Dynamic Client Registration

Although called Dynamic Client Registration, this feature only allows the registration of applications. Resource servers are out of scope.

A ResourceServer must be created on the Realm and must have the Community ExternalAuthServer.
This ResourceServer must be assigned to the Realm.resource_server field
The cym.client_registration scopes must be created on the Realm and must be assigned to the Realm.resource_server

Dynamic Client Registration allows a consumer to register new Applications on the Realm. The goal can be to automate a manual process, or to link your API Gateway/Developer Portal to your external identity.

The Dynamic Client Registration Resource is an oAuth2 Protected resource, which is hosted by a Resource Server with the community as its External Auth Server

Attribute	Required	Description
response_types	Yes	Follows the definition from OpenID Dynamic Client Registration
grant_types	Yes	Follows the definition from OpenID Dynamic Client Registration
redirect_uris	Yes	Follows the definition from OpenID Dynamic Client Registration
application_type	Yes	Follows the definition from OpenID Dynamic Client Registration
contacts	No	Follows the definition from OpenID Dynamic Client Registration
client_name	Yes	Follows the definition from OpenID Dynamic Client Registration
logo_uri	No	Follows the definition from OpenID Dynamic Client Registration
client_uri	No	Follows the definition from OpenID Dynamic Client Registration
policy_uri	No	Follows the definition from OpenID Dynamic Client Registration
tos_uri	No	Follows the definition from OpenID Dynamic Client Registration
subject_type	Yes	Follows the definition from OpenID Dynamic Client Registration
token_endpoint_auth_method	Yes	Follows the definition from OpenID Dynamic Client Registration
token_endpoint_auth_signing_alg	No	Only if the `token_endpoint_auth_methods` include `private_key_jwt` or `client_secret_jwt`. Follows the definition from OpenID Dynamic Client Registration
introspection_endpoint_auth_method	Yes	Follows the definition from OAuth 2.0 Authorization Server Metadata
introspection_endpoint_auth_signing_alg	Yes	Only if the `introspection_endpoint_auth_method` include `private_key_jwt` or `client_secret_jwt`.
revocation_endpoint_auth_method	Yes	Follows the definition from OAuth 2.0 Authorization Server Metadata
revocation_endpoint_auth_signing_alg	Yes	Only if the `revocation_endpoint_auth_method` include `private_key_jwt` or `client_secret_jwt`.
post_logout_redirect_uris	No	Follows the definition from OpenID Dynamic Client Registration
frontchannel_logout_uri	No	Follows the definition from OpenID Dynamic Client Registration
frontchannel_logout_session_required	No	Follows the definition from OpenID Dynamic Client Registration
jwks	No	Required if `token_endpoint_auth_methods`, `revocation_endpoint_auth_method` or `introspection_endpoint_auth_method` has value `private_key_jwt`. Follows the definition from OpenID Dynamic Client Registration
id_token_signed_response_alg	Yes	Follows the definition from OpenID Dynamic Client Registration
default_acr_values	No	Follows the definition from OpenID Dynamic Client Registration

Products

Authentication Multifactor Authentication Branding Application Management API Management

Documentation

Fundamentals Guides Develop Object Reference Class Reference

Prerequisites

Fundamentals

Supported Attributes

Products

Documentation