The Application Client Authentication Credentials API provides a set of operations to manage credentials used for OAuth 2.0 client authentication as described in Client authentication methods.
okta.apps.readLists all JSON Web Keys for an OAuth 2.0 client app
OK
Unauthorized
Forbidden
Not Found
Too Many Requests
{- "jwks": {
- "keys": [
- {
- "id": "pks2f4zrZbs8nUa7p0g4",
- "kid": "DRUFXGF9XbLnS9k-Sla3x3POBiIxDreBCdZuFs5B",
- "kty": "RSA",
- "alg": "RS256",
- "use": "sig",
- "e": "AQAB",
- "n": "AJncrKuine49_CEVR4GPn.....zOrouIUCSMlRL0HU=",
- "status": "INACTIVE",
- "created": "2023-02-21T20:08:24.000Z",
- "lastUpdated": "2023-02-21T20:08:24.000Z",
- "_links": {
- "activate": {
- "hints": {
- "allow": [
- "POST"
]
}
}, - "delete": {
- "hints": {
- "allow": [
- "DELETE"
]
}
}
}
}, - {
- "id": "pks2f50kZB0cITmYU0g4",
- "kid": "ASHJHGasa782333-Sla3x3POBiIxDreBCdZuFs5B",
- "kty": "RSA",
- "alg": "RS256",
- "use": "sig",
- "e": "AQAB",
- "n": "AJncrzOrouIUCSMlRL0HU.....Kuine49_CEVR4GPn=",
- "status": "ACTIVE",
- "created": "2023-04-06T21:32:33.000Z",
- "lastUpdated": "2023-04-06T21:32:33.000Z",
- "_links": {
- "deactivate": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}
]
}
}okta.apps.manageAdds a new JSON Web Key to the client’s JSON Web Keys.
Note: This API doesn't allow you to add a key if the existing key doesn't have a
kid. This is also consistent with how the Dynamic Client Registration or Applications APIs behave, as they don't allow the creation of multiple keys withoutkids. Use the Replace an Application or the Replace a Client Application operation to update the JWKS or Delete an OAuth 2.0 Client JSON Web Key and re-add the key with akid.
Created
Bad Request
Unauthorized
Forbidden
Too Many Requests
{- "id": "pks2f50kZB0cITmYU0g4",
- "kid": "ASHJHGasa782333-Sla3x3POBiIxDreBCdZuFs5B",
- "kty": "RSA",
- "alg": "RS256",
- "use": "sig",
- "e": "AQAB",
- "n": "AJncrzOrouIUCSMlRL0HU.....Kuine49_CEVR4GPn=",
- "status": "ACTIVE"
}{- "id": "pks2f50kZB0cITmYU0g4",
- "kid": "ASHJHGasa782333-Sla3x3POBiIxDreBCdZuFs5B",
- "kty": "RSA",
- "alg": "RS256",
- "use": "sig",
- "e": "AQAB",
- "n": "AJncrzOrouIUCSMlRL0HU.....Kuine49_CEVR4GPn=",
- "status": "ACTIVE",
- "created": "2023-04-06T21:32:33.000Z",
- "lastUpdated": "2023-04-06T21:32:33.000Z",
- "_links": {
- "deactivate": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}okta.apps.readRetrieves an OAuth 2.0 Client JSON Web Key by keyId.
OK
Unauthorized
Forbidden
Not Found
Too Many Requests
{- "id": "pks2f50kZB0cITmYU0g4",
- "kid": "ASHJHGasa782333-Sla3x3POBiIxDreBCdZuFs5B",
- "kty": "RSA",
- "alg": "RS256",
- "use": "sig",
- "e": "AQAB",
- "n": "AJncrzOrouIUCSMlRL0HU.....Kuine49_CEVR4GPn=",
- "status": "ACTIVE",
- "created": "2023-04-06T21:32:33.000Z",
- "lastUpdated": "2023-04-06T21:32:33.000Z",
- "_links": {
- "deactivate": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}okta.apps.manageDeletes an OAuth 2.0 Client JSON Web Key by keyId. You can only delete an inactive key.
No Content
Bad Request
Unauthorized
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000001",
- "errorSummary": "Api validation failed: JsonWebKey",
- "errorLink": "E0000001",
- "errorId": "sampleQPivGUj_ND5v78vbYWW",
- "errorCauses": [
- {
- "errorSummary": "You can't delete an active JSON Web key. Deactivate the key before deleting it."
}
]
}okta.apps.manageActivates an OAuth 2.0 Client JSON Web Key by keyId
OK
Unauthorized
Forbidden
Not Found
Too Many Requests
{- "id": "pks2f50kZB0cITmYU0g4",
- "kid": "ASHJHGasa782333-Sla3x3POBiIxDreBCdZuFs5B",
- "kty": "RSA",
- "alg": "RS256",
- "use": "sig",
- "e": "AQAB",
- "n": "AJncrzOrouIUCSMlRL0HU.....Kuine49_CEVR4GPn=",
- "status": "ACTIVE",
- "created": "2023-04-06T21:32:33.000Z",
- "lastUpdated": "2023-04-06T21:32:33.000Z",
- "_links": {
- "deactivate": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}okta.apps.manageDeactivates an OAuth 2.0 Client JSON Web Key by keyId.
OK
Bad Request
Unauthorized
Forbidden
Not Found
Too Many Requests
{- "id": "pks2f50kZB0cITmYU0g4",
- "kid": "ASHJHGasa782333-Sla3x3POBiIxDreBCdZuFs5B",
- "kty": "RSA",
- "alg": "RS256",
- "use": "sig",
- "e": "AQAB",
- "n": "AJncrzOrouIUCSMlRL0HU.....Kuine49_CEVR4GPn=",
- "status": "INACTIVE",
- "created": "2023-04-06T21:32:33.000Z",
- "lastUpdated": "2023-04-06T21:32:33.000Z",
- "_links": {
- "activate": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}okta.apps.readLists all client secrets for an OAuth 2.0 client app
OK
Unauthorized
Forbidden
Not Found
Too Many Requests
[- {
- "id": "ocs2f4zrZbs8nUa7p0g4",
- "status": "INACTIVE",
- "client_secret": "DRUFXGF9XbLn......a3x3POBiIxDreBCdZuFs5B",
- "secret_hash": "yk4SVx4sUWVJVbHt6M-UPA",
- "created": "2023-02-21T20:08:24.000Z",
- "lastUpdated": "2023-02-21T20:08:24.000Z",
- "_links": {
- "activate": {
- "hints": {
- "allow": [
- "POST"
]
}
}, - "delete": {
- "hints": {
- "allow": [
- "DELETE"
]
}
}
}
}, - {
- "id": "ocs2f50kZB0cITmYU0g4",
- "status": "ACTIVE",
- "client_secret": "HAGDTYU9XbLnS......3xasFDDwecdZuFs5B",
- "secret_hash": "0WOOvBSzV9clc4Nr7Rbaug",
- "created": "2023-04-06T21:32:33.000Z",
- "lastUpdated": "2023-04-06T21:32:33.000Z",
- "_links": {
- "deactivate": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}
]okta.apps.manageCreates an OAuth 2.0 Client Secret object with a new active client secret. You can create up to two Secret objects. An error is returned if you attempt to create more than two Secret objects.
Note: This API lets you bring your own secret. If token_endpoint_auth_method of the app is
client_secret_jwt, then the minimum length ofclient_secretis 32 characters. If no secret is specified in the request, Okta adds a new system-generated secret.
Created
Bad Request
Unauthorized
Forbidden
Too Many Requests
{ }{- "id": "ocs2f50kZB0cITmYU0g4",
- "status": "ACTIVE",
- "client_secret": "DRUFXGF9XbLn......a3x3POBiIxDreBCdZuFs5B",
- "secret_hash": "FpCwXwSjTRQNtEI11I00-g",
- "created": "2023-04-06T21:32:33.000Z",
- "lastUpdated": "2023-04-06T21:32:33.000Z",
- "_links": {
- "deactivate": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}okta.apps.readRetrieves an OAuth 2.0 Client Secret by secretId
OK
Unauthorized
Forbidden
Not Found
Too Many Requests
{- "id": "ocs2f50kZB0cITmYU0g4",
- "status": "ACTIVE",
- "client_secret": "DRUFXGF9XbLn......a3x3POBiIxDreBCdZuFs5B",
- "secret_hash": "FpCwXwSjTRQNtEI11I00-g",
- "created": "2023-04-06T21:32:33.000Z",
- "lastUpdated": "2023-04-06T21:32:33.000Z",
- "_links": {
- "deactivate": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}okta.apps.manageDeletes an OAuth 2.0 Client Secret by secretId. You can only delete an inactive Secret.
No Content
Bad Request
Unauthorized
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000001",
- "errorSummary": "Api validation failed: OAuth2ClientSecretMediated",
- "errorLink": "E0000001",
- "errorId": "sampleQPivGUj_ND5v78vbYWW",
- "errorCauses": [
- {
- "errorSummary": "You can't delete an active client secret. Deactivate the secret before deleting it."
}
]
}okta.apps.manageActivates an OAuth 2.0 Client Secret by secretId
OK
Unauthorized
Forbidden
Not Found
Too Many Requests
{- "id": "ocs2f50kZB0cITmYU0g4",
- "status": "ACTIVE",
- "client_secret": "DRUFXGF9XbLn......a3x3POBiIxDreBCdZuFs5B",
- "secret_hash": "0WOOvBSzV9clc4Nr7Rbaug",
- "created": "2023-04-06T21:32:33.000Z",
- "lastUpdated": "2023-04-06T21:32:33.000Z",
- "_links": {
- "deactivate": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}okta.apps.manageDeactivates an OAuth 2.0 Client Secret by secretId. You can't deactivate a secret if it's the only secret of the client.
OK
Bad Request
Unauthorized
Forbidden
Not Found
Too Many Requests
{- "id": "ocs2f4zrZbs8nUa7p0g4",
- "status": "INACTIVE",
- "client_secret": "DRUFXGF9XbLn......a3x3POBiIxDreBCdZuFs5B",
- "secret_hash": "yk4SVx4sUWVJVbHt6M-UPA",
- "created": "2023-02-21T20:08:24.000Z",
- "lastUpdated": "2023-02-21T20:08:24.000Z",
- "_links": {
- "activate": {
- "hints": {
- "allow": [
- "POST"
]
}
}, - "delete": {
- "hints": {
- "allow": [
- "DELETE"
]
}
}
}
}