OIDC Clients and the site_name Property

When you create an OpenID Connect (OIDC) login client, you give that client a name. By default, the name you give your OIDC client also becomes the value of the site_name setting for the application client associated with the new client. For example, if you create an OIDC client named Site Name Check, the application client’s site_name property is also set to Site Name Check:

So, does it matter what value is assigned to the site_name property? Well, it might; after all, the site_name value is used to label your browser tab:

Similarly, if you’re running Hosted Login v2, the site name is prominently displayed on the sign-in screen:

And, at the risk of belaboring the point, the site name is also used in several of your transactional emails. Taken together, that means that, yes, the value assigned to the site_name property probably does matter to you. 

You probably already know all that. So then what's the purpose of this article? Well, as noted, when you create an OIDC login client the site_name property value is automatically set to the name of that client. (And no, there’s no way to avoid that.) However, after the client has been created you can use Console (or the Configuration APIs) to change the site name (and just the site name). For example, here we’ve changed the site name from Site Name Check to Identity Cloud Documentation:

As you might expect, Identity Cloud Documentation is now the name we see on the sign-in screen (and in our browser tab and in our transactional emails):

That also means that our site name (Identity Cloud Documentation) is no longer the same as our OIDC client name (Site Name Check). And that’s fine: although the two names start out the same, they don’t have to remain the same. You can change the value of the site_name property anytime you want, and without affecting the name of the OIDC client.

However (and this is important), you can’t change the OIDC client name without affecting the site name as well. For example, suppose we want to change the name of our OIDC client to Renamed OIDC Client. That’s something we can do by using a Curl command similar to this:

curl -L -X PUT \
  'https://v1.api.us.janrain.com/e0a70b4f-1eef-4856-bcdb-f050fee66aae/config/clients/d6a5ca1c-98ca-4022-b298-e8fe7da0747b' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer 1ugkxcajMI3nHGscC-pc-0EGmbizqACWbwDZMRfazkRDZYtE_Kp14AYHvZgaDnoR' \
  --data-raw '{
    "name": "Renamed OIDC Client",
    "redirectURIs": ["https://oidc-playground.akamai.com/redirect_uri"],
    "loginPolicy": "466b54f2-d7b2-492c-8e3a-7de9db5d012a",
    "tokenPolicy": "6c4e5591-7e91-4167-91c2-dd21170da59f",
    "type": "public"
  }
'

That command changes the name of the OIDC client; however, it also changes the value assigned to the site_name property (and, again, there's no way to prevent this from happening):

In turn, that causes the sign-in screen to use the new site_name value as well:

That can potentially be a bit of problem. For example, maybe you've come up with a new internal naming scheme for your OIDC clients; as a result, you give those clients new names like prod-oidc-001-us-09765-a24. That’s great, and these new names might be very meaningful and very useful inside your organization. As for users outside of your organization, well …. But you have no choice in the matter: if you change an OIDC client name you’ll also change the value of the site_name property.

No exceptions.

Fortunately, there's an easy fix for this: after you've changed your client name (e.g., to Renamed OIDC Client), just use Console or the Configuration APIs to switch the site_name setting back to its previous value (for example, resetting the value to Identity Cloud Documentation). In other words;

At that point, your OIDC client name and your site_name value will be different. And, in this case, that's exactly what we want: a client name aimed at people inside your organization, and a user-friendly site name aimed at people outside your organization..

In other words:

And what if you don’t change the name of your OIDC client? Then you have nothing to worry about: the site name isn’t going to change unless you go in and change it.