Creating OAuth 2.0 Clients
You can manage OAuth 2.0 clients using the cli or the HTTP REST API:
- CLI:
hydra help clients
- REST: Read the API Docs
Authorize Code Flow with Refresh Token
The following command creates an OAuth 2.0 Client capable of executing the Authorize Code Flow, requesting ID and Refresh Tokens and performing the OAuth 2.0 Refresh Grant:
hydra clients create \
--endpoint http://ory-hydra:4445 \
--id client-id \
--secret client-secret \
--grant-types authorization_code,refresh_token \
--response-types code \
--scope openid,offline \
--callbacks http://my-app.com/callback,http://my-other-app.com/callback
The OAuth 2.0 Client will be allowed to use values http://my-app.com/callback
and http://my-other-app.com/callback
as redirect_url
.
It's expected that the OAuth 2.0 Client sends its credentials using HTTP Basic Authorization.
If you wish to send credentials in the POST Body, add the following flag to the command above:
--token-endpoint-auth-method client_secret_post \
The same can be achieved by setting
"token_endpoint_auth_method": "client_secret_post"
in the request body of
POST /clients
and PUT /clients/<id>
.
Client Credentials Flow
A client only capable of performing the Client Credentials Flow can be created as follows:
hydra clients create \
--endpoint http://ory-hydra:4445 \
--id my-client \
--secret secret \
-g client_credentials