Client
A Client is an OAuth 2.0 application that authenticates users and requests tokens. Clients define allowed origins, redirect URIs, and token configurations.
Schema
interface Client {
id: string; // "cid..." - Unique identifier
resource_id: string; // Owning application or account
issuer: string;
audience: string | null;
allowed_origins: string[];
redirect_uris: string[];
allowed_scope: string | null;
default_scope: string | null;
access_token_config: TokenConfig | null;
refresh_token_config: TokenConfig | null;
id_token_config: TokenConfig | null;
}
interface TokenConfig {
expires_in: number;
cookie_options?: {
http_only?: boolean;
secure?: boolean;
same_site?: "lax" | "strict" | "none";
};
}Properties
| Property | Type | Description |
|---|---|---|
id | string | KSUID with cid prefix |
resource_id | string | Application or account that owns client |
issuer | string | Issuer claim for tokens |
audience | string? | Audience claim for tokens |
allowed_origins | string[] | Valid CORS origins |
redirect_uris | string[] | OAuth redirect URLs |
allowed_scope | string? | Allowed scopes for token requests |
default_scope | string? | Default scope when none provided |
access_token_config | object? | Access token settings |
refresh_token_config | object? | Refresh token settings |
id_token_config | object? | ID token settings |
Example
{
"id": "cid_2kHfPZcN9xW4mE8RtY7vB",
"resource_id": "app_root",
"issuer": "https://auth.example.com",
"audience": "https://api.example.com",
"allowed_origins": ["https://app.example.com"],
"redirect_uris": ["https://app.example.com/callback"],
"access_token_config": {
"expires_in": 3600
},
"refresh_token_config": {
"expires_in": 1209600
}
}Related
- Clients - Client management
- Client Key - Signing keys
- OAuth - OAuth flows