Update OAuth client secret through AM REST API

Tagged: , ,

This topic has 3 replies, 3 voices, and was last updated 4 weeks ago by Scott Heger.

  • Author
    Posts
  • #28213
     ray.deng83
    Participant

    Hi there, is it possible to update an OAuth client’s secret by calling AM’s REST APIs? I can’t find documentation on that. Thanks.

    Best,
    Le

    #28216
     ray.deng83
    Participant

    I know the secret can be updated through Admin console. But the question is what if the end client would like to update the secret. Any suggestion? Thanks.

    • This reply was modified 4 weeks, 1 day ago by ray.deng83.
    #28221

    The client_secret is to be assigned by the Authorization server, and therefore, a client cannot simply update it. If you attempt to update this value via the /register endpoint, you will get a 400 Bad Request error.

    #28222
     Scott Heger
    Participant

    While a client can’t update the client_secret, it certainly can be updated via REST using an account with appropriate privileges. The admin console (XUI) uses REST to talk to the AM server. So using your browser tools you can do an update of a client and see the call and parameters the XUI is using and follow that pattern. But you didn’t hear that from me. :)

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?