register-api-client

register-api-client 
[-b value | --bootstrap-config=value] 
[-t value | --tool-password=value]
[-k value | --keystore-file=value]
<-n value | --name=value> 
{-Svalue}
[-p value | --client-profile=value] 
{-Gvalue} 
{-Rvalue} 
{-Cvalue} 
[-r <true|false> | --require-end-user-consent=<true|false>]

Overview

Use this command to register a new OAuth2 client that can access the public web service APIs. All information needed to use the client, including a client ID and a client secret, will be shown after successful completion of the command. To use this command at least one server in the collective must be running. The list-oauth2-clients command can be used to find the IDs of all existing clients. Registered clients can be deleted using the delete-oauth2-client command.

Options


Option	Optional or Required	Default Value	Description
`-b value --bootstrap-config=value`	Optional	none	The path to the bootstrap configuration file. See Bootstrap.xml file for more information about this file.
`-t value --tool-password=value`	Optional	none	The configuration tool password used to decrypt the database password in the bootstrap.xml file. If the tool password is omitted, the command will prompt the end user for it on the console. See Bootstrap.xml file for more information.
`-k value --keystore-file=value`	Optional	none	The location of the keystore containing the certificates used for securing internal communication.
`-n value --name=value`	Required	none	The name of the client to be created. Only used for display purposes, not guaranteed to be unique.
`-Svalue`	Required, but may be specified multiple times with different values.	none	A scope (case sensitive) that the client should be authorized to request. Refer to the API documentation for valid values.
`-p value --client-profile=value`	Optional	other	The client profile, can be one of 'web', 'native', or 'other'.
`-Gvalue`	Optional, and may be specified multiple times with different values.	client_credentials The value 'refresh_token' can only be specified together with 'authorization_code'.	The grant types that the client should be able to use. Can be one of 'authorization_code', 'client_credentials', or 'refresh_token'. The default value is 'client_credentials'. The value 'refresh_token' can only be specified together with 'authorization_code'.
`-Rvalue`	Optional, and may be specified multiple times with different values.	none	An authorized redirect URI. Must be specified when using the 'authorization_code' grant type, unless the client profile is 'native'. Must be an absolute URI. Must have a protocol. Cannot contain a query or fragment component.
`-Cvalue`	Optional, and may be specified multiple times with different values.	none	An authorized custom URI scheme. May only be specified when the client profile is 'native'.
`-r <true\|false> --require-end-user-consent=<true\|false>`	Optional	The default value depends on the client profile ('false' for the client profile 'other', 'true' for for all other client profiles).	Indicates whether the client should be required to request end-user consent (when using the 'authorization_code' grant). This argument is optional. If the 'security.oauth2.client.must-require-consent' configuration property is 'true', then the value of this argument must be 'true' unless the value of --client-profile is 'other'.

Examples

In all examples below, the client wants to be able to perform uploads to the Spotfire library.

Register a client with the profile 'other' (e.g. a headless application acting on its own behalf):

register-api-client --name="Other client" -Sapi.rest.library.upload --client-profile=other -Gclient_credentials

Register a client with the profile 'web' (e.g. a server-side web application), acting on behalf of an end-user:

register-api-client --name="Web client" -Sapi.rest.library.upload --client-profile=web -Gauthorization_code -Rhttps://example.com/foo/return

Register a client with the profile 'web' (e.g. a server-side web application), acting on behalf of an end-user, that may use long-lived refresh tokens (for continued access when the end-user isn't present):
```
register-api-client --name="Web client" -Sapi.rest.library.upload -Soffline --client-profile=web -Gauthorization_code -Grefresh_token -Rhttps://example.com/foo/return
```
Register a client with the profile 'native' (e.g. an iOS app), acting on behalf of an end-user, which should be allowed to make requests on behalf of the user without the user's explicit permission:
```
register-api-client --name="Native client" -Sapi.rest.library.upload --client-profile=native -Gauthorization_code --require-end-user-consent=false
```