メインコンテンツまでスキップ
API docs by Redocly

idp-server コントロールプレーン クライアント管理 API (1.0.0)

Download OpenAPI specification:Download

クライアントの管理API仕様書

organization-client

組織レベルクライアント管理

Create client within organization tenant

組織内の特定のテナントに新しいOAuth/OIDCクライアントを作成します

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Request Body schema: application/json
required
client_id
string <uuid>

一意クライアント識別子。他の登録済みクライアントで現在有効であってはいけない。

client_id_alias
string <= 255 characters

一意クライアントIDエイリアス

client_secret
string

OPTIONAL. Client Secret. The same Client Secret value MUST NOT be assigned to multiple Clients.

client_name
string

OPTIONAL. Name of the Client to be presented to the End-User.

client_uri
string <uri>

OPTIONAL. URL of the home page of the Client.

logo_uri
string <uri>

OPTIONAL. URL that references a logo for the Client application.

contacts
Array of strings

OPTIONAL. Array of e-mail addresses of people responsible for this Client.

policy_uri
string <uri>

OPTIONAL. URL that the Relying Party Client provides to the End-User to read about how the profile data will be used.

tos_uri
string <uri>

OPTIONAL. URL that the Relying Party Client provides to the End-User to read about the Relying Party's terms of service.

jwks_uri
string <uri>

OPTIONAL. URL for the Client's JWK Set document, which MUST use the https scheme.

jwks
string

OPTIONAL. Client's JWK Set document, passed by value.

application_type
string
Default: "web"
Enum: "native" "web"

OPTIONAL. Kind of the application. The default, if omitted, is web.

grant_types
Array of strings
Items Enum: "authorization_code" "implicit" "refresh_token" "password" "client_credentials" "urn:openid:params:grant-type:ciba"

List of OAuth 2.0 grant types the client can use

redirect_uris
required
Array of strings <uri> [ items <uri > ]

List of valid redirect URIs for the client

response_types
Array of strings
Items Enum: "code" "token" "id_token" "code token" "code id_token" "token id_token" "code token id_token" "none"

List of OAuth 2.0 response types the client can use

scope
string

Space-separated list of OAuth 2.0 scopes

token_endpoint_auth_method
string
Enum: "client_secret_post" "client_secret_basic" "client_secret_jwt" "private_key_jwt" "none"

Authentication method for the token endpoint

subject_type
string
Enum: "pairwise" "public"

OPTIONAL. subject_type requested for responses to this Client.

sector_identifier_uri
string <uri>

OPTIONAL. URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP.

id_token_signed_response_alg
string
Enum: "none" "RS256" "ES256" "HS256"

OPTIONAL. JWS alg algorithm REQUIRED for signing the ID Token issued to this Client.

id_token_encrypted_response_alg
string
Enum: "RSA1_5" "A128KW"

OPTIONAL. JWE alg algorithm REQUIRED for encrypting the ID Token issued to this Client.

id_token_encrypted_response_enc
string
Enum: "A128CBC-HS256" "A128GCM" "A256GCM"

OPTIONAL. JWE enc algorithm REQUIRED for encrypting the ID Token issued to this Client.

userinfo_signed_response_alg
string
Enum: "none" "RS256" "ES256" "HS256"

OPTIONAL. JWS alg algorithm REQUIRED for signing UserInfo Responses.

userinfo_encrypted_response_alg
string
Enum: "RSA1_5" "A128KW"

OPTIONAL. JWE alg algorithm REQUIRED for encrypting UserInfo Responses.

userinfo_encrypted_response_enc
string
Enum: "A128CBC-HS256" "A128GCM" "A256GCM"

OPTIONAL. JWE enc algorithm REQUIRED for encrypting UserInfo Responses.

request_object_signing_alg
string
Enum: "none" "RS256" "ES256" "HS256"

OPTIONAL. JWS alg algorithm that MUST be used for signing Request Objects sent to the OP.

request_object_encryption_alg
string
Enum: "RSA1_5" "A128KW"

OPTIONAL. JWE alg algorithm the RP is declaring that it may use for encrypting Request Objects sent to the OP.

request_object_encryption_enc
string
Enum: "A128CBC-HS256" "A128GCM" "A256GCM"

OPTIONAL. JWE enc algorithm the RP is declaring that it may use for encrypting Request Objects sent to the OP.

token_endpoint_auth_signing_alg
string
Enum: "none" "RS256" "ES256" "HS256"

OPTIONAL. JWS alg algorithm that MUST be used for signing the JWT used to authenticate the Client at the Token Endpoint.

default_max_age
integer

OPTIONAL. Default Maximum Authentication Age.

require_auth_time
boolean
Default: false

OPTIONAL. Boolean value specifying whether the auth_time Claim in the ID Token is REQUIRED.

default_acr_values
Array of strings

OPTIONAL. Default requested Authentication Context Class Reference values.

initiate_login_uri
string <uri>

OPTIONAL. URI using the https scheme that a third party can use to initiate a login by the RP.

request_uris
Array of strings <uri> [ items <uri > ]

OPTIONAL. Array of request_uri values that are pre-registered by the RP for use at the OP.

software_id
string <uuid>

OPTIONAL. Software identifier

software_version
string

OPTIONAL. Software version

object

OPTIONAL. Extension properties for client configuration

Responses

Request samples

Content type
application/json
{
  • "client_id": "5b3fa7ba-57d3-4017-a65b-d57dcd2db643",
  • "client_id_alias": "string",
  • "client_secret": "string",
  • "client_name": "string",
  • "client_uri": "http://example.com",
  • "logo_uri": "http://example.com",
  • "contacts": [
    ],
  • "policy_uri": "http://example.com",
  • "tos_uri": "http://example.com",
  • "jwks_uri": "http://example.com",
  • "jwks": "string",
  • "application_type": "native",
  • "grant_types": [
    ],
  • "redirect_uris": [],
  • "response_types": [
    ],
  • "scope": "string",
  • "token_endpoint_auth_method": "client_secret_post",
  • "subject_type": "pairwise",
  • "sector_identifier_uri": "http://example.com",
  • "id_token_signed_response_alg": "none",
  • "id_token_encrypted_response_alg": "RSA1_5",
  • "id_token_encrypted_response_enc": "A128CBC-HS256",
  • "userinfo_signed_response_alg": "none",
  • "userinfo_encrypted_response_alg": "RSA1_5",
  • "userinfo_encrypted_response_enc": "A128CBC-HS256",
  • "request_object_signing_alg": "none",
  • "request_object_encryption_alg": "RSA1_5",
  • "request_object_encryption_enc": "A128CBC-HS256",
  • "token_endpoint_auth_signing_alg": "none",
  • "default_max_age": 0,
  • "require_auth_time": false,
  • "default_acr_values": [
    ],
  • "initiate_login_uri": "http://example.com",
  • "request_uris": [],
  • "software_id": "27caa3f5-790d-4c74-b6eb-c82815d170bb",
  • "software_version": "string",
  • "extension": {
    }
}

Response samples

Content type
application/json
{
  • "dry_run": true,
  • "result": {
    }
}

List clients within organization tenant

組織内の特定のテナントのOAuth/OIDCクライアント一覧を取得します

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

query Parameters
limit
integer [ 1 .. 1000 ]
Default: 20

返すアイテムの最大数

offset
integer >= 0
Default: 0

アイテムを返す開始インデックス

client_id
string

特定のクライアントIDでフィルタリング

client_name
string

クライアント名でフィルタリング

client_id_alias
string

クライアントID別名でフィルタリング

client_uri
string

クライアントURIでフィルタリング

application_type
string
Enum: "web" "native"

アプリケーションタイプでフィルタリング

grant_types
string

グラントタイプでフィルタリング(カンマ区切り)

response_types
string

レスポンスタイプでフィルタリング(カンマ区切り)

token_endpoint_auth_method
string
Enum: "client_secret_basic" "client_secret_post" "client_secret_jwt" "private_key_jwt" "tls_client_auth" "self_signed_tls_client_auth" "none"

トークンエンドポイント認証方式でフィルタリング

scope
string

スコープでフィルタリング(スペース区切り)

enabled
boolean

有効/無効ステータスでフィルタリング

from
string <date-time>

作成日時の開始(ISO 8601形式)

to
string <date-time>

作成日時の終了(ISO 8601形式)

Responses

Response samples

Content type
application/json
{
  • "list": [
    ],
  • "total_count": 0,
  • "limit": 0,
  • "offset": 0
}

Get client within organization tenant

組織内のテナントの特定のOAuth/OIDCクライアントを取得します

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

client-id
required
string

OAuth/OIDCクライアントの識別子

Responses

Response samples

Content type
application/json
{
  • "client_id": "5b3fa7ba-57d3-4017-a65b-d57dcd2db643",
  • "client_id_alias": "string",
  • "client_secret": "string",
  • "redirect_uris": [
    ],
  • "response_types": [
    ],
  • "grant_types": [
    ],
  • "application_type": "native",
  • "contacts": [
    ],
  • "client_name": "string",
  • "logo_uri": "http://example.com",
  • "client_uri": "http://example.com",
  • "policy_uri": "http://example.com",
  • "tos_uri": "http://example.com",
  • "jwks_uri": "http://example.com",
  • "jwks": "string",
  • "sector_identifier_uri": "http://example.com",
  • "subject_type": "pairwise",
  • "id_token_signed_response_alg": "none",
  • "id_token_encrypted_response_alg": "RSA1_5",
  • "id_token_encrypted_response_enc": "A128CBC-HS256",
  • "userinfo_signed_response_alg": "none",
  • "userinfo_encrypted_response_alg": "RSA1_5",
  • "userinfo_encrypted_response_enc": "A128CBC-HS256",
  • "request_object_signing_alg": "none",
  • "request_object_encryption_alg": "RSA1_5",
  • "request_object_encryption_enc": "A128CBC-HS256",
  • "token_endpoint_auth_method": "client_secret_post",
  • "token_endpoint_auth_signing_alg": "none",
  • "default_max_age": 0,
  • "require_auth_time": false,
  • "default_acr_values": [
    ],
  • "initiate_login_uri": "http://example.com",
  • "request_uris": [],
  • "software_id": "27caa3f5-790d-4c74-b6eb-c82815d170bb",
  • "software_version": "string",
  • "extension": {
    }
}

Update client within organization tenant

組織内のテナントの特定のOAuth/OIDCクライアントを更新します

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

client-id
required
string

OAuth/OIDCクライアントの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Request Body schema: application/json
required
client_name
string

OPTIONAL. Name of the Client to be presented to the End-User.

client_id_alias
string <= 255 characters

一意クライアントIDエイリアス

client_secret
string

OPTIONAL. Client Secret. The same Client Secret value MUST NOT be assigned to multiple Clients.

client_uri
string <uri>

OPTIONAL. URL of the home page of the Client.

logo_uri
string <uri>

OPTIONAL. URL that references a logo for the Client application.

contacts
Array of strings

OPTIONAL. Array of e-mail addresses of people responsible for this Client.

policy_uri
string <uri>

OPTIONAL. URL that the Relying Party Client provides to the End-User to read about how the profile data will be used.

tos_uri
string <uri>

OPTIONAL. URL that the Relying Party Client provides to the End-User to read about the Relying Party's terms of service.

jwks_uri
string <uri>

OPTIONAL. URL for the Client's JWK Set document, which MUST use the https scheme.

jwks
string

OPTIONAL. Client's JWK Set document, passed by value.

application_type
string
Default: "web"
Enum: "native" "web"

OPTIONAL. Kind of the application. The default, if omitted, is web.

grant_types
Array of strings
Items Enum: "authorization_code" "implicit" "refresh_token" "password" "client_credentials" "urn:openid:params:grant-type:ciba"

List of OAuth 2.0 grant types the client can use

redirect_uris
Array of strings <uri> [ items <uri > ]

List of valid redirect URIs for the client

response_types
Array of strings
Items Enum: "code" "token" "id_token" "code token" "code id_token" "token id_token" "code token id_token" "none"

List of OAuth 2.0 response types the client can use

scope
string

Space-separated list of OAuth 2.0 scopes

token_endpoint_auth_method
string
Enum: "client_secret_post" "client_secret_basic" "client_secret_jwt" "private_key_jwt" "none"

Authentication method for the token endpoint

subject_type
string
Enum: "pairwise" "public"

OPTIONAL. subject_type requested for responses to this Client.

sector_identifier_uri
string <uri>

OPTIONAL. URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP.

id_token_signed_response_alg
string
Enum: "none" "RS256" "ES256" "HS256"

OPTIONAL. JWS alg algorithm REQUIRED for signing the ID Token issued to this Client.

id_token_encrypted_response_alg
string
Enum: "RSA1_5" "A128KW"

OPTIONAL. JWE alg algorithm REQUIRED for encrypting the ID Token issued to this Client.

id_token_encrypted_response_enc
string
Enum: "A128CBC-HS256" "A128GCM" "A256GCM"

OPTIONAL. JWE enc algorithm REQUIRED for encrypting the ID Token issued to this Client.

userinfo_signed_response_alg
string
Enum: "none" "RS256" "ES256" "HS256"

OPTIONAL. JWS alg algorithm REQUIRED for signing UserInfo Responses.

userinfo_encrypted_response_alg
string
Enum: "RSA1_5" "A128KW"

OPTIONAL. JWE alg algorithm REQUIRED for encrypting UserInfo Responses.

userinfo_encrypted_response_enc
string
Enum: "A128CBC-HS256" "A128GCM" "A256GCM"

OPTIONAL. JWE enc algorithm REQUIRED for encrypting UserInfo Responses.

request_object_signing_alg
string
Enum: "none" "RS256" "ES256" "HS256"

OPTIONAL. JWS alg algorithm that MUST be used for signing Request Objects sent to the OP.

request_object_encryption_alg
string
Enum: "RSA1_5" "A128KW"

OPTIONAL. JWE alg algorithm the RP is declaring that it may use for encrypting Request Objects sent to the OP.

request_object_encryption_enc
string
Enum: "A128CBC-HS256" "A128GCM" "A256GCM"

OPTIONAL. JWE enc algorithm the RP is declaring that it may use for encrypting Request Objects sent to the OP.

token_endpoint_auth_signing_alg
string
Enum: "none" "RS256" "ES256" "HS256"

OPTIONAL. JWS alg algorithm that MUST be used for signing the JWT used to authenticate the Client at the Token Endpoint.

default_max_age
integer

OPTIONAL. Default Maximum Authentication Age.

require_auth_time
boolean
Default: false

OPTIONAL. Boolean value specifying whether the auth_time Claim in the ID Token is REQUIRED.

default_acr_values
Array of strings

OPTIONAL. Default requested Authentication Context Class Reference values.

initiate_login_uri
string <uri>

OPTIONAL. URI using the https scheme that a third party can use to initiate a login by the RP.

request_uris
Array of strings <uri> [ items <uri > ]

OPTIONAL. Array of request_uri values that are pre-registered by the RP for use at the OP.

software_id
string <uuid>

OPTIONAL. Software identifier

software_version
string

OPTIONAL. Software version

object

OPTIONAL. Extension properties for client configuration

Responses

Request samples

Content type
application/json
{
  • "client_name": "string",
  • "client_id_alias": "string",
  • "client_secret": "string",
  • "client_uri": "http://example.com",
  • "logo_uri": "http://example.com",
  • "contacts": [
    ],
  • "policy_uri": "http://example.com",
  • "tos_uri": "http://example.com",
  • "jwks_uri": "http://example.com",
  • "jwks": "string",
  • "application_type": "native",
  • "grant_types": [
    ],
  • "redirect_uris": [],
  • "response_types": [
    ],
  • "scope": "string",
  • "token_endpoint_auth_method": "client_secret_post",
  • "subject_type": "pairwise",
  • "sector_identifier_uri": "http://example.com",
  • "id_token_signed_response_alg": "none",
  • "id_token_encrypted_response_alg": "RSA1_5",
  • "id_token_encrypted_response_enc": "A128CBC-HS256",
  • "userinfo_signed_response_alg": "none",
  • "userinfo_encrypted_response_alg": "RSA1_5",
  • "userinfo_encrypted_response_enc": "A128CBC-HS256",
  • "request_object_signing_alg": "none",
  • "request_object_encryption_alg": "RSA1_5",
  • "request_object_encryption_enc": "A128CBC-HS256",
  • "token_endpoint_auth_signing_alg": "none",
  • "default_max_age": 0,
  • "require_auth_time": false,
  • "default_acr_values": [
    ],
  • "initiate_login_uri": "http://example.com",
  • "request_uris": [],
  • "software_id": "27caa3f5-790d-4c74-b6eb-c82815d170bb",
  • "software_version": "string",
  • "extension": {
    }
}

Response samples

Content type
application/json
{
  • "dry_run": true,
  • "result": {
    }
}

Delete client within organization tenant

組織内のテナントの特定のOAuth/OIDCクライアントを削除します

path Parameters
organization-id
required
string <uuid>

組織の識別子

tenant-id
required
string

テナントの識別子

client-id
required
string

OAuth/OIDCクライアントの識別子

query Parameters
dry_run
boolean
Default: false

trueの場合、リクエストの検証のみで実行はされません

Responses

Response samples

Content type
application/json
{
  • "message": "string",
  • "client_id": "string"
}