Field | Description |
Name | Name of a third-party provider. For example, Amazon. You can also use one of the following pre-configured third-party providers that is shipped with the API Gateway installation: OKTA PingFederate Note: Considerations while using the PingFederate providers: If you want to use the pre-configured PingFederate provider, you have to use the Admin APIs for dynamic client registration for registering clients. If you want to use the DCR API, you can create a provider to use DCR API. But, you cannot update or delete the clients created using the DCR API. |
Client metadata field mapping | Specifies the mapping of dynamic client registration specification to that of the client implementation of the provider. |
Client metadata field mapping | fields are required when you are adding a third-party provider that is not shipped with API Gateway. |
Specification name | The client metadata attributes in accordance with the dynamic client registration specification as defined in RFC 7591. The available values are: redirect_uris. Redirection URL that the authorization server uses to redirect the authorization code once the authorization request is approved by end user. Note: If you do not specify this attribute, API Gateway automatically generates the URL. token_endpoint_auth_method. The client authentication method at the token endpoint. grant_types. The grant type of authorization flow to obtain authorization codes, ID tokens, and refresh tokens. application_type response_types. The type of response that the client application uses at the authorization endpoint. client_name. Name of the client to use to represent the client application to the end user during authorization. client_uri. URL of the client application. logo_uri. URL of an image to use to represent the client application to the end user during authorization. Note: The logo_uri is currently not supported in API Gateway. scope. List of user-authorized scopes that the client uses for requesting access tokens. Note: If you do not specify this attribute, the authorization server registers the client with a default set of scopes. contacts. The means (for example, Email address) by which end users can contact the client for support requests. tos_uri. URL of the service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client. Note: The tos_uri is currently not supported in API Gateway. jwks_uri. URL of the JSON Web Key (JWK) Set document containing the client's public keys. Note: The jwks_uri is currently not supported in API Gateway. client_id. Identifier that is unique to the client application. client_secret. The password or phrase for the client application to use to authorize communication with the end user. |
Implementation name | The client metadata attributes that are used by the authorization server, but are not in accordance with the dynamic client registration specification. Example: For the redirect_uris field, provide the value redirectUris. For the grant_types field, provide the value grantTypes. For the client_name field, provide the value name. For the logo_uri field, provide the value logoUrl. For the client_id field, provide the value clientId. For the client_secret field, provide the value secret. |
Extended request parameters | Specifies the additional client metadata attributes that are specific to the authorization server, and are not specified in the dynamic client registration specification. In PingFederate (For example): forceSecretChange = true |
Type | Specifies the client metadata attribute type. The available values are: Client read, Client registration, Client update, Client delete. |
Key | The client metadata attribute key that is specific to the authorization server. |
Value | A value for the client metadata attribute key. When sending requests to the authorization server, this value is appended to all requests. You can add multiple request parameters by clicking + Add. |
Application profile. Specifies the application profile that is specific to the authorization server. | |
Type | Specifies custom application type other than web and native. By default, the web and native application is added. You can add multiple application type by clicking + Add. You can also modify and delete the added application type by clicking the respective Edit or Delete icon. |