ResourceServer
must be created on the Realm and must have the Community ExternalAuthServer.Realm.resource_server
fieldcym.client_registration
scopes must be created on the Realm and must be assigned to the Realm.resource_server
community
as its External Auth ServerAttribute | Required | Description |
---|---|---|
response_types | Yes | Follows the definition from OpenID Dynamic Client Registration |
grant_types | Yes | Follows the definition from OpenID Dynamic Client Registration |
redirect_uris | Yes | Follows the definition from OpenID Dynamic Client Registration |
application_type | Yes | Follows the definition from OpenID Dynamic Client Registration |
contacts | No | Follows the definition from OpenID Dynamic Client Registration |
client_name | Yes | Follows the definition from OpenID Dynamic Client Registration |
logo_uri | No | Follows the definition from OpenID Dynamic Client Registration |
client_uri | No | Follows the definition from OpenID Dynamic Client Registration |
policy_uri | No | Follows the definition from OpenID Dynamic Client Registration |
tos_uri | No | Follows the definition from OpenID Dynamic Client Registration |
subject_type | Yes | Follows the definition from OpenID Dynamic Client Registration |
token_endpoint_auth_method | Yes | Follows the definition from OpenID Dynamic Client Registration |
token_endpoint_auth_signing_alg | No | Only if the token_endpoint_auth_methods include private_key_jwt or client_secret_jwt . Follows the definition from OpenID Dynamic Client Registration |
introspection_endpoint_auth_method | Yes | Follows the definition from OAuth 2.0 Authorization Server Metadata |
introspection_endpoint_auth_signing_alg | Yes | Only if the introspection_endpoint_auth_method include private_key_jwt or client_secret_jwt . |
revocation_endpoint_auth_method | Yes | Follows the definition from OAuth 2.0 Authorization Server Metadata |
revocation_endpoint_auth_signing_alg | Yes | Only if the revocation_endpoint_auth_method include private_key_jwt or client_secret_jwt . |
post_logout_redirect_uris | No | Follows the definition from OpenID Dynamic Client Registration |
frontchannel_logout_uri | No | Follows the definition from OpenID Dynamic Client Registration |
frontchannel_logout_session_required | No | Follows the definition from OpenID Dynamic Client Registration |
jwks | No | Required if token_endpoint_auth_methods , revocation_endpoint_auth_method or introspection_endpoint_auth_method has value private_key_jwt . Follows the definition from OpenID Dynamic Client Registration |
id_token_signed_response_alg | Yes | Follows the definition from OpenID Dynamic Client Registration |
default_acr_values | No | Follows the definition from OpenID Dynamic Client Registration |