Skip to content

Get an OAuth/OIDC client.

GET
/api/admin/clients/{id}
Code sample: Shell / cURL
curl --request GET \
--url https://auth.example.com/api/admin/clients/example \
--header 'Authorization: Bearer <token>'

Get Client in the Clients area. Use this operation to retrieve client data without mutating tenant state.

id
required
string
X-Tenant-Id
string

Tenant selector for multi-tenant admin requests.

OAuth/OIDC client response.

Media type application/json
object
client
required
object
client_name
required
string
>= 1 characters
description
string | null
redirect_uris
required
Array<string>
>= 1 items
grant_types
required
Array<string>
Allowed values: authorization_code refresh_token client_credentials urn:ietf:params:oauth:grant-type:device_code urn:openid:params:grant-type:ciba urn:ietf:params:oauth:grant-type:token-exchange
response_types
required
Array<string>
Allowed values: code id_token token
scope
string
logo_uri
string format: uri
client_uri
string format: uri
policy_uri
string format: uri
tos_uri
string format: uri
contacts
Array<string>
token_endpoint_auth_method
string
Allowed values: none client_secret_basic client_secret_post client_secret_jwt private_key_jwt
subject_type
string
Allowed values: public pairwise
sector_identifier_uri
string format: uri
is_trusted
boolean
skip_consent
boolean
allow_claims_without_scope
boolean
allowed_redirect_origins
Array<string>
web_origin_registry
object | null
require_pkce
boolean
application_type
string
Allowed values: web native service
trust_group
string | null
browser_public_client_mode
string | null
Allowed values: disabled enabled required
browser_refresh_token_policy
string | null
Allowed values: disabled rotation persistent
native_sso_enabled
boolean | null
native_channel_allowed
boolean | null
allowed_channels
Array<string> | null
token_exchange_allowed
boolean
allowed_subject_token_clients
Array<string> | null
allowed_token_exchange_resources
Array<string> | null
delegation_mode
string
Allowed values: none delegation impersonation
client_credentials_allowed
boolean
allowed_scopes
Array<string> | null
default_scope
string | null
default_audience
string | null
default_resource
string | null
client_id
required
string
client_secret

Returned only on secret-issuing operations such as client creation or regeneration.

string
tenant_id
string
created_at
One of:
integer
updated_at
One of:
integer
Example
{
"client": {
"grant_types": [
"authorization_code"
],
"response_types": [
"code"
],
"token_endpoint_auth_method": "none",
"subject_type": "public",
"application_type": "web",
"browser_public_client_mode": "disabled",
"browser_refresh_token_policy": "disabled",
"delegation_mode": "none"
}
}

Error response.

Media type application/json
object
error
string
message
string
error_description
string
key
additional properties
Example generated
{
"error": "example",
"message": "example",
"error_description": "example"
}