Patch O Auth2 Client By Id
This endpoint is responsible for updating an existing client using the client ID. Note that in order to delete an existing field when patching, it needs to be set to an empty value (i.e., "" for a string and [] for an array). Also note that when you patch an array field, the entire new value will replace the existing field value so you can't update individual values in an array field. The fields that need to be updated/modified may only be passed in the request. The values of the other fields for the OAuthClient will remain same as the existing one
OAuth 2.0 client identifier
my-auth-grant-client1The VMware Identity Services tenant ID
my-tenant{
"id": "d24afa39-05a1-433f-8aa9-ad41c9a3d394",
"secret": "my-auth-grant-client1-secret",
"scope": [
"admin",
"user",
"openid",
"profile",
"email"
],
"_links": {
"self": {
"href": "https://example.com/path-to-self"
}
},
"client_id": "my-auth-grant-client1",
"access_token_ttl": 10080,
"refresh_token_ttl": 525600,
"refresh_token_idle_ttl": 525600,
"primary_secret_auto_retires_at": 0,
"rotate_secret": true,
"display_name": "\"my application client credentials oauth2 client\"",
"last_secret_rotated_at": 1716224522,
"secret_ttl": 5184000,
"created_date": 1716224522,
"metadata": [
{
"key": "string",
"value": "string"
}
],
"grant_types": [
"authorization_code",
"client_credentials"
],
"redirect_uris": [
"https://*.hostname1.com/auth/*",
"https://*.hostname2.com/auth/*"
],
"post_logout_redirect_uris": [
"https://*.hostname1.com/openid/logout/*",
"https://*.hostname2.com/logout/*"
],
"pkce_enforced": true,
"public_client": true,
"vcf_app": true
}Id of the client, it's auto-generated on client creation and cannot be updated.
OAuth 2.0 Client secret (a string provided by an admin or a VMware Identity Manager auto-generated string). If secret string not provided, an auto-generated secret will be returned. For additional security, stored secret will not be returned in get/update API responses Public clients will not have any secret auto generated for them while confidential clients will always have clientSecret.
Array of access request scopes that are allowed by this OAuth 2.0 Client. Available scope options are: admin - Admin Level Access, user - User Level Access, profile - Access to User's profile (FirstName//LastName//Display Name//Image), email - Access to User's Email. This field is required for creating an OAuth 2.0 client.
The resource HATEOAS links. Usually includes a "self" link for this resource
OAuth 2.0 Client identifier that the client uses to identify itself during the OAuth 2.0 exchanges. The client ID must contain only alphanumeric (A-Z, a-z, 0-9), period (.), underscore (_), hyphen (-) and at sign (@) characters. This field is required for creating an OAuth 2.0 client.
How long in minutes new access tokens issued to this client should live
How long in minutes new refresh tokens issued to this client should live. Only applicable and mandatory if grant_types includes "refresh_token" . For patching, the value 0 should be used to nullify the field.
How long in minutes new refresh tokens issued to this client can be idle. Only applicable and mandatory if grant_types includes "refresh_token". Its value should be less than the refresh token TTL value For patching, the value 0 should be used to nullify the field.
Indicates expiry time of the primary secret if secret rotation was initiated for this client. Expiry duration can be specified by using primary_secret_auto_retire_duration when initiating secret rotation using the secret rotation API. Value is specified in UTC timezone. This field is readonly.
Indicates whether a client secret rotation is in progress. Rotation will be completed automatically at the time indicated by primary_secret_auto_retires_at or can be invoked before this period explicitly using the rotateSecret API 'retire-primary-secret' action.
a friendly name this native app/device is remembered as. Set by the admin. It must contain only alphanumeric (A-Z, a-z, 0-9), period (.), underscore (_), hyphen (-), space and at sign (@) characters
Indicates the last time the secret was rotated
Indicates after what time in seconds the secret must be rotated
Indicates the created time of the client
Metadata of the client which is a collection of key/value pairs
Array of OAuth 2.0 Access Grant Types that are enabled in this OAuth 2.0 Client. Available Grant types are: authorization_code, client_credentials password. This field is required for creating an OAuth 2.0 client.
Array of absolute URIs of application endpoints that are allowed to receive the authorization code and access token. The redirect_uri sent by the application as part of the Authorization Code Grant Oauth 2.0 flow is verified against this list. A Wildcard can be substituted for any string to skip the check for a particular URL section. The field is required if grant_types contain an "authorization_code" grant type.
Array of absolute URLs supplied by the RP to which it MAY request that the End-User's User Agent be redirected using the post_logout_redirect_uri parameter after a logout has been performed. These URLs SHOULD use the https scheme and MAY contain port, path, and query parameter components; however, they MAY use the http scheme, provided that the Client Type is confidential. A Wildcard can be substituted for any string to skip the check for a particular URL section.
indicates whether PKCE is enforced for the OAuth2 client. Default is 'false'
indicates whether the client is a public client or not. Default is 'false'
indicates whether the application is used for internal VCF flows. Default is 'false'
OAuth 2.0 client successfully updated.
"BrokerOAuth2ClientMedia Object"Id of the client, it's auto-generated on client creation and cannot be updated.
OAuth 2.0 Client secret (a string provided by an admin or a VMware Identity Manager auto-generated string). If secret string not provided, an auto-generated secret will be returned. For additional security, stored secret will not be returned in get/update API responses Public clients will not have any secret auto generated for them while confidential clients will always have clientSecret.
Array of access request scopes that are allowed by this OAuth 2.0 Client. Available scope options are: admin - Admin Level Access, user - User Level Access, profile - Access to User's profile (FirstName//LastName//Display Name//Image), email - Access to User's Email. This field is required for creating an OAuth 2.0 client.
The resource HATEOAS links. Usually includes a "self" link for this resource
OAuth 2.0 Client identifier that the client uses to identify itself during the OAuth 2.0 exchanges. The client ID must contain only alphanumeric (A-Z, a-z, 0-9), period (.), underscore (_), hyphen (-) and at sign (@) characters. This field is required for creating an OAuth 2.0 client.
How long in minutes new access tokens issued to this client should live
How long in minutes new refresh tokens issued to this client should live. Only applicable and mandatory if grant_types includes "refresh_token" . For patching, the value 0 should be used to nullify the field.
How long in minutes new refresh tokens issued to this client can be idle. Only applicable and mandatory if grant_types includes "refresh_token". Its value should be less than the refresh token TTL value For patching, the value 0 should be used to nullify the field.
Indicates expiry time of the primary secret if secret rotation was initiated for this client. Expiry duration can be specified by using primary_secret_auto_retire_duration when initiating secret rotation using the secret rotation API. Value is specified in UTC timezone. This field is readonly.
Indicates whether a client secret rotation is in progress. Rotation will be completed automatically at the time indicated by primary_secret_auto_retires_at or can be invoked before this period explicitly using the rotateSecret API 'retire-primary-secret' action.
a friendly name this native app/device is remembered as. Set by the admin. It must contain only alphanumeric (A-Z, a-z, 0-9), period (.), underscore (_), hyphen (-), space and at sign (@) characters
Indicates the last time the secret was rotated
Indicates after what time in seconds the secret must be rotated
Indicates the created time of the client
Metadata of the client which is a collection of key/value pairs
Array of OAuth 2.0 Access Grant Types that are enabled in this OAuth 2.0 Client. Available Grant types are: authorization_code, client_credentials password. This field is required for creating an OAuth 2.0 client.
Array of absolute URIs of application endpoints that are allowed to receive the authorization code and access token. The redirect_uri sent by the application as part of the Authorization Code Grant Oauth 2.0 flow is verified against this list. A Wildcard can be substituted for any string to skip the check for a particular URL section. The field is required if grant_types contain an "authorization_code" grant type.
Array of absolute URLs supplied by the RP to which it MAY request that the End-User's User Agent be redirected using the post_logout_redirect_uri parameter after a logout has been performed. These URLs SHOULD use the https scheme and MAY contain port, path, and query parameter components; however, they MAY use the http scheme, provided that the Client Type is confidential. A Wildcard can be substituted for any string to skip the check for a particular URL section.
indicates whether PKCE is enforced for the OAuth2 client. Default is 'false'
indicates whether the client is a public client or not. Default is 'false'
indicates whether the application is used for internal VCF flows. Default is 'false'
The request contains invalid information.
OAuth2 Client was not found.
curl -X PATCH -H 'Authorization: <value>' -H 'Content-Type: application/vnd.vmware.horizon.manager.accesscontrol.broker.oauth2client.with.rule.sets+json' -d '{}'