POST /oauth/register

The /oauth/register endpoint is used to register a new client under a merchant. The use case for this endpoint is to allow merchants to dynamically register clients for server-to-server auth. Dynamic client registration is defined in RFC7591.

The bearer token in the request must contain scope spid:merchants/<merchant>|write and be issued to a client belonging to <merchant>.

Request

POST /oauth/register
Authorization: Bearer eyJ0eXAiOiJK...jUaR-nZOx5MGg
Content-Type: application/json

{
    "client_name": "Client example app",
    "client_uri": "https://client.example.com",
    "scope": "prefix:auth|write",
    "redirect_uris": [
        "https://client.example.com/redirect1",
        "https://client.example.com/redirect2"
    ]
}
  • client_name, required
  • client_uri, required
  • scope, optional, space separate string of scopes. All scopes must start with preregistered merchant prefix.
  • redirect_uri, optional, list of valid URLs.

Response

HTTP/1.1 200 OK
Content-Length: 622
Content-Type: application/json
Date: Mon, 29 Feb 2016 13:37:00 GMT

{
  "client_uri" : "https://client.example.com",
  "mutual_tls_sender_constrained_access_tokens" : false,
  "client_secret_expires_at" : 0,
  "scope" : "prefix:auth|write openid profile email phone address offline_access",
  "redirect_uris" : [
    "https://client.example.com/redirect1",
    "https://client.example.com/redirect2"
  ],
  "client_id_issued_at" : 1511189545,
  "client_secret" : "QziV0bJzW-lWGvrcVG8yRO3JZ5vQPMplv7K2WCsjyyk",
  "client_name" : "Client example app",
  "client_id" : "5a12ec29714026dbd1c8c7be"
}

Failure cases

  • 400 Bad Request invalid_client_metadata, given data is invalid, or scope does not start with preregistered merchant prefix
  • 400 Bad Request invalid_redirect_uri, given redirects are non URIs
  • 401 Unauthorized invalid_token, token is invalid or missing
  • 403 Forbidden insufficient_scope, token is missing required scope

See also

Help us improve

Did you spot an error? Or maybe you just have a suggestion for how we can improve? Leave a comment, or better yet, send us a pull request on GitHub to fix it (in-browser editing, only takes a moment).

History of this page

Comments/feedback

Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. SPiD reads and responds to every question. Additionally, your experience can help others using SPiD, and it can help us continuously improve our documentation.