| ApplicationType |
OpenIdConnectApplicationType |
|
[optional] |
| BackchannelAuthenticationRequestSigningAlg |
string |
The signing algorithm for Client-Initiated Backchannel Authentication (CIBA) signed requests using JWT. If this value isn't set and a JWT-signed request is sent, the request fails. > Note: This property appears for clients with `urn:openid:params:grant-type:ciba` defined as one of the `grant_types`. |
[optional] |
| BackchannelCustomAuthenticatorId |
string |
The ID of the custom authenticator that authenticates the user > Note: This property appears for clients with `urn:openid:params:grant-type:ciba` defined as one of the `grant_types`. |
[optional] |
| BackchannelTokenDeliveryMode |
string |
The delivery mode for Client-Initiated Backchannel Authentication (CIBA). Currently, only `poll` is supported. > Note: This property appears for clients with `urn:openid:params:grant-type:ciba` defined as one of the `grant_types`. |
[optional] |
| ClientUri |
string |
URL string of a web page providing information about the client |
[optional] |
| ConsentMethod |
OpenIdConnectApplicationConsentMethod |
|
[optional] |
| DpopBoundAccessTokens |
bool |
Indicates that the client application uses Demonstrating Proof-of-Possession (DPoP) for token requests. If `true`, the authorization server rejects token requests from this client that don't contain the DPoP header. > Note: If `dpop_bound_access_tokens` is true, then `client_credentials` and `implicit` aren't allowed in `grant_types`. |
[optional] [default to false] |
| FrontchannelLogoutSessionRequired |
bool |
<x-lifecycle-container><x-lifecycle class="ea"></x-lifecycle> <x-lifecycle class="oie"></x-lifecycle></x-lifecycle-container>Determines whether Okta sends `sid` and `iss` in the logout request |
[optional] |
| FrontchannelLogoutUri |
string |
<x-lifecycle-container><x-lifecycle class="ea"></x-lifecycle> <x-lifecycle class="oie"></x-lifecycle></x-lifecycle-container>URL where Okta sends the logout request |
[optional] |
| GrantTypes |
List<GrantType> |
|
|
| IdTokenEncryptedResponseAlg |
KeyEncryptionAlgorithm |
|
[optional] |
| IdpInitiatedLogin |
OpenIdConnectApplicationIdpInitiatedLogin |
|
[optional] |
| InitiateLoginUri |
string |
URL string that a third party can use to initiate the sign-in flow by the client |
[optional] |
| IssuerMode |
OpenIdConnectApplicationIssuerMode |
|
[optional] |
| Jwks |
OpenIdConnectApplicationSettingsClientKeys |
|
[optional] |
| JwksUri |
string |
URL string that references a JSON Web Key Set for validating JWTs presented to Okta or for encrypting ID tokens minted by Okta for the client |
[optional] |
| LogoUri |
string |
The URL string that references a logo for the client. This logo appears on the client tile in the End-User Dashboard. It also appears on the client consent dialog during the client consent flow. |
[optional] |
| Network |
OpenIdConnectApplicationNetwork |
|
[optional] |
| ParticipateSlo |
bool |
<x-lifecycle-container><x-lifecycle class="ea"></x-lifecycle> <x-lifecycle class="oie"></x-lifecycle></x-lifecycle-container>Allows the app to participate in front-channel Single Logout > Note: You can only enable `participate_slo` for `web` and `browser` application types (`application_type`). |
[optional] |
| PolicyUri |
string |
URL string of a web page providing the client's policy document |
[optional] |
| PostLogoutRedirectUris |
List<string> |
Array of redirection URI strings for relying party-initiated logouts |
[optional] |
| RedirectUris |
List<string> |
Array of redirection URI strings for use in redirect-based flows. > Note: At least one `redirect_uris` and `response_types` are required for all client types, with exceptions: if the client uses the Resource Owner Password flow (`grant_types` contains `password`) or Client Credentialsflow (`grant_types` contains `client_credentials`), then no `redirect_uris` or `response_types` is necessary. In these cases, you can pass either null or an empty array for these attributes. |
[optional] |
| RefreshToken |
OpenIdConnectApplicationSettingsRefreshToken |
|
[optional] |
| RequestObjectSigningAlg |
string |
The type of JSON Web Key Set (JWKS) algorithm that must be used for signing request objects |
[optional] |
| ResponseTypes |
List<OAuthResponseType> |
Array of OAuth 2.0 response type strings |
[optional] |
| SectorIdentifierUri |
string |
The sector identifier used for pairwise `subject_type`. See OIDC Pairwise Identifier Algorithm |
[optional] |
| SubjectType |
string |
Type of the subject |
[optional] |
| TosUri |
string |
URL string of a web page providing the client's terms of service document |
[optional] |
| WildcardRedirect |
string |
Indicates if the client is allowed to use wildcard matching of `redirect_uris` |
[optional] |