BrokerOAuth2ClientMedia

Id of the client, it's auto-generated on client creation and cannot be updated.

OAuth 2.0 Client secret (a string provided by an admin or a VMware Identity Manager auto-generated string). If secret string not provided, an auto-generated secret will be returned. For additional security, stored secret will not be returned in get/update API responses Secret field is mandatory in Authorization Code and Client Credentials Grant flows. If the secret field is omitted or left blank in Resource Owner grant flow, no secret will be required to authenticate the client.

Array of access request scopes that are allowed by this OAuth 2.0 Client. Available scope options are: admin - Admin Level Access, user - User Level Access, profile - Access to User's profile (FirstName//LastName//Display Name//Image), email - Access to User's Email

The resource HATEOAS links. Usually includes a "self" link for this resource

OAuth 2.0 Client identifier that the client uses to identify itself during the OAuth2 exchanges. The client ID must contain only alphanumeric (A-Z, a-z, 0-9), period (.), underscore (_), hyphen (-) and at sign (@) characters

How long in minutes new access tokens issued to this client should live

How long in minutes new refresh tokens issued to this client should live. Only applicable if grant_types includes "refresh_token".

How long in minutes new refresh tokens issued to this client can be idle. Only applicable if grant_types includes "refresh_token". Its value should be less than the refresh token TTL value

Indicates how long in minutes until primary secret will retire automatically. Default value if left unspecified is 24 hours. This cannot be updated later on. Maximum allowed value is 7 days. IMPORTANT! This field cannot be set during POST Calls, but can be set in PATCH requests.

Indicates expiry time of the primary secret if secret rotation was initiated for this client. Expiry duration can be specified using primarySecretAutoRetireDuration when initiating rotation. Value is specified in UTC timezone. This field is readonly

Indicates whether the update request initiates a client secret rotation. Default is 'false' If this flag is set and no secondary secret is provided in the request, an auto-generated secret will be returned. Rotation will be completed automatically after primary_secret_auto_retire_duration or can be invoked before this period explicitly using endRotate api. Caution: Primary secret will auto-expire in 24 hours unless primary_secret_auto_retire_duration is explicitly specified. IMPORTANT! This field cannot be set during POST Calls, but can be set in PATCH requests.

Array of OAuth 2.0 Access Grant Types that are enabled in this OAuth 2.0 Client. Available Grant types are: authorization_code client_credentials password

Array of absolute URIs of application endpoints that are allowed to receive the authorization code and access token. The redirect_uri sent by the application as part of the Authorization Code Grant Oauth 2.0 flow is verified against this list. A Wildcard can be substituted for any string to skip the check for a particular URL section

Array of absolute URLs supplied by the RP to which it MAY request that the End-User's User Agent be redirected using the post_logout_redirect_uri parameter after a logout has been performed. These URLs SHOULD use the https scheme and MAY contain port, path, and query parameter components; however, they MAY use the http scheme, provided that the Client Type is confidential. A Wildcard can be substituted for any string to skip the check for a particular URL section.

Array of built in rule set names to associate this client with. Each ruleset, allows the client to call a specific set of tenant APIs. TENANT_ADMIN - Allows the client to call all the tenant APIs. READ_ONLY_TENANT_ADMIN - Allows the client to call all the tenant read only APIs (i.e., APIs that doesn't make any changes). IDP_AND_DIRECTORY_ADMIN - Allows the client to call all the tenant Identity Providers and Directories APIs.