Update an oauth client by Id

PUT /reg/:ClientId

Request

Path Parameters

ClientId stringrequired

Possible values: >= 1

The oauth ClientId

Header Parameters

x-fapi-auth-date string

Possible values: Value must match regular expression ^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4} \d{2}:\d{2}:\d{2} (GMT|UTC)$

The time when the PSU last logged in with the TPP. All dates in the HTTP headers are represented as RFC 7231 Full Dates. An example is below: Sun, 10 Sep 2017 19:43:31 UTC

x-fapi-customer-ip-address string

The PSU's IP address if the PSU is currently logged in with the TPP.

x-fapi-interaction-id string

An RFC4122 UID used as a correlation id.

x-customer-user-agent string

Indicates the user-agent that the PSU is using.

application/json

Body

required

Client Update Request

id_token_signed_response_alg IdTokenSignedResponseAlgorithm (string)required

Possible values: [PS256, RS256]

Default value: PS256

Signing algorithm that a client expects the server to return an id_token with. Must be PS256

token_endpoint_auth_method TokenEndpointAuthMethod (string)required

Possible values: non-empty and <= 60 characters, [private_key_jwt, tls_client_auth, client_secret_basic]

Default value: private_key_jwt

Token endpoint authentication method

jwks_uri stringrequired

Possible values: Value must match regular expression ^(http://|https://).*

Link to the application active jwks

tls_client_auth_subject_dn string

Possible values: <= 250 characters

The DN of the certificate that will be used to authenticate to this client

redirect_uris string[]required

redirect_uris uri must be provided. For client_credentials this should be an empty array.

post_logout_redirect_uris uri[]

Possible values: <= 255 characters, Value must match regular expression ^(http://|https://).*

response_types string[]required

response_types uri must be provided. For client_credentials this should be an empty array

grant_types string[]required

grant_types uri must be provided. For client_credentials this should be array containing ["client_credentials"]

authorization_details_types string[]

Possible values: Value must match regular expression ^[^<>]*$

Defines whether or not a client is allowed to send RAR requests with authorization_details of specific types

scope stringrequired

scopes to be tagged

organisation_id OrganisationId (string)required

Possible values: non-empty and <= 40 characters, Value must match regular expression ^[^<>]*$

Unique ID associated with the organisation

organisation_name stringrequired

Possible values: non-empty and <= 255 characters

organisation_number stringrequired

Possible values: non-empty and <= 255 characters

the cnpj number of the organisation

software_id SoftwareStatementId (string)

Possible values: <= 40 characters, Value must match regular expression ^[^<>]*$

Unique Software Statement Id

software_name string

Possible values: non-empty and <= 255 characters

Software Statement client name

software_roles string[]required

array of software roles

software_description string

Possible values: <= 255 characters

additional_software_metadata

object

property name* any

client_id stringrequired

client_secret stringrequired

software_statement SoftwareStatementAssertion (string)

Possible values: <= 4000 characters, Value must match regular expression ^[^<>]*$

A signed JWT (JWS)

require_signed_request_object RequireSignedRequestObject (boolean)

Default value: true

Require a signed request object. If this is set to false, the client will not be FAPI compliant

tls_client_certificate_bound_access_tokens TlsClientCertificateBoundAccessTokens (boolean)

Default value: true

Are the tokens issued for this client bound to a client tls certificate

Responses

Creates an OAuth Client in the OpenID Server

Response Headers

x-fapi-interaction-id
string

application/json

Schema
Example (from schema)

Schema

application_type string

Possible values: [web]

Default value: web

OIDC application type response

grant_types string[]

grant_types

authorization_details_types string[]

Possible values: Value must match regular expression ^[^<>]*$

Defines whether or not a client is allowed to send RAR requests with authorization_details of specific types

id_token_signed_response_alg IdTokenSignedResponseAlgorithm (string)

Possible values: [PS256, RS256]

Default value: PS256

Signing algorithm that a client expects the server to return an id_token with. Must be PS256

require_auth_time boolean

subject_type string

response_types string[]

response_types

post_logout_redirect_uris string[]

post_logout_redirect_uris

tls_client_certificate_bound_access_token boolean

token_endpoint_auth_method TokenEndpointAuthMethod (string)

Possible values: non-empty and <= 60 characters, [private_key_jwt, tls_client_auth, client_secret_basic]

Default value: private_key_jwt

Token endpoint authentication method

introspection_endpoint_auth_method string

revocation_endpoint_auth_method string

client_id_issued_at number

client_id string

jwks_uri string

registration_client_uri string

management uri location to manage client post creation

registration_access_token string

token used to manage client post creation

redirect_uris string[]

redirect_uris

organisation_id OrganisationId (string)

Possible values: non-empty and <= 40 characters, Value must match regular expression ^[^<>]*$

Unique ID associated with the organisation

organisation_name string

Possible values: non-empty and <= 255 characters

organisation_number string

Possible values: non-empty and <= 255 characters

the cnpj number of the organisation

software_roles string[]

array of software roles

software_id string

Possible values: non-empty and <= 255 characters

software_name string

Possible values: non-empty and <= 255 characters

Software Statement client name

software_description string

Possible values: <= 255 characters

request_object_signing_alg string

require_signed_request_object boolean

require_pushed_authorization_requests boolean

authorization_signed_response_alg string

backchannel_user_code_parameter boolean

client_secret_expires_at number

client_secret string

scope string

tls_client_certificate_bound_access_tokens TlsClientCertificateBoundAccessTokens (boolean)

Default value: true

Are the tokens issued for this client bound to a client tls certificate

{
  "application_type": "web",
  "grant_types": [
    "string"
  ],
  "authorization_details_types": [
    "string"
  ],
  "id_token_signed_response_alg": "PS256",
  "require_auth_time": true,
  "subject_type": "string",
  "response_types": [
    "string"
  ],
  "post_logout_redirect_uris": [
    "string"
  ],
  "tls_client_certificate_bound_access_token": true,
  "token_endpoint_auth_method": "private_key_jwt",
  "introspection_endpoint_auth_method": "string",
  "revocation_endpoint_auth_method": "string",
  "client_id_issued_at": 0,
  "client_id": "string",
  "jwks_uri": "string",
  "registration_client_uri": "string",
  "registration_access_token": "string",
  "redirect_uris": [
    "string"
  ],
  "organisation_id": "string",
  "organisation_name": "string",
  "organisation_number": "string",
  "software_roles": [
    "string"
  ],
  "software_id": "string",
  "software_name": "string",
  "software_description": "string",
  "request_object_signing_alg": "string",
  "require_signed_request_object": true,
  "require_pushed_authorization_requests": true,
  "authorization_signed_response_alg": "string",
  "backchannel_user_code_parameter": true,
  "client_secret_expires_at": 0,
  "client_secret": "string",
  "scope": "string",
  "tls_client_certificate_bound_access_tokens": true
}

Creates an OAuth Client in the OpenID Server

Response Headers

x-fapi-interaction-id
string

application/json

Schema
Example (from schema)

Schema

application_type string

Possible values: [web]

Default value: web

OIDC application type response

grant_types string[]

grant_types

authorization_details_types string[]

Possible values: Value must match regular expression ^[^<>]*$

Defines whether or not a client is allowed to send RAR requests with authorization_details of specific types

id_token_signed_response_alg IdTokenSignedResponseAlgorithm (string)

Possible values: [PS256, RS256]

Default value: PS256

Signing algorithm that a client expects the server to return an id_token with. Must be PS256

require_auth_time boolean

subject_type string

response_types string[]

response_types

post_logout_redirect_uris string[]

post_logout_redirect_uris

tls_client_certificate_bound_access_token boolean

token_endpoint_auth_method TokenEndpointAuthMethod (string)

Possible values: non-empty and <= 60 characters, [private_key_jwt, tls_client_auth, client_secret_basic]

Default value: private_key_jwt

Token endpoint authentication method

introspection_endpoint_auth_method string

revocation_endpoint_auth_method string

client_id_issued_at number

client_id string

jwks_uri string

registration_client_uri string

management uri location to manage client post creation

registration_access_token string

token used to manage client post creation

redirect_uris string[]

redirect_uris

organisation_id OrganisationId (string)

Possible values: non-empty and <= 40 characters, Value must match regular expression ^[^<>]*$

Unique ID associated with the organisation

organisation_name string

Possible values: non-empty and <= 255 characters

organisation_number string

Possible values: non-empty and <= 255 characters

the cnpj number of the organisation

software_roles string[]

array of software roles

software_id string

Possible values: non-empty and <= 255 characters

software_name string

Possible values: non-empty and <= 255 characters

Software Statement client name

software_description string

Possible values: <= 255 characters

request_object_signing_alg string

require_signed_request_object boolean

require_pushed_authorization_requests boolean

authorization_signed_response_alg string

backchannel_user_code_parameter boolean

client_secret_expires_at number

client_secret string

scope string

tls_client_certificate_bound_access_tokens TlsClientCertificateBoundAccessTokens (boolean)

Default value: true

Are the tokens issued for this client bound to a client tls certificate

{
  "application_type": "web",
  "grant_types": [
    "string"
  ],
  "authorization_details_types": [
    "string"
  ],
  "id_token_signed_response_alg": "PS256",
  "require_auth_time": true,
  "subject_type": "string",
  "response_types": [
    "string"
  ],
  "post_logout_redirect_uris": [
    "string"
  ],
  "tls_client_certificate_bound_access_token": true,
  "token_endpoint_auth_method": "private_key_jwt",
  "introspection_endpoint_auth_method": "string",
  "revocation_endpoint_auth_method": "string",
  "client_id_issued_at": 0,
  "client_id": "string",
  "jwks_uri": "string",
  "registration_client_uri": "string",
  "registration_access_token": "string",
  "redirect_uris": [
    "string"
  ],
  "organisation_id": "string",
  "organisation_name": "string",
  "organisation_number": "string",
  "software_roles": [
    "string"
  ],
  "software_id": "string",
  "software_name": "string",
  "software_description": "string",
  "request_object_signing_alg": "string",
  "require_signed_request_object": true,
  "require_pushed_authorization_requests": true,
  "authorization_signed_response_alg": "string",
  "backchannel_user_code_parameter": true,
  "client_secret_expires_at": 0,
  "client_secret": "string",
  "scope": "string",
  "tls_client_certificate_bound_access_tokens": true
}

Not found

Response Headers

x-fapi-interaction-id
string

application/json

Schema
Example (from schema)

Schema

errors string[]

Validation Error messages

{
  "errors": [
    "string"
  ]
}

Update an oauth client by Id

/reg/:ClientId

Request​

Path Parameters

Header Parameters

Body

Responses​

Request

Responses