AzIdP4J supports client registration. Service can register new client by AzIdp#registerClient and delete client by AzIdp#deleteClient. But AzIdP4J doesn't manage client authentication or token authorization so the service may implement it by itself.
These methods return ClientRegistrationResponse or ClientDeleteResponse. These classes express http response.
// If service required authentication or authorization, it must process before AzIdp#registerClient.
var client = new ClientRequest(
Map.of(
"redirect_uris",
Set.of("https://client.example.com/callback"),
"grant_types",
Set.of("authorization_code","implicit"),
"response_types", Set.of("code", "token", "id_token"),
"scope", "openid",
"token_endpoint_auth_method", "client_secret_basic",
"id_token_signed_response_alg", "RS256"));
var response = azIdP.registerClient(client);
// If service required authentication or authorization, it must process before AzIdp#readClient.
azIdP.readClient(response.get("client_id"));
// If service required authentication or authorization, it must process before AzIdp#deleteClient.
azIdP.deleteClient(response.get("client_id"));All request parameters are optional.
| name | description | specification |
|---|---|---|
| redirect_uris | AzIdP4J allows only registered redirect_uri of Authorization Request. | * OAuth 2.0 * OIDC |
| token_endpoint_auth_method | AzIdP4J doesn't support client authentication. The parameter is for only client metadata. | * OAuth 2.0 * OIDC |
| token_endpoint_auth_signing_alg | AzIdP4J doesn't support client authentication. The parameter is for only client metadata. | * OIDC |
| introspection_endpoint_auth_method | AzIdP4J doesn't support client authentication. The parameter is for only client metadata. | The parameter isn't defined at the specification. But the parameter is expected to be used like token_endpoint_auth_method. |
| introspection_endpoint_auth_signing_alg | AzIdP4J doesn't support client authentication. The parameter is for only client metadata. | The parameter isn't defined at the specification. But the parameter is expected to be used like token_endpoint_auth_signing_alg. |
| revocation_endpoint_auth_method | AzIdP4J doesn't support client authentication. The parameter is for only client metadata. | The parameter isn't defined at the specification. But the parameter is expected to be used like token_endpoint_auth_method. |
| revocation_endpoint_auth_signing_alg | AzIdP4J doesn't support client authentication. The parameter is for only client metadata. | The parameter isn't defined at the specification. But the parameter is expected to be used like token_endpoint_auth_signing_alg. |
| grant_types | AzIdP4J allows only registered grant_type. | * OAuth 2.0 * OIDC |
| application_type | Just client metadata. | * OIDC |
| response_types | AzIdP4J allows only registered response_type of Authorization Request. | * OAuth 2.0 * OIDC |
| client_name | Just client metadata. | * OAuth 2.0 * OIDC |
| client_uri | Just client metadata. | * OAuth 2.0 * OIDC |
| logo_uri | Just client metadata. | * OAuth 2.0 * OIDC |
| scope | Scopes that client can issue. | * OAuth 2.0 |
| contacts | Just client metadata. | * OAuth 2.0 * OIDC |
| tos_uri | Just client metadata. | * OAuth 2.0 * OIDC |
| policy_uri | Just client metadata. | * OAuth 2.0 * OIDC |
| jwks_uri | AzIdP4J doesn't use client jwks. It's just for service implementations about like client authentication. | * OAuth 2.0 * OIDC |
| jwks | AzIdP4J doesn't use client jwks. It's just for service implementations about like client authentication. | * OAuth 2.0 * OIDC |
| software_id | Just client metadata. | * OAuth 2.0 * OIDC |
| software_version | Just client metadata. | * OAuth 2.0 * OIDC |
| id_token_signed_response_alg | Signing algorithm of ID Token for the client. | * OIDC |
| default_max_age | Default max_age for Authorization Request. | * OIDC |
| default_acr_values | Default authentication context class reference for the client. | * OIDC |
| require_auth_time | AzIdP4J always returns auth_time claim. It's just client metadata. | * OIDC |
| initiate_login_uri | Just client metadata. | * OIDC |
All Requested metadata with following parameters are returned.
| name | description | specification |
|---|---|---|
| client_id | Client identifier. Key of ClientStore. | * OAuth 2.0 * OIDC |
| client_secret | Client secret for client authetnication. But AzIdP4J doesn't support client authentication. The value is refered via ClientStore. | * OAuth 2.0 * OIDC |
| registration_access_token | Access token for client configuration endpoint. But AzIdP4J doesn't support authorization. The token can be introspected by AzIdP#introspect. The value is returend only clientConfigurationEndpointIssuer configured. | * OAuth 2.0 * OIDC |
| registration_client_uri | Client configuration endpoint. But AzIdP4J doesn't support web endpoint. The value is decided by clientConfigurationEndpointIssuer. The value is returend only clientConfigurationEndpointIssuer configured. | * OAuth 2.0 * OIDC |
When the service wants to use client for like client authentication, service can find the registered client via ClientStore.
var response = azIdP.registerClient(client);
var client = clientStore.find(response.get("client_id"));
// using client for service specific requirements