register-api-client
Registers a new API client.
register-api-client
[-b value | --bootstrap-config=value]
[-t value | --tool-password=value]
<-n value | --name=value>
{-Svalue}
[-p value | --client-profile=value]
[-a value | --token-endpoint-auth-method=value]
{-Gvalue}
{-Rvalue}
{-Cvalue}
{-Avalue}
[-r <true|false> | --require-end-user-consent=<true|false>]
Overview
Use this command to register a new OAuth2 client that can access the public web service APIs. All information needed to use the client, including a client ID and a client secret, will be shown after successful completion of the command. To use this command at least one server in the collective must be running. The list-oauth2-clients command can be used to find the IDs of all existing clients. Registered clients can be deleted using the delete-oauth2-client command.
Options
Option | Optional or Required | Default Value | Description |
---|---|---|---|
|
Optional | none | The path to the bootstrap configuration file. See Bootstrap.xml file for more information about this file. |
|
Optional | none | The configuration tool password used to decrypt the database password in the bootstrap.xml file. If the tool password is omitted, the command will prompt the end user for it on the console. See Bootstrap.xml file for more information. |
|
Required | none | The name of the client to be created. Only used for display purposes, not guaranteed to be unique. |
|
Required | none | A scope (case sensitive) that the client
should be authorized to request. Refer to the API documentation for valid
values.
Can be specified multiple times with different values. |
|
Optional | other | The client profile, can be one of
web ,
user_agent ,
native , or
other .
|
|
Optional | none when a client profile is native.
Otherwise,
client_secret_basic
|
The token endpoint authentication method to
use. Can be one of the following:
Note: The Spotfire Server supports
client_secret_jwt when acting as an OIDC
client, but not when acting as an authorization server.
|
|
Optional | client_credentials
The value
|
The grant types that the client should be
able to use. Can be one of the following:
The default value is
Can be specified multiple times with different values. |
|
Optional | none | An authorized redirect URI. Must be
specified when using the
authorization_code grant type, unless the
client profile is
native . Must be an absolute URI. Must have a
protocol. Cannot contain a query or fragment component. The protocol must be
https , unless the
security.oauth2.server.client.redirect-uri-must-use-https configuration
property is
false .
Can be specified multiple times with different values. |
|
Optional | none | An authorized custom URI scheme. Can be
specified only when the client profile is
native .
Can be specified multiple times with different values. |
|
Optional | none | An allowed HTTP (JavaScript) origin. Must
be specified when the client profile is
user_agent , and only then.
Can be specified multiple times with different values. |
|
Optional | The default value depends on the client
profile (false for the client profile
other ,
true for all other client profiles).
|
Indicates whether the client should be
required to request end-user consent (when using the
authorization_code grant). This argument is
optional.
If the
|
- Register a client with the
profile
other
(a headless application acting on its own behalf):register-api-client --name="Other client" -Sapi.rest.library.upload --client-profile=other -Gclient_credentials
- Register a client with the
profile
web
(a server-side web application), acting on behalf of an end-user:register-api-client --name="Web client" -Sapi.rest.library.upload --client-profile=web -Gauthorization_code -Rhttps://example.com/foo/return
- Register a client with the
profile
web
(a server-side web application), acting on behalf of an end-user, that may use long-lived refresh tokens (for continued access when the end-user is not present):register-api-client --name="Web client" -Sapi.rest.library.upload -Soffline --client-profile=web -Gauthorization_code -Grefresh_token -Rhttps://example.com/foo/return
- Register a client with the
profile
native
(for example, an iOS app), acting on behalf of an end-user, which should be allowed to make requests on behalf of the user without the user's explicit permission:register-api-client --name="Native client" -Sapi.rest.library.upload --client-profile=native -Gauthorization_code --require-end-user-consent=false
- Register a client with the
profile
user_agent
(a client-side web application), for use with the Spotfire JavaScript API:register-api-client --name="JavaScript API client" -Sapi.js-api -Soffline --client-profile=user_agent -Gauthorization_code -Grefresh_token -Ahttps://example.com -Rhttps://example.com/foo/return