Field | Description |
Name | Name of a third-party provider. For example, Amazon. You can also use one of the following pre-configured third-party providers that is shipped with the API Gateway installation: OKTA PingFederate Note: Considerations while using the PingFederate providers: If you want to use the pre-configured PingFederate provider, you have to use the Admin APIs for dynamic client registration for registering clients. If you want to use the DCR API, you can create a provider to use DCR API. But, you cannot update or delete the clients created using the DCR API. |
Client metadata field mapping. Specifies the mapping of dynamic client registration specification to that of the client implementation of the provider. The Client metadata field mapping fields are required when you are adding a third-party provider that is not shipped with API Gateway. | |
Specification name | The client metadata attributes in accordance with the dynamic client registration specification as defined in RFC 7591. The available values are: redirect_uris. Redirection URL that the authorization server uses to redirect the authorization code once the authorization request is approved by end user. Note: If you do not specify this attribute, API Gateway automatically generates the URL. token_endpoint_auth_method. The client authentication method at the token endpoint. grant_types. The grant type of authorization flow to obtain authorization codes, ID tokens, and refresh tokens. application_type response_types. The type of response that the client application uses at the authorization endpoint. client_name. Name of the client to use to represent the client application to the end user during authorization. client_uri. URL of the client application. logo_uri. URL of an image to use to represent the client application to the end user during authorization. Note: The logo_uri is currently not supported in API Gateway. scope. List of user-authorized scopes that the client uses for requesting access tokens. Note: If you do not specify this attribute, the authorization server registers the client with a default set of scopes. contacts. The means (for example, Email address) by which end users can contact the client for support requests. tos_uri. URL of the service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client. Note: The tos_uri is currently not supported in API Gateway. jwks_uri. URL of the JSON Web Key (JWK) Set document containing the client's public keys. Note: The jwks_uri is currently not supported in API Gateway. client_id. Identifier that is unique to the client application. client_secret. The password or phrase for the client application to use to authorize communication with the end user. |
Implementation name | The client metadata attributes that are used by the authorization server, but are not in accordance with the dynamic client registration specification. Example: For the redirect_uris field, provide the value redirectUris. For the grant_types field, provide the value grantTypes. For the client_name field, provide the value name. For the logo_uri field, provide the value logoUrl. For the client_id field, provide the value clientId. For the client_secret field, provide the value secret. |
Extended request parameters. Specifies the additional client metadata attributes that are specific to the authorization server, and are not specified in the dynamic client registration specification. In PingFederate (For example): forceSecretChange = true | |
Type | Specifies the client metadata attribute type. The available values are: Client read, Client registration, Client update, Client delete. |
Key | The client metadata attribute key that is specific to the authorization server. |
Value | A value for the client metadata attribute key. When sending requests to the authorization server, this value is appended to all requests. |