Configure an OIDC Client
Configures an OIDC Verifier Client on your tenant.
In order to verify a credential using an OpenID Connect Authorization Code Flow, you need to set up an OIDC Client application. This is the client that will engage with your configured OIDC Verifier to inititate the verification workflow. There is a list of OIDC Client apps, also known as Relying Party Libraries, on the OpenID website. Pick one which you feel comfortable with.
When dealing with personal identity information it is strongly recommended to follow the Authorization Code Flow which ensures sensitive data is transmitted via the
/tokenendpoint back-channel.
Analytic events
- OIDC_VERIFIER_CLIENT_CREATE_START
- OIDC_VERIFIER_CLIENT_CREATE_SUCCESS
- OIDC_VERIFIER_CLIENT_CREATE_FAIL
Request Body schema: application/jsonrequired
The client payload
| name required | string Insert a meaningful name for your OIDC Client. |
| redirectUris required | Array of strings <uri> This array can include a list of URLs. One of the URIs in that list must match the callback URI configured for your OIDC Client for the Authorization Request:
|
| responseTypes | Array of strings Determines the authorization processing flow. |
| grantTypes | Array of strings OAuth Grant Type. |
| tokenEndpointAuthMethod | string OAuth Token Endpoint Authentication Method. |
| idTokenSignedResponseAlg required | string Algorithm must match configured jwks. Defaults to |
| applicationType | string |
| logoUri | string <uri> The logo to display above the QR code. |
OIDC Client configured
Bad Request
- Payload
- curl
- Node.js
- JavaScript
- Python
- C#
- Java
{- "name": "OIDC Client for the verifier",
- "responseTypes": [
- "code"
], - "grantTypes": [
- "authorization_code"
], - "tokenEndpointAuthMethod": "client_secret_post",
- "idTokenSignedResponseAlg": "ES256",
- "applicationType": "web",
}
- 201
- 400
{- "id": "da9bb6e4-c9ae-4468-b6ac-72b90d6efd5d",
- "secret": "H2epdcmNJ46hXJo5opdzvhbZK9W2ZGPkQh.E",
- "name": "OIDC Client for the verifier",
- "responseTypes": [
- "code"
], - "grantTypes": [
- "authorization_code"
], - "tokenEndpointAuthMethod": "client_secret_post",
- "idTokenSignedResponseAlg": "ES256",
- "applicationType": "web",
}Retrieve all OIDC Clients
Returns a list of all OIDC Verifier Clients on the Tenant.
Analytic events
- OIDC_VERIFIER_CLIENT_RETRIEVE_LIST_START
- OIDC_VERIFIER_CLIENT_RETRIEVE_LIST_SUCCESS
- OIDC_VERIFIER_CLIENT_RETRIEVE_LIST_FAIL
OIDC Clients retrieved
Bad Request
- curl
- Node.js
- JavaScript
- Python
- C#
- Java
- 200
- 400
{- "nextCursor": "Y3JlYXRlZEF0PTIwMjAtMDgtMjVUMDY6NDY6MDkuNTEwWiZpZD1hNjZmZmVhNS04NDhlLTQzOWQtODBhNC1kZGE1NWY1M2UzNmM",
- "data": {
- "id": "da9bb6e4-c9ae-4468-b6ac-72b90d6efd5d",
- "secret": "H2epdcmNJ46hXJo5opdzvhbZK9W2ZGPkQh.E",
- "name": "OIDC Client for the verifier",
- "responseTypes": [
- "code"
], - "grantTypes": [
- "authorization_code"
], - "tokenEndpointAuthMethod": "client_secret_post",
- "idTokenSignedResponseAlg": "ES256",
- "applicationType": "web",
}
}Retrieve an OIDC Client
Retrieves an existing OIDC Verifier Client by providing its ID.
Analytic events
- OIDC_VERIFIER_CLIENT_RETRIEVE_START
- OIDC_VERIFIER_CLIENT_RETRIEVE_SUCCESS
- OIDC_VERIFIER_CLIENT_RETRIEVE_FAIL
OIDC Verifier Client retrieved
Bad Request
OIDC Verifier Client not found
- curl
- Node.js
- JavaScript
- Python
- C#
- Java
- 200
- 400
- 404
{- "id": "da9bb6e4-c9ae-4468-b6ac-72b90d6efd5d",
- "secret": "H2epdcmNJ46hXJo5opdzvhbZK9W2ZGPkQh.E",
- "name": "OIDC Client for the verifier",
- "responseTypes": [
- "code"
], - "grantTypes": [
- "authorization_code"
], - "tokenEndpointAuthMethod": "client_secret_post",
- "idTokenSignedResponseAlg": "ES256",
- "applicationType": "web",
}Update an OIDC Client
Updates an existing OIDC Verifier Client by providing its ID.
Analytic events
- OIDC_VERIFIER_CLIENT_UPDATE_START
- OIDC_VERIFIER_CLIENT_UPDATE_SUCCESS
- OIDC_VERIFIER_CLIENT_UPDATE_FAIL
path Parameters
Request Body schema: application/jsonrequired
Update a client
| name required | string Insert a meaningful name for your OIDC Client. |
| redirectUris required | Array of strings <uri> This array can include a list of URLs. One of the URIs in that list must match the callback URI configured for your OIDC Client for the Authorization Request:
|
| responseTypes | Array of strings Determines the authorization processing flow. |
| grantTypes | Array of strings OAuth Grant Type. |
| tokenEndpointAuthMethod | string OAuth Token Endpoint Authentication Method. |
| idTokenSignedResponseAlg required | string Algorithm must match configured jwks. Defaults to |
| applicationType | string |
| logoUri | string <uri> The logo to display above the QR code. |
OIDC Verifier Client updated
Bad Request
OIDC Verifier Client not found
- Payload
- curl
- Node.js
- JavaScript
- Python
- C#
- Java
{- "name": "OIDC Client for the verifier",
- "responseTypes": [
- "code"
], - "grantTypes": [
- "authorization_code"
], - "tokenEndpointAuthMethod": "client_secret_post",
- "idTokenSignedResponseAlg": "ES256",
- "applicationType": "web",
}- 200
- 400
- 404
{- "id": "da9bb6e4-c9ae-4468-b6ac-72b90d6efd5d",
- "secret": "H2epdcmNJ46hXJo5opdzvhbZK9W2ZGPkQh.E",
- "name": "OIDC Client for the verifier",
- "responseTypes": [
- "code"
], - "grantTypes": [
- "authorization_code"
], - "tokenEndpointAuthMethod": "client_secret_post",
- "idTokenSignedResponseAlg": "ES256",
- "applicationType": "web",
}Delete an OIDC Client
Deletes an existing OIDC Verifier Client by providing its ID.
Analytic events
- OIDC_VERIFIER_CLIENT_DELETE_START
- OIDC_VERIFIER_CLIENT_DELETE_SUCCESS
- OIDC_VERIFIER_CLIENT_DELETE_FAIL
OIDC Verifier Client deleted.
Bad Request
OIDC Verifier Client not found
- curl
- Node.js
- JavaScript
- Python
- C#
- Java
- 400
- 404
{- "code": "BadRequest",
- "message": "Validation Error",
- "details": [
- {
- "location": "params",
- "msg": "Invalid value",
- "param": "clientId",
- "value": "abc"
}
]
}