All Downloads are FREE. Search and download functionalities are using the official Maven repository.
  • Log In
  • Register

    • docs.OpenIdConnectApplicationSettingsClient.md Maven / Gradle / Ivy

    Go to download

    The Okta Java SDK API .jar provides a Java API that your code can use to make calls to the Okta API. This .jar is the only compile-time dependency within the Okta SDK project that your code should depend on. Implementations of this API (implementation .jars) should be runtime dependencies only.

    There is a newer version: 21.0.0
    Show newest version
    

# OpenIdConnectApplicationSettingsClient


## Properties

| Name | Type | Description | Notes |
|------------ | ------------- | ------------- | -------------|
|**applicationType** | **OpenIdConnectApplicationType** |  |  [optional] |
|**backchannelAuthenticationRequestSigningAlg** | [**BackchannelAuthenticationRequestSigningAlgEnum**](#BackchannelAuthenticationRequestSigningAlgEnum) | The signing algorithm for Client-Initiated Backchannel Authentication (CIBA) signed requests using JWT. If this value isn't set and a JWT-signed request is sent, the request fails. > **Note:** This property appears for clients with `urn:openid:params:grant-type:ciba` defined as one of the `grant_types`.  |  [optional] |
|**backchannelCustomAuthenticatorId** | **String** | The ID of the custom authenticator that authenticates the user > **Note:** This property appears for clients with `urn:openid:params:grant-type:ciba` defined as one of the `grant_types`.  |  [optional] |
|**backchannelTokenDeliveryMode** | [**BackchannelTokenDeliveryModeEnum**](#BackchannelTokenDeliveryModeEnum) | The delivery mode for Client-Initiated Backchannel Authentication (CIBA).  Currently, only `poll` is supported. > **Note:** This property appears for clients with `urn:openid:params:grant-type:ciba` defined as one of the `grant_types`.  |  [optional] |
|**clientUri** | **String** | URL string of a web page providing information about the client |  [optional] |
|**consentMethod** | **OpenIdConnectApplicationConsentMethod** |  |  [optional] |
|**dpopBoundAccessTokens** | **Boolean** | Indicates that the client application uses Demonstrating Proof-of-Possession (DPoP) for token requests. If `true`, the authorization server rejects token requests from this client that don't contain the DPoP header. > **Note:** If `dpop_bound_access_tokens` is true, then `client_credentials` and `implicit` aren't allowed in `grant_types`.  |  [optional] |
|**frontchannelLogoutSessionRequired** | **Boolean** | <div class=\"x-lifecycle-container\"><x-lifecycle class=\"ea\"></x-lifecycle> <x-lifecycle class=\"oie\"></x-lifecycle></div>Determines whether Okta sends `sid` and `iss` in the logout request |  [optional] |
|**frontchannelLogoutUri** | **String** | <div class=\"x-lifecycle-container\"><x-lifecycle class=\"ea\"></x-lifecycle> <x-lifecycle class=\"oie\"></x-lifecycle></div>URL where Okta sends the logout request |  [optional] |
|**grantTypes** | **List<OAuthGrantType>** |  |  |
|**idpInitiatedLogin** | [**OpenIdConnectApplicationIdpInitiatedLogin**](OpenIdConnectApplicationIdpInitiatedLogin.md) |  |  [optional] |
|**initiateLoginUri** | **String** | URL string that a third party can use to initiate the sign-in flow by the client |  [optional] |
|**issuerMode** | **OpenIdConnectApplicationIssuerMode** |  |  [optional] |
|**jwks** | [**OpenIdConnectApplicationSettingsClientKeys**](OpenIdConnectApplicationSettingsClientKeys.md) |  |  [optional] |
|**jwksUri** | **String** | URL string that references a JSON Web Key Set for validating JWTs presented to Okta |  [optional] |
|**logoUri** | **String** | The URL string that references a logo for the client. This logo appears on the client tile in the End-User Dashboard. It also appears on the client consent dialog during the client consent flow. |  [optional] |
|**participateSlo** | **Boolean** | <div class=\"x-lifecycle-container\"><x-lifecycle class=\"ea\"></x-lifecycle> <x-lifecycle class=\"oie\"></x-lifecycle></div>Allows the app to participate in front-channel Single Logout  > **Note:** You can only enable `participate_slo` for `web` and `browser` application types (`application_type`).  |  [optional] |
|**policyUri** | **String** | URL string of a web page providing the client's policy document |  [optional] |
|**postLogoutRedirectUris** | **List<String>** | Array of redirection URI strings for relying party-initiated logouts |  [optional] |
|**redirectUris** | **List<String>** | Array of redirection URI strings for use in redirect-based flows. > **Note:** At least one `redirect_uris` and `response_types` are required for all client types, with exceptions: if the client uses the [Resource Owner Password ](https://tools.ietf.org/html/rfc6749#section-4.3)flow (`grant_types` contains `password`) or [Client Credentials](https://tools.ietf.org/html/rfc6749#section-4.4)flow (`grant_types` contains `client_credentials`), then no `redirect_uris` or `response_types` is necessary. In these cases, you can pass either null or an empty array for these attributes. |  [optional] |
|**refreshToken** | [**OpenIdConnectApplicationSettingsRefreshToken**](OpenIdConnectApplicationSettingsRefreshToken.md) |  |  [optional] |
|**requestObjectSigningAlg** | [**RequestObjectSigningAlgEnum**](#RequestObjectSigningAlgEnum) | The type of JSON Web Key Set (JWKS) algorithm that must be used for signing request objects |  [optional] |
|**responseTypes** | **List<OAuthResponseType>** | Array of OAuth 2.0 response type strings |  [optional] |
|**sectorIdentifierUri** | **String** | The sector identifier used for pairwise `subject_type`. See [OIDC Pairwise Identifier Algorithm](https://openid.net/specs/openid-connect-messages-1_0-20.html#idtype.pairwise.alg) |  [optional] |
|**subjectType** | [**SubjectTypeEnum**](#SubjectTypeEnum) | Type of the subject |  [optional] |
|**tosUri** | **String** | URL string of a web page providing the client's terms of service document |  [optional] |
|**wildcardRedirect** | [**WildcardRedirectEnum**](#WildcardRedirectEnum) | Indicates if the client is allowed to use wildcard matching of `redirect_uris` |  [optional] |



## Enum: BackchannelAuthenticationRequestSigningAlgEnum

| Name | Value |
|---- | -----|
| HS256 | "HS256" |
| HS384 | "HS384" |
| HS512 | "HS512" |
| RS256 | "RS256" |
| RS384 | "RS384" |
| RS512 | "RS512" |
| ES256 | "ES256" |
| ES384 | "ES384" |
| ES512 | "ES512" |
| UNKNOWN_DEFAULT_OPEN_API | "unknown_default_open_api" |



## Enum: BackchannelTokenDeliveryModeEnum

| Name | Value |
|---- | -----|
| POLL | "poll" |
| PING | "ping" |
| PUSH | "push" |
| UNKNOWN_DEFAULT_OPEN_API | "unknown_default_open_api" |



## Enum: RequestObjectSigningAlgEnum

| Name | Value |
|---- | -----|
| HS256 | "HS256" |
| HS384 | "HS384" |
| HS512 | "HS512" |
| RS256 | "RS256" |
| RS384 | "RS384" |
| RS512 | "RS512" |
| ES256 | "ES256" |
| ES384 | "ES384" |
| ES512 | "ES512" |
| UNKNOWN_DEFAULT_OPEN_API | "unknown_default_open_api" |



## Enum: SubjectTypeEnum

| Name | Value |
|---- | -----|
| PUBLIC | "public" |
| PAIRWISE | "pairwise" |
| UNKNOWN_DEFAULT_OPEN_API | "unknown_default_open_api" |



## Enum: WildcardRedirectEnum

| Name | Value |
|---- | -----|
| DISABLED | "DISABLED" |
| SUBDOMAIN | "SUBDOMAIN" |
| UNKNOWN_DEFAULT_OPEN_API | "unknown_default_open_api" |


## Implemented Interfaces

* Serializable




    © 2015 - 2025 Weber Informatics LLC | Privacy Policy