Update OAuth client secret through AM REST API

Tagged: , ,

This topic has 3 replies, 3 voices, and was last updated 4 weeks ago by Scott Heger.

  • Author
  • #28213

    Hi there, is it possible to update an OAuth client’s secret by calling AM’s REST APIs? I can’t find documentation on that. Thanks.



    I know the secret can be updated through Admin console. But the question is what if the end client would like to update the secret. Any suggestion? Thanks.

    • This reply was modified 4 weeks, 1 day ago by ray.deng83.

    The client_secret is to be assigned by the Authorization server, and therefore, a client cannot simply update it. If you attempt to update this value via the /register endpoint, you will get a 400 Bad Request error.

     Scott Heger

    While a client can’t update the client_secret, it certainly can be updated via REST using an account with appropriate privileges. The admin console (XUI) uses REST to talk to the AM server. So using your browser tools you can do an update of a client and see the call and parameters the XUI is using and follow that pattern. But you didn’t hear that from me. :)

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?