/realm-config/agents/OAuth2Client
AM-specific endpoint that lets AM and agent administrators create, list, and delete OAuth 2.0 clients.
Tip
Use the AM API Explorer for detailed information about the parameters supported by this endpoint, and to test it against your deployed AM instance.
In the AM console, select the Help icon, and then navigate to API Explorer > /realm-config > /agents > /OAuth2Client.
The following example shows how to create a basic OAuth 2.0 client named myClient
in a subrealm of the Top Level Realm named subrealm1
. Note that you must provide the SSO token of an administrative user as a header, and that the name of the client is appended to the URL:
$curl \ --request PUT \ --header "Accept-API-Version: resource=1.0" \ --header "Content-Type: application/json" \ --header "Accept: application/json" \ --header "iplanetDirectoryPro: AQIC5wM...3MTYxOA..*" \ --data '{ "coreOAuth2ClientConfig":{ "agentgroup":"", "status":{ "inherited":true, "value":"string" }, "userpassword":"forgerock", "clientType":{ "inherited":false, "value":"Confidential" }, "redirectionUris":{ "inherited":false, "value":[ "https://www.example.com:443/callback" ] }, "scopes":{ "inherited":false, "value":[ "write", "read" ] }, "defaultScopes":{ "inherited":true, "value":[ "write" ] }, "clientName":{ "inherited":true, "value":[ "My Test Client" ] } }, "advancedOAuth2ClientConfig":{ "name":{ "inherited":false, "value":[ null ] }, "grantTypes":{ "inherited":true, "value":[ "authorization_code", "client_credentials" ] }, "tokenEndpointAuthMethod":{ "inherited":true, "value":"client_secret_basic" } } }' \ "https://openam.example.com:8443/openam/json/realms/root/realms/subrealm1/realm-config/agents/OAuth2Client/testClient"
{ "_id":"testClient", "_rev":"-60716879", "advancedOAuth2ClientConfig":{ "descriptions":{ "inherited":false, "value":[ ] }, ... "clientType":{ "inherited":false, "value":"Confidential" }, ... "_type":{ "_id":"OAuth2Client", "name":"OAuth2 Clients", "collection":true } }
The following example shows how to delete an OAuth 2.0 client named myClient
in a subrealm of the Top Level Realm named subrealm1
. Note that you must provide the SSO token of an administrative user as a header, and that the name of the client is appended to the URL:
$curl \ --request DELETE \ --header "Accept-API-Version: resource=1.0" \ --header "iplanetDirectoryPro: AQIC5wM...3MTYxOA..*" \ "https://openam.example.com:8443/openam/json/realms/root/realm-config/agents/OAuth2Client/myClient"
{ "_id":"testClient", "_rev":"-60716879", "advancedOAuth2ClientConfig":{ "descriptions":{ "inherited":false, "value":[ ] }, ... "clientType":{ "inherited":false, "value":"Confidential" }, ... "_type":{ "_id":"OAuth2Client", "name":"OAuth2 Clients", "collection":true } }
You can use a similar PUT command to the one above to update an existing OAuth 2.0 client. However, ensure that you include all the attributes to be retained. Omitting an attribute in the resource amounts to deleting the attribute.