Skip to main content

 Services

Web services from /about to /webhooks

oauth client

/oauth/members/{member}/clients/{client} [PATCH]

Description

Updates an OAuth client.

If the client URI changes, this service updates the CORS origin accordingly.

Parameters

NameDescriptionRequiredTypeDefault value
access-token-max-ageThe max age of the access tokens in secondsnolong
app
The name of the app (informational)nostring
client-secretThe client secretnostring
client-uriThe URL for the client app (informational)nourl
descriptionThe description of this client (informational)nostring
grant-typeThe grant type allowed for this clientnoenum
identifierThe OAuth 2.0 client ID - 16 digit hexadecimal number (admin only)nostring
memberThe member ID or username for this client (admin only)nostring
nameThe name of the client (informational)nostring
redirect-uriThe redirection URI specific to this clientnourl
refresh-token-max-ageThe max age of the refresh tokens in secondsnolong
scopeA space separated list of scopes allowed for this client e.g. openid profile emailnostring
webhook-secretThe secret used for signing webhook requests (between 24 and 64 characters long)nostring

The valid grant types are: authorization_code|password|client_credentials

Support for the implicit grant type has been removed in version 6.

Permission

Members can update their own OAuth client but cannot change its member or client ID (member and identifier parameters).

An administrators can update any client.

Response

This service returns a <client> element wrapped in a <client-modification>.

<client-modification>
  <client id="1"
          identifier="2aa92c5a79baf3fe"
          requires-consent="false"
          confidential="false"
          name="My app"
          grant-type="authorization_code"
          [created="2020-03-08T12:34:00+10:00"]
          [modified="2020-03-10T11:24:00+10:00"]
          [last-token="2020-05-10T10:28:00+10:00"]
          [app="Timesheet"]
          [webhook-secret="S0meP@ssw0d"]
          [redirect-uri="http://example.org/login"]
          [description="My example timesheet"]
          [client-uri="http://example.org"]
          [scope="openid profile email"]
          access-token-max-age="7200"
          refresh-token-max-age="0">
    <member id="45" ...>
      <fullname>John Smith</fullname>
    </member>
  </client>
</client-modification>

Error Handling

HTTP codeCondition
400The name is already in use
400Maximum number of clients for this member has been reached
400Invalid grant-type, member or client-uri or redirect-uri parameter
403The client is not owned by the member
400No matching client for ID

The maximum number of clients a non-administrator member can have is 10.

Created on , last edited on