OAuth2ClientTypeInfo
OAuth 2.0 Client Settings
{
"accessTokenTTL": 10080,
"tokenType": "Bearer",
"displayUserGrant": false,
"strData": "1.1.1.1:8080",
"rememberAs": "my application client credentials oauth2 client",
"tokenLength": 32,
"clientId": "my-auth-grant-client1",
"internalSystemClient": false,
"secret": "my-auth-grant-client1-secret",
"refreshTokenTTL": 525600,
"inheritanceAllowed": true,
"resourceUuid": "9e70bee8-3a55-4413-8418-454e7278093e",
"activationToken": "eyJvdGEiOiIzOkhyYUwzQ2hTWGJKd3hzSnNCdkc2cjM0eDZDRng4blFkIiwidXJsIjoiaHR0cHM6Ly9ndy1hYS5ocy50cmNpbnQuY29tLyIsInRpZCI6Imd3LWFhIn0=",
"scope": "admin user openid profile email",
"authGrantTypes": "authorization_code client_credentials password",
"redirectUri": "https://*.hostname1.com/auth/* https://*.hostname2.com/auth/*",
"refreshTokenIdleTTL": 525600
}How long in minutes new access tokens issued to this client should live
type of the tokens that can be requested
Indicates whether to display grant page to user or not. If the value is set to false, then access is granted to clients according to org policy without asking user. Default is 'true'
General purpose data bucket for storing additional data for a client, such as agent ip and port
A friendly name this native app/device is remembered as. Set by the admin
The length of the refresh token to be returned in bytes (only applicable if authGrantTypes includes "refresh_token"). Currently the refresh token length is constant and this value is ignored.
The OAuth 2.0 Client identifier that the client uses to identify itself during the OAuth2 exchanges. The client ID must contain only alphanumeric (A-Z, a-z, 0-9), period (.), underscore (_), hyphen (-) and at sign (@) characters
When set to true, OAuth2 Client will become undeletable from the VMware Identity Admin UI. Default is 'false'
The OAuth 2.0 Client secret (a string provided by an admin or a VMware Identity Manager auto-generated string). If secret string not provided, an auto-generated secret will be returned. Secret field is mandatory in Authorization Code and Client Credentials Grant flows. If the secret field is omitted or left blank in Resource Owner grant flow, no secret will be required to authenticate the client
How long in minutes new refresh tokens issued to this client should live (only applicable if authGrantTypes includes "refresh_token")
_links
If set to 'true' will allow the child tenants to look up clientId and secret at the root level. Default is 'false'
UUID of a VMware Identity application. Only users who are entitled to this application will be able to authenticate via this client.
A one time token that can be used to securely activate an application with the client id and secret. Generating an activation token is currently not supported through this API
list of space-delimited access request scopes that are allowed by this OAuth 2.0 Client. Available scope options are: admin- Admin Level Access, user - User Level Access, profile - Access to User's profile (FirstName//LastName//Display Name//Image), email - Access to User's Email, uuid - Access for a specific application/resource which matches this UUID
list of space-delimited Oauth 2.0 Access Grant Types that are enabled in this OAuth 2.0 Client. Available Grant types are: authorization_code client_credentials password
A space/comma separated list of absolute URIs of application endpoints that are allowed to receive the authorization code and access token. The redirect_uri sent by the application as part of the Authorization Code Grant Oauth 2.0 flow is verified against this list. A Wildcard can be substituted for any string to skip the check for a particular URL section
How long in minutes new refresh tokens issued to this client can idle (only applicable if authGrantTypes includes "refresh_token"), its value should be less than refresh token ttl value