4.1 Registration Endpoint

To register a client application, the HTTP method value must be POST. Identity Server uses the following endpoint for registering a client application:

https://<Identity Server URL: Port Number>/nidp/oauth/nam/clients

The endpoint requires the following OAuth parameters for client registration or modification:

Parameter	Required	Description
client_name	Required	The Name of the client application
redirect_uris	Required	The redirection URI values used by the client application
application_type	Optional	Web or native
response_types	Optional	The following list contains the supported values for response_types: code code token code id_token token id_token id_token token access_token refresh_token
grant_types If you do not specify a grant type, the default grant type is used. The default value is authorization_code.	Optional	The following are the supported values for grant_types: authorization_code implicit refresh_token password (resource owner credentials) client_credentials saml2-bearer
alwaysIssueNewRefreshToken	Optional	Specify true as a value to issue a new refresh token on every refresh token request.
tokenFormat This parameter is applicable from Access Manager 4.5 Service Pack 1 onwards.	Optional	By default the token format is set to default. NOTE:When an administrator changes the format, the changed format will be seen only for the newly issued tokens. The following are the supported token formats: default: The default format is controlled by an administrator. The administrator can set the default format globally for a specific Identity Server (Authorization server). If the administrator has not set the format, then JWT is the default format. Whenever the Access Manager administrator changes the token format globally for a specific Identity Server, the default format also changes to the same for registered client application. binary: The Binary option is recommended only if you have an existing client application that cannot use the jwt format because of the browser restrictions for the length of the parameter values. This value will not change when the Access Manager administrator changes the token format globally for a specific Identity Server. jwt: This is the recommended option. The token format will always be jwt even when the administrator changes the format in the global settings of Identity Server (authorization server).
authzCodeTTL	Optional	Specify the duration in minute, after how long the authorization code becomes invalid.
accessTokenTTL	Optional	Specify the duration in minute, after how long the Access token and ID token become invalid.
refreshTokenTTL	Optional	Specify the duration in minute after how long the Refresh token becomes invalid.
corsdomains	Optional	If you want to allow access for requests from only selected domains. Specify the domain(s) as JSON array. For example: [“beem://www.test.com”, “fb://app.local.url”, “https://namapp.com”]
logo_uri	Optional	Specify the URL of the logo that you want to include in the consent page. For example: https://client.example.org/logo.png
policy_uri	Optional	URL of the Relying Party Client’s privacy policy. For example: https://client.example.org/privacypolicy
tos_uri	Optional	URL of the Relying Party's terms of service. For example: https://client.example.org/terms
contacts	Optional	Email addresses of people related to this client application
jwks_uri	Optional	Specify the URI of the JSON file containing the json web keys. This key set contains signing keys that the relying party uses to validate signatures from the OpenID provider. For example: https://client.example.org/my_public_keys.jwks
id_token_signed_response_alg	Optional	Specify the ID Token Signed Response Algorithm. This algorithm is required for signing the ID token issued to the client
id_token_encrypted_response_alg	Optional	Specify the algorithm used to encrypt the key
id_token_encrypted_response_enc	Optional	Specify the algorithm used to encrypt the content.