Identity Cloud

Client application registration

OAuth 2.0 or OpenID Connect client applications must register with Identity Cloud before they can connect.

Registration involves setting up a client application profile in one of the following ways:

Shared application settings

To define shared settings for multiple client application profiles, you have these alternatives:

  • Configure default settings for all clients in the realm.

    Client applications inherit their default settings from the OAuth 2.0 provider service. Find the settings in the AM admin UI under Realms > Realm Name > Services > OAuth2 Provider.

  • Create an OAuth 2.0 client profile group.

    Client applications that belong to the group can inherit its settings.

Create group settings

  1. In the AM admin UI, go to Realms > Realm Name > Applications > OAuth 2.0 > Clients.

  2. On the Groups tab, click + Add Group, and click Create.

  3. Adjust the configuration as needed, saving changes on each tab.

  4. Assign clients to the group.

Inherit group settings

  1. In the AM admin UI, go to Realms > Realm Name > Applications > OAuth 2.0 > Clients > Client ID.

  2. On the Core tab, select the Group in the drop-down.

  3. Save your work.

    Selecting a group refreshes the client configuration, discarding any other unsaved settings.

    Inheritance icons appear next to inherited group settings. Not all properties can inherit their value; for example, the Client secret property is specific to each client application.

    Set a client application’s group to inherit settings.
    Figure 1. Inheriting group settings
  4. Inherit settings by clicking their inheritance icons .

    The icon changes to , indicating the setting is inherited.

  5. Save your work.

Configuration changes have the following effects:

  • When you change inherited settings in the group, the client applications get them automatically.

  • When you change a client application’s Group, locked settings inherit from the new group.

  • When you remove or delete a group, AM writes inherited settings to the client profile, which you can edit independently.

Copyright © 2010-2023 ForgeRock, all rights reserved.