Post Create Generic O Auth2 Client

Post Create Generic O Auth2 Client

This endpoint is used to define a new OAuth2 Client on VMware Identity Manager. An OAuth2 Client can be a Service Client('client credentials' OAuth2 grant type), or a User Client('authorization_code' or 'password' OAuth2 grant types). This definition will enable a service or its users to authenticate to VMware Identity Manager using the OAuth2 protocol.

Request
URI
POST
https://{api_host}//SAAS/jersey/manager/api/oauth2clients
COPY
Authentication
This operation uses the following authentication methods.
Responses
201

successful operation

Returns OAuth2ClientTypeInfo of type(s) application/vnd.vmware.horizon.manager.oauth2client+json
{
    "accessTokenTTL": 10080,
    "tokenType": "Bearer",
    "displayUserGrant": false,
    "strData": "1.1.1.1:8080",
    "rememberAs": "my application client credentials oauth2 client",
    "tokenLength": 32,
    "clientId": "my-auth-grant-client1",
    "internalSystemClient": false,
    "secret": "my-auth-grant-client1-secret",
    "refreshTokenTTL": 525600,
    "inheritanceAllowed": true,
    "resourceUuid": "9e70bee8-3a55-4413-8418-454e7278093e",
    "activationToken": "eyJvdGEiOiIzOkhyYUwzQ2hTWGJKd3hzSnNCdkc2cjM0eDZDRng4blFkIiwidXJsIjoiaHR0cHM6Ly9ndy1hYS5ocy50cmNpbnQuY29tLyIsInRpZCI6Imd3LWFhIn0=",
    "scope": "admin user openid profile email",
    "authGrantTypes": "authorization_code client_credentials password",
    "redirectUri": "https://*.hostname1.com/auth/* https://*.hostname2.com/auth/*",
    "refreshTokenIdleTTL": 525600
}
integer As int32 As int32
accessTokenTTL
Optional

How long in minutes new access tokens issued to this client should live

string
tokenType
Optional

type of the tokens that can be requested

boolean
displayUserGrant
Optional

Indicates whether to display grant page to user or not. If the value is set to false, then access is granted to clients according to org policy without asking user. Default is 'true'

string
strData
Optional

General purpose data bucket for storing additional data for a client, such as agent ip and port

string
rememberAs
Optional

A friendly name this native app/device is remembered as. Set by the admin

integer As int32 As int32
tokenLength
Optional

The length of the refresh token to be returned in bytes (only applicable if authGrantTypes includes "refresh_token"). Currently the refresh token length is constant and this value is ignored.

string
clientId
Required

The OAuth 2.0 Client identifier that the client uses to identify itself during the OAuth2 exchanges. The client ID must contain only alphanumeric (A-Z, a-z, 0-9), period (.), underscore (_), hyphen (-) and at sign (@) characters

boolean
internalSystemClient
Optional

When set to true, OAuth2 Client will become undeletable from the VMware Identity Admin UI. Default is 'false'

string
secret
Optional

The OAuth 2.0 Client secret (a string provided by an admin or a VMware Identity Manager auto-generated string). If secret string not provided, an auto-generated secret will be returned. Secret field is mandatory in Authorization Code and Client Credentials Grant flows. If the secret field is omitted or left blank in Resource Owner grant flow, no secret will be required to authenticate the client

integer As int32 As int32
refreshTokenTTL
Optional

How long in minutes new refresh tokens issued to this client should live (only applicable if authGrantTypes includes "refresh_token")

object
_links
Optional

_links

boolean
inheritanceAllowed
Optional

If set to 'true' will allow the child tenants to look up clientId and secret at the root level. Default is 'false'

string As uuid As uuid
resourceUuid
Optional

UUID of a VMware Identity application. Only users who are entitled to this application will be able to authenticate via this client.

string
activationToken
Optional

A one time token that can be used to securely activate an application with the client id and secret. Generating an activation token is currently not supported through this API

string
scope
Required

list of space-delimited access request scopes that are allowed by this OAuth 2.0 Client. Available scope options are: admin- Admin Level Access, user - User Level Access, profile - Access to User's profile (FirstName//LastName//Display Name//Image), email - Access to User's Email, uuid - Access for a specific application/resource which matches this UUID

string
authGrantTypes
Required

list of space-delimited Oauth 2.0 Access Grant Types that are enabled in this OAuth 2.0 Client. Available Grant types are: authorization_code client_credentials password

string
redirectUri
Optional

A space/comma separated list of absolute URIs of application endpoints that are allowed to receive the authorization code and access token. The redirect_uri sent by the application as part of the Authorization Code Grant Oauth 2.0 flow is verified against this list. A Wildcard can be substituted for any string to skip the check for a particular URL section

integer As int32 As int32
refreshTokenIdleTTL
Optional

How long in minutes new refresh tokens issued to this client can idle (only applicable if authGrantTypes includes "refresh_token"), its value should be less than refresh token ttl value


400

Invalid provided OAuth2 client information. Could be unpermitted characters in client id, invalid scope string, redirect uri missing or not in a url format in an authorization_code grant client, invalid grant type etc.

Operation doesn't return any data structure

500

If an unexpected error occurred or if client id already exists

Operation doesn't return any data structure