs.

Path Parameters

serviceId

string

required

A service ID.

Body

application/json

json

string

required

Client metadata in JSON format that complies with RFC 7591 (OAuth 2.0 Dynamic Client Registration Protocol).

token

string

required

The client registration access token. Used only for GET, UPDATE, and DELETE requests.

clientId

string

required

The client's identifier. Used for GET, UPDATE, and DELETE requests

Response

resultCode

string

The code which represents the result of the API call.

resultMessage

string

A short message which explains the result of the API call.

action

enum<string>

The next action that the authorization server implementation should take.

Available options:

BAD_REQUEST,

CREATED,

DELETED,

INTERNAL_SERVER_ERROR,

OK,

UNAUTHORIZED,

UPDATED

responseContent

string

The content that the authorization server implementation is to return to the client application. Its format varies depending on the value of action parameter.

client

object

Show child attributes

Example:

{
  "number": 1140735077,
  "serviceNumber": 715948317,
  "clientName": "My Test Client",
  "clientId": "1140735077",
  "clientSecret": "gXz97ISgLs4HuXwOZWch8GEmgL4YMvUJwu3er_kDVVGcA0UOhA9avLPbEmoeZdagi9yC_-tEiT2BdRyH9dbrQQ",
  "clientType": "PUBLIC",
  "redirectUris": ["https://example.com/callback"],
  "responseTypes": ["CODE"],
  "grantTypes": ["AUTHORIZATION_CODE"]
}

Get Client Delete Client

Documentation Index

​INTERNAL_SERVER_ERROR

​BAD_REQUEST

​UNAUTHORIZED

​UPDATED

Authorizations

Path Parameters

Body

Response

INTERNAL_SERVER_ERROR

BAD_REQUEST

UNAUTHORIZED

UPDATED