View an OpenID Connect Client

Endpoint URL: {identityDomain}/{customerId}config/clients/{oidcClientId}



Description

Returns information about the specified OpenID Connect (OIDC) client. 

The Akamai Identity Cloud supports two types of OIDC clients:

  • Confidential clients. Clients capable of securely maintaining a client secret; this secret is then used when the client is employed to help manage user logins and registrations. Confidential clients can be used by both end-user facing applications and machine-to-machine applications.

    The Identity Cloud also supports configuration clients. Like confidential clients, configuration clients have a client secret. However, configuration clients are not employed for managing for user logins and registrations; instead, these clients are used to acquire access tokens needed to call other OpenID Connect configuration endpoints. Because they aren’t used for logins and registrations, configuration clients are not assigned a logon policy and are not associated with an application client. If your API response includes a confidential client that is not associated with a login policy or an application client, that’s a configuration client.

  • Public clients. Clients (such as native mobile apps and single page apps) not capable of keeping a secret confidential. Because of that, public clients must use PKCE (Proof Key for Code Exchange) when assisting with user logins and registrations. Public clients can only be used by end-user facing applications.

Keep in mind that, when returning information for a confidential client, the client secret will not be returned: at this point in time there is no way to access a confidential client secret after the fact. If you forget your client secret (or if you have reason to change a client secret), you can do so by using the /secret endpoint.


Respects the API Client Allow List: No


Authentication

This endpoint requires token-based authentication. To obtain an access token, you must use a configuration client (using the client ID as the username and the client secret as the password) to access the /{customerId}/login/token endpoint. The access token returned from the /{customerId}/login/token endpoint is then used in the Authorization header of your API call. For example, if you get back the access token Ki712dpGq5GPQcsxMHY6ShHY7wU_iTs0o9dPx4TEzf5yLIvddjnDVBJxjPDucf5YVB then your Authorization header would look like this when using Curl:

-H 'Authorization: Bearer Ki712dpGq5GPQcsxMHY6ShHY7wU_iTs0o9dPx4TEzf5yLIvddjnDVBJxjPDucf5YVB'

In Postman, set the Authorization Type to Bearer and use the access token as the value of the Token field.


Path Parameters

The path parameters that must be included in the request are listed in the following table:

NameTypeRequiredDescription

{customerId}

string

Yes

Unique identifier of the customer associated with the OIDC client.

{oidcClientId}

string

Yes

Unique identifier of the OIDC client to be returned.


Sample Request (Curl)

The following command returns information about the OIDC client with the client ID 6be73a3a-5bf0-4190-a0de-698aa409ff28:

curl -X GET \
  https://v1.api.us.janrain.com/01000000-0000-3000-9000-000000000000/config/clients/6be73a3a-5bf0-4190-a0de-698aa409ff28 \
  -H 'Authorization: Bearer Ki712dpGq5GPQcsxMHY6ShHY7wU_iTs0o9dPx4TEzf5yLIvddjnDVBJxjPDucf5YVB'


Responses

200 OK

If your call to this endpoint succeeds, you'll get back detailed information for the specified OIDC client:

{
    "id": "6be73a3a-5bf0-4190-a0de-698aa409ff28",
    "name": "Akamai Documentation Login Client",
    "redirectURIs": ["https://localhost"],
    "loginPolicy": "b8097975-93c7-46db-8cfe-19609e67eadb",
    "tokenPolicy": "2dcae965-0d56-4961-a98e-f98583e30bb9",
    "type": "public",
    "_links": {
        "self": {
            "href": "/01000000-0000-3000-9000-000000000000/config/clients/6be73a3a-5bf0-4190-a0de-698aa409ff28"
        }
    }
}


Response Codes

The following table includes information about some of the response codes that you might encounter when calling this endpoint.

Response CodeDescription

400

Bad request. Typically a syntax error: you might have left off a parameter or misspelled the parameter name. 

401

Authentication required or Invalid credentials. You either did not specify an authentication method for the call (this endpoint requires token-based authentication) or the token was rejected. In the latter case, this could be because the token is not valid or because the token has expired.

403

Forbidden. You do not have permission to access the requested resource.

404

Customer client not found. Either you specified an invalid client (use the/config/{customerId}/clients endpoint to retrieve a list of valid client IDs) or the OIDC client has been deleted.

409

Dependency error