Identity Cloud

Client application registration

OAuth 2.0 or OIDC client applications must register with Identity Cloud before they can connect.

Registration involves setting up a client application profile in one of the following ways:

Shared application settings

To define shared settings for multiple client application profiles, you have these alternatives:

  • Configure default settings for all clients in the realm.

    Client applications inherit their default settings from the OAuth 2.0 provider service. Find the settings under Native Consoles > Access Management > Realms > Realm Name > Services > OAuth2 Provider#.

  • Create an OAuth 2.0 client profile group.

    Client applications that belong to the group can inherit its settings.

Create group settings

  1. Under Native Consoles > Access Management, go to Realms > Realm Name > Applications > OAuth 2.0 > Clients.

  2. On the Groups tab, click + Add Group, and click Create.

  3. Adjust the configuration as needed, saving changes on each tab.

  4. Assign clients to the group.

Inherit group settings

  1. Under Native Consoles > Access Management, go to Realms > Realm Name > Applications > OAuth 2.0 > Clients > Client ID.

  2. On the Core tab, select the Group in the drop-down.

  3. Save your work.

    Selecting a group refreshes the client configuration, discarding any other unsaved settings.

    Inheritance icons appear next to inherited group settings. Not all properties can inherit their value; for example, the Client secret property is specific to each client application.

    Set a client application’s group to inherit settings.
    Figure 1. Inheriting group settings
  4. Inherit settings by clicking their inheritance icons .

    The icon changes to , indicating the setting is inherited.

  5. Save your work.

Configuration changes have the following effects:

  • When you change inherited settings in the group, the client applications get them automatically.

  • When you change a client application’s Group, locked settings inherit from the new group.

  • When you remove or delete a group, Identity Cloud writes inherited settings to the client profile, which you can edit independently.

Copyright © 2010-2024 ForgeRock, all rights reserved.