Step 5: Create an OIDC client and/or modify your existing client (optional)

Getting Started GuideConfigure redirect URIs
Identity Cloud DocumentationOpenID Connect Clients
VideoCreating an OIDC Login Client



Call the /config/clients endpoint using the POST method to create an OIDC client for your Hosted Login implementation. Two things to keep in mind when creating or modifying your OIDC login clients: 

  • Although you can use either public clients or confidential clients for user logins and registrations, Akamai strongly recommends you use public clients. That’s because public clients don’t require you to maintain and exchange client secrets.

  • You’ll need to add at least one redirect URI to your login clients. Each authorization request includes a redirect_uri parameter that specifies the URL of the page the user is sent to following a successful authentication. However, this URL must be included in the redirectURIs property of your OIDC login client. If it isn’t, your authorization request fails with an “invalid_redirect_uri” error.

When configuring Bearer token authorization for this call, use the configuration token you provisioned in step 2.


Request Template

curl -X POST \
https://v1.api.<region>.janrain.com/<customer-id>/config/clients \
  -H 'Authorization: Bearer <token> \
  -H 'Content-Type: application/json' \
  -d '{
  "loginPolicy": "<login-policy-id>",
  "name": "<new-oidc-client-name>",
  "redirectURIs": [
    "<redirect-uri>"
  ],
  "tokenPolicy": "<token-policy-id>",
  "type": "<confidential-or-public>"
}'


Example Request

curl -X POST \
https://v1.api.us.janrain.com/12345678-1234-1234-1234-123456789012/config/clients \
  -H 'Authorization: Bearer 123abc456...def789ghi' \
  -H 'Content-Type: application/json' \
  -d '{
  "loginPolicy": "1ab23c45-6789-0123-d4ef-5g678h90ijk1",
  "name": "Property 1 OIDC Client",
  "redirectURIs": [
    "https://mydomain.com"
  ],
  "tokenPolicy": "a123bcde-4f56-7890-gh12-i34j567k8l90",
  "type": "public"
}'


Example Response

{
"id": "1ab23456-7c8d-90ef-g123-45hij6789012",
"name": "Property 1 OIDC Client",
    "redirectURIs": [
"https://mydomain.com"
    ],
    "loginPolicy": "1ab23c45-6789-0123-d4ef-5g678h90ijk1",
"tokenPolicy": "a123bcde-4f56-7890-gh12-i34j567k8l90",
    "type": "public",
    "_links": {
        "self": {
            "href": "/config/12345678-1234-1234-1234-123456789012/clients/1ab23456-7c8d-90ef-g123-45hij6789012"
        },
        "application_client": {
            "href": "/config/1abcdef2g3hijklmno4pqrs5tu/clients/abcdefghi12jkl3m4nopqr5stuvwxy67"
        }
    }
}

The response contains the ID of the OIDC client you just created. If you want to review this client configuration in the future, call the /config/clients/{oidcClientId} endpoint with the GET method.

Note regarding confidential clients. The client secret is returned in the response when you create a confidential client. If you need to access the secret in the future, call the/config/clients/{oidcClientId}/secret endpoint with the GET method.


  Step 6: Add Application Settings