2.2 Registering the OAuth Client Application

Access Manager issues token to the confidential clients. To get the token, you must register the OAuth client application with Access Manager Identity Server (authorization server).

2.2.1 Requirements

To register, ensure that you have the information about the following requirements:

  • A valid account is created in the Access Manager Identity Server (authorization server).

  • The account is enabled with the OAuth developer role.

  • (Conditional)

    If you require Identity Server to issue the refresh token, you must inform the Access Manager administrator to enable the Refresh Token option in the OAuth global settings.

    If the administrator has not enabled the Refresh Token option in the OAuth Global Settings, Identity Server will not issue the refresh token even when you register the application using the token type as refresh token.

    NOTE:Refresh tokens are issued for authorization code flow and resource owner flow.

  • The credentials to access the user portal of Access Manager.

    To get the credentials, check with the Access Manager administrator. Also, get the URL and port of the Access Manager Identity Server to log in to the user portal.

    The following URL is a sample URL that you will get from the administrator:


  • The client application redirection URIs, where Identity Server can send the tokens.

    NOTE:The urn:ietf:wg:oauth:2.0:oob redirect URI is supported for only authorization code flow.

Also, to get the endpoint details of Identity Server, see OAuth Metadata Endpoint.

2.2.2 Registering the OAuth Client Application

You can register the client application by using any one of the following options:

  • Register the client application using the Access Manager user portal.

    1. Log in to the Access Manager user portal.

      Sample URL: https://<IDPServer:port>/nidp/portal

    2. Navigate to User > Administer OAuth Apps > Register New Client.

    3. Specify the client configuration details.

      For more information about each field, see the context sensitive help.

      NOTE:Select Grants Required based on the OAuth flow that you have decided using the first step, Selecting the Authorization Grant Type.

    4. For refresh tokens, select Refresh Token in Token Types.

  • Register using Rest API.

    Send an API request to the registration endpoint (https://<Identity Server URL: Port Number>/nidp/oauth/nam/clients) and include the following required OAuth parameters:

    • client_name: Name of the application

    • redirect_uris: Redirection URI values

      The value, urn:ietf:wg:oauth:2.0:oob is supported only for authorization code flow.

    • grant_types: select the grant types based on the OAuth flow that you have decided.

      The grant_type can be refresh_token when using authorization code flow or resource owner flow.

    For more information about sending request to the registration endpoint, see Section 4.1, Registration Endpoint.

After the registration is successful, you will receive the client id and the client secret, using this you can initiate the OAuth flow.