Create client
Creates a new client. Authorization: Bearer token with clients.write, clients.admin, zones.{zoneId}.admin, or equivalent (SASAdministrators) scope.
1{2 "scope": [3 "openid",4 "uaa.user"5 ],6 "client_id": "app",7 "resource_ids": [8 "none"9 ],10 "authorized_grant_types": [11 "authorization_code"12 ],13 "redirect_uri": [14 "http://example.com/app"15 ],16 "autoapprove": [17 "true"18 ],19 "authorities": [20 "uaa.none"21 ],22 "name": "My custom application",23 "lastModified": 154843976516924}
The client to be created.
The OAuth client information that is passed as input to the POST/PUT calls.
Name | Type | Required | Description |
---|---|---|---|
client_id | string | true | The client identifier that is unique within identity zone. |
authorized_grant_types | array [string] | true | The list of grant types that can be used to obtain a token with this client. Types can include authorization_code, password, implicit, and client_credentials. |
redirect_uri | array [string] | false | The allowed URI pattern for redirect during authorization or "urn:ietf:wg:oauth:2.0:oob" for out-of-band delivery. |
scope | array [string] | false | The list of scopes allowed for the client to obtain on behalf of users, when using any grant type other than "client_credentials". For most SAS Viya APIs, "openid" and "uaa.user" are sufficient. For client applications that only use the grant type "client_credentials" and therefore do not act on behalf of users, use the default scope "uaa.none". |
resource_ids | array [string] | false | The resources that the client is allowed to access. |
authorities | array [string] | false | The list of groups the client is a member of, to access resources and endpoints. |
autoapprove | array [string] | false | The scopes that do not require user approval, or a simple Boolean value to apply to all scopes. |
access_token_validity | integer | false | The time in seconds to access token expiration after it is issued. |
refresh_token_validity | integer | false | The time in seconds to refresh token expiration after it is issued. |
allowedproviders | array [string] | false | The list of the origin keys (alias) for identity providers that the client is limited to. Null implies any identity provider is allowed. |
name | string | false | The human-readable name for the client. |
token_salt | string | false | A random string that is used to generate the client's revocation key. Change this value to revoke all active tokens for the client. |
createdwith | string | false | The scope that the bearer token had when the client was created. |
approvals_deleted | boolean | false | An indication whether the approvals were deleted for the client and an audit event was sent. |
required_user_groups | array [string] | false | A list of group names. If a user does not belong to all the required groups, the user will not be authenticated and no tokens are issued to this client for that user. If this field is not specified, authentication and token issuance proceeds normally. |
client_secret | string | false | The secret string used for authenticating as this client. To support secret rotation this can be a space-delimited string of two secrets. This is required if the client allows authorization_code or client_credentials grant type. |
Status | Meaning | Description | ||
---|---|---|---|---|
201 | Created | A client object was created. The secret is masked in the response. | Headers | Schema |
400 | Bad Request | The request was invalid. |