AzIdP4J supports client registration. Service can register new client by AzIdp#registerClient and delete client by AzIdp#deleteClient. But AzIdP4J doesn't manage client authentication or token authorization so the service may implement it by itself.
These methods return ClientRegistrationResponse or ClientDeleteResponse. These classes express http response.
// If service required authentication or authorization, it must process before AzIdp#registerClient.
var client = new ClientRequest(
Map.of(
"redirect_uris",
Set.of("https://client.example.com/callback"),
"grant_types",
Set.of("authorization_code","implicit"),
"response_types", Set.of("code", "token", "id_token"),
"scope", "openid",
"token_endpoint_auth_method", "client_secret_basic",
"id_token_signed_response_alg", "RS256"));
var response = azIdP.registerClient(client);
// If service required authentication or authorization, it must process before AzIdp#readClient.
azIdP.readClient(response.get("client_id"));
// If service required authentication or authorization, it must process before AzIdp#deleteClient.
azIdP.deleteClient(response.get("client_id"));
All request parameters are optional.
name | description | specification |
---|---|---|
redirect_uris | AzIdP4J allows only registered redirect_uri of Authorization Request. | * OAuth 2.0 * OIDC |
token_endpoint_auth_method | AzIdP4J doesn't support client authentication. The parameter is for only client metadata. | * OAuth 2.0 * OIDC |
token_endpoint_auth_signing_alg | AzIdP4J doesn't support client authentication. The parameter is for only client metadata. | * OIDC |
introspection_endpoint_auth_method | AzIdP4J doesn't support client authentication. The parameter is for only client metadata. | The parameter isn't defined at the specification. But the parameter is expected to be used like token_endpoint_auth_method. |
introspection_endpoint_auth_signing_alg | AzIdP4J doesn't support client authentication. The parameter is for only client metadata. | The parameter isn't defined at the specification. But the parameter is expected to be used like token_endpoint_auth_signing_alg. |
revocation_endpoint_auth_method | AzIdP4J doesn't support client authentication. The parameter is for only client metadata. | The parameter isn't defined at the specification. But the parameter is expected to be used like token_endpoint_auth_method. |
revocation_endpoint_auth_signing_alg | AzIdP4J doesn't support client authentication. The parameter is for only client metadata. | The parameter isn't defined at the specification. But the parameter is expected to be used like token_endpoint_auth_signing_alg. |
grant_types | AzIdP4J allows only registered grant_type. | * OAuth 2.0 * OIDC |
application_type | Just client metadata. | * OIDC |
response_types | AzIdP4J allows only registered response_type of Authorization Request. | * OAuth 2.0 * OIDC |
client_name | Just client metadata. | * OAuth 2.0 * OIDC |
client_uri | Just client metadata. | * OAuth 2.0 * OIDC |
logo_uri | Just client metadata. | * OAuth 2.0 * OIDC |
scope | Scopes that client can issue. | * OAuth 2.0 |
contacts | Just client metadata. | * OAuth 2.0 * OIDC |
tos_uri | Just client metadata. | * OAuth 2.0 * OIDC |
policy_uri | Just client metadata. | * OAuth 2.0 * OIDC |
jwks_uri | AzIdP4J doesn't use client jwks. It's just for service implementations about like client authentication. | * OAuth 2.0 * OIDC |
jwks | AzIdP4J doesn't use client jwks. It's just for service implementations about like client authentication. | * OAuth 2.0 * OIDC |
software_id | Just client metadata. | * OAuth 2.0 * OIDC |
software_version | Just client metadata. | * OAuth 2.0 * OIDC |
id_token_signed_response_alg | Signing algorithm of ID Token for the client. | * OIDC |
default_max_age | Default max_age for Authorization Request. | * OIDC |
default_acr_values | Default authentication context class reference for the client. | * OIDC |
require_auth_time | AzIdP4J always returns auth_time claim. It's just client metadata. | * OIDC |
initiate_login_uri | Just client metadata. | * OIDC |
All Requested metadata with following parameters are returned.
name | description | specification |
---|---|---|
client_id | Client identifier. Key of ClientStore. | * OAuth 2.0 * OIDC |
client_secret | Client secret for client authetnication. But AzIdP4J doesn't support client authentication. The value is refered via ClientStore. | * OAuth 2.0 * OIDC |
registration_access_token | Access token for client configuration endpoint. But AzIdP4J doesn't support authorization. The token can be introspected by AzIdP#introspect. The value is returend only clientConfigurationEndpointIssuer configured. | * OAuth 2.0 * OIDC |
registration_client_uri | Client configuration endpoint. But AzIdP4J doesn't support web endpoint. The value is decided by clientConfigurationEndpointIssuer. The value is returend only clientConfigurationEndpointIssuer configured. | * OAuth 2.0 * OIDC |
When the service wants to use client for like client authentication, service can find the registered client via ClientStore.
var response = azIdP.registerClient(client);
var client = clientStore.find(response.get("client_id"));
// using client for service specific requirements