3. Create a Basic Client

🌟 Key Concept: A Client﻿ is an application that can request Resources from the Resource Server. Client requests can be made either on behalf of an end user or directly from the Client itself.
This example setup demonstrates how to create a basic Client using the IDENTOS Authorization Server.
TODO: Add overview diagram with step emphasized.
This setup will... TODO: Introduce example.
Prerequisites
This setup has no prerequisites.
Step-by-Step Setup
To create a Client in the Authorization Server, we'll need to:
Define the Client as an OAuth 2.0 client in the Authorization Server.
For our example, we'll assume that the hospital's Blood Glucose App already exists at a known URI. In an actual authorization flow, this Client would already hold the authorization keys necessary for accessing the Resource Server.
For a full explanation of each operation and its parameters, see Create a Client﻿.
1
Define the Client as an OAuth 2.0 Client
Run the Admin API call below to define the blood-glucose-app Client located at https://bg-app.fakehospital.com/ as an OAuth 2.0 client in the Authorization Server's oauth-client-metadata and oauth-client databases.
Since this will be the second OAuth client in our Authorization Server, the blood-glucose-app will be id = 2 in both databases.
Curl
curl --location -g --request PATCH '{{AS_ADMIN_URI}}' \
--header 'Content-Type: application/vnd.api+json; ext=jsonpatch' \
--header 'Authorization: {{AS_ADMIN_STATIC_TOKEN}}' \
--header 'ApiVersion: v1.0' \
--header 'Accept-Language: en' \
--data-raw '[
   
    {
        "op": "add",
        "path": "/oauth-client-metadata",
        "value": {
            "id": 2,
            "type": "oauth-client-metadata",
            "attributes": {
                "issuerUri": "https://bg-app.fakehospital.com/",
                "clientAuthenticationType": "private_key_jwt",
                "clientType": "CONFIDENTIAL",
                "grantTypes": "client_credentials",
                "jwksRaw": null,
                "jwksUri": "https://bg-app.fakehospital.com/jwks",
                "scopes": "uma_protection",
                "clientSecret": null
            }
        }
    },
    {
        "op": "add",
        "path": "/oauth-client",
        "value": {
            "type": "oauth-client",
            "id": 2,
            "attributes": {
                "clientId": "blood-glucose-app",
                "clientName": "Blood Glucose App",
                "redirectUris": [
                    "https://blg-app.fakehospital.com/",
                    "{{AS_URI}}"
                ]
            },
            "relationships": {
                "oAuthClientMetaData": {
                    "data": {
                        "type": "oauth-client-metadata",
                        "id": 2
                    }
                }
            }
        }
    },
]'
curl --location -g --request PATCH '{{AS_ADMIN_URI}}' \
--header 'Content-Type: application/vnd.api+json; ext=jsonpatch' \
--header 'Authorization: {{AS_ADMIN_STATIC_TOKEN}}' \
--header 'ApiVersion: v1.0' \
--header 'Accept-Language: en' \
--data-raw '[
   
    {
        "op": "add",
        "path": "/oauth-client-metadata",
        "value": {
            "id": 2,
            "type": "oauth-client-metadata",
            "attributes": {
                "issuerUri": "https://bg-app.fakehospital.com/",
                "clientAuthenticationType": "private_key_jwt",
                "clientType": "CONFIDENTIAL",
                "grantTypes": "client_credentials",
                "jwksRaw": null,
                "jwksUri": "https://bg-app.fakehospital.com/jwks",
                "scopes": "uma_protection",
                "clientSecret": null
            }
        }
    },
    {
        "op": "add",
        "path": "/oauth-client",
        "value": {
            "type": "oauth-client",
            "id": 2,
            "attributes": {
                "clientId": "blood-glucose-app",
                "clientName": "Blood Glucose App",
                "redirectUris": [
                    "https://blg-app.fakehospital.com/",
                    "{{AS_URI}}"
                ]
            },
            "relationships": {
                "oAuthClientMetaData": {
                    "data": {
                        "type": "oauth-client-metadata",
                        "id": 2
                    }
                }
            }
        }
    },
]'
﻿
2
View the Client (Optional)
Now check to see if the Client exists.
Curl
curl --location -g --request GET '{{AS_ADMIN_URI}}/oauth-client/4' \
--header 'Content-Type: application/vnd.api+json' \
--header 'ApiVersion: v1.0' \
--header 'Authorization: {{AS_ADMIN_STATIC_TOKEN}}' \
--header 'Accept-Language: en'
curl --location -g --request GET '{{AS_ADMIN_URI}}/oauth-client/4' \
--header 'Content-Type: application/vnd.api+json' \
--header 'ApiVersion: v1.0' \
--header 'Authorization: {{AS_ADMIN_STATIC_TOKEN}}' \
--header 'Accept-Language: en'
﻿
Next Steps
✅ You just created a basic Client in the Authorization Server! 
Next step: Proceed to 4. Get an Access Token﻿ to learn how to create and grant an Access Token to the Client you created.
Learn more: Read the Create a Client﻿ guide to learn more about creating and managing Clients in the Authorization Server.
﻿
Updated 23 Apr 2024
Did this page help you?
2. Create a Basic Resource
4. Get an Access Token